Companies fail to acknowledge security issues when they outsource to countries like India or China. Delegates at the Gartner IT Security Summit heard that cultural differences are often ignored, leading to security breaches later.
For example, standards of privacy are often looser in India because it's a close-knit society where, say, reading someone else's e-mail would not be considered much of an intrusion, said Gartner India research vice president Partha Iyengar. "India is seen as an answer when outsourcing applications but is actually a problem in the security space," he added.
Companies that outsource operations overseas are advised to train local staff to adhere to the company's global privacy standards and to check into the risk of government interception of sensitive confidential information.
"Fifty percent of companies understand that there are security issues with offshoring, but the real issues are cultural, and in compliance and regulation," said Lawrence Lerner, senior technical architect of the Advanced Solutions Group at Cognizant Technology Solutions.
Lerner said his company advises its clients to document its processes when outsourcing and get all parties involved to sign off on procedures to ensure transparency. He also suggests background checks on local staff.
Due to high demand by western companies looking to reduce costs, some outsourcing service providers in India and China are growing rapidly, hiring thousands of new employees in a month.
"When you are hiring 5,000 people at a time, you need to make sure that they all adhere to the same standards," Lerner said.
The differences between doing business at home and doing it abroad cannot be minimised, said Nigel Balchin, chief architect at Dun & Bradstreet.
"We are all a little naive going in," Balchin said. One way of ensuring that security and regulatory compliance concerns are met is to put the onus on the outsourcing provider and writing it in the contract, he said. "It pays dividends to have the provider responsible for these issues. For us it's a distraction from our core business."
Cognizant's Lerner advises clients to take a more hands-on approach, however.
"You must physically go and check any outsource centre you have. Do it regularly, and consider these centres as part of your own company," Lerner said.