MUMBAI, INDIA: Recent media reports about BBC's sting operation exposing data theft in India has once again raised major concerns over data security in IT and particularly the BPO (business process outsourcing) sector.

Under the operation, BBC reporters posed as fraudsters from London, bought details of UK customers including names, addresses and valid credit card information from New Delhi-based Saurabh Sachar, the report said.

It is not an isolated case of data theft, however. There had been such cases in the past too. Whatever may be the number of such cases, protection of information remains a key demur for today's hi-tech call centers, large enterprises and organizations.

"In most cases, including the recent one, they (BPOs or call centers) mostly end-up protecting the infrastructure like networks, computers and wireless systems, while the important part - the 'data' remains unprotected or there's less focus on data security," says Vishal Gupta, CEO of Seclore Technology.

"Here the need is to have an end-to-end encryption for data protection that means from the source of data to the outsourcing vendor, where the data is processed," Gupta adds.

"If the UK bank had usage rights it could still control the data even after it is processed."

He relates the case as cross-border data flow involving two different nations - UK as information source and India as information processor.

Gupta's Seclore Technology, an IIT Mumbai incubated company, is an enterprise information rights management (IRM) company that offers risk mitigation from information leakages and data security management solutions.

The company's Seclore InfoSource is a core solution for outsourced service providers. It provides information right management for data protection, while it is exchanged for processing, eliminates leakage and abuse.

The other solution, Seclore FileSecure, provides document rights management for document sharing in organization and its business partners.

Gupta says that solutions are based on four critical aspect of information – governance, privacy, integrity and confidentiality.

InfoSource's features include data protection independent of formats, usage rights with restriction to specific infrastructure – computers, servers, users and applications.

It enables data usage control at vendor premises, facilitates regulatory compliance with full data usage audit by outsourcing vendors and removes human intervention need for outsourced data processing.

FileSecure's features, on the other hand, include data protection independent of formats, document protection within and outside enterprise and specific usage permission for files.

It also prevents screen captures, provides granular rights for file control, dynamic rights management with regulatory compliance via full audit trail of all authorized usage and unauthorized attempts on secured files.

According to Gupta, there is low awareness towards cutting-edge technology and data security solutions.

"There's been no mass deployment of such advanced technology in past few years, which is a reason for low awareness. However, of late customers and service providers have started to acknowledge reputation risk involved with such technology," feels Gupta.

Moreover, he adds that compliance and regulations exist across organizations and processing houses. However, they are not followed strictly, causing lapses in security that results into data thefts or leakages.

Companies including banks such as ICICI, HDFC, Kotak Mahindra, HDFC Standard Life Insurance, Kotak Mahindra Securities, Larsen & Toubro Limited are among the earlier adopters of Seclore's enterprise right management solutions in India.