Offshoring security? India still hot

MUMBAI: When companies offshore business processes, they are putting their consumers' most sensitive personal information at risk - and there's little consumers can do about it.

Unfazed by the recent BPO frauds, the Indian Information security system is still considered the 'best' when compared with the US and UK, according to a NASSCOM report.

Offshoring of services has increased rapidly in the recent years, leading to the export of critical data to offshore destinations. This has brought the issue of data security to the fore, with companies and individuals in the West raising concerns around the security of proprietary information and the confidentiality of personal data being offshored.

The process of offshoring has created a few controversies in recent years, due to job losses in the US and the UK. The recent months have seen a spate of protests from US and UK labor unions against the offshore movement of jobs. US senators and union activists have also been agitating for protectionist measures against offshore outsourcing.

Increased opposition to offshoring from developed countries has brought the issue of data security to the fore. Anti-offshoring lobbyists are raising concerns around data protection, confidentiality of private information, and protection of intellectual property.

People are worried about identity theft, whereby a person wrongfully obtains and uses another person's personal data (social security number, bank account or credit card number, telephone calling card number, etc.) in a way that constitutes fraud or cheating, typically for monetary gain.

Many companies cite security concerns as a hindrance to outsourcing. A study conducted by the Wharton Business School established that security concerns and vendor viability were the key reasons hindering 95 percent of the companies in the US, with revenues of US$100 million- US$4000 million, from outsourcing to offshore.

The study done by NASSCOM reflects that companies have rarely faced any problems around data security, data protection or confidentiality while offshoring to India.

A few companies even claimed that India is the most stable of the various offshore locations. Companies believe that India has a stable government and a stable economy, with a large labor pool of educated individuals, and can provide adequate protection.

The potential threat of an employee stealing sensitive information and selling it to a competitor is the same anywhere in the world. In the US, too there are many reports of unauthorized persons having swindled funds out of a person's financial account.

However, due to lack of laws to deal with such incidents is a concern among companies offshoring work from the US and the UK.

The study identified various security-related expectation that companies in the US and the UK have while offshoring work to remote destinations such as India. Their expectations can be categorized in terms of regulations and practices.

The study also revealed that companies are worried about the absence of specific data protection laws in countries such as India.

Companies fear that due to the absence of such laws, personal and confidential information is readily accessible since there are no strict guidelines. This might give commercial advantages to companies and individuals at offshore destinations. Companies feel that India should have internationally recognized laws, which are in line with those in the US and the UK.

At present, in the absence of specific data protection laws at offshore destinations, companies take various measures to ensure security such as signing contractual agreements with relevant suppliers, appointing internal auditors and hiring external consultants, conducting compliance programs for vendors, arranging security training for vendors, etc.

Projects undertaken by Indian government

The Indian government is working on some specific R&D projects to address current and future security needs and that includes futuristic technologies in Secure Computer and Communication Infrastructure at the Tata Institute of Fundamental Research, information Security Management Training and Certification Kernel, ISM: TRACK, at STQC, New Delhi, which aims to increase security awareness and provide third-party certification services, development of core network security technologies for E-Commerce at C-DAC, Pune.

Further, the group is also working on network security technologies such as C-DAC's Virtual Private Network (C-VPN), a crypto package (C-Crypto), and prototypes of eCommerce applications to showcase the other two technologies, development of Validated Security Processes & Methodologies for Web-based enterprises at Jadavpur University, Kolkata, Protocols and Standards for E-Cheque Clearing and Settlement at IDRBT at Hyderabad -- are working on the security challenges of online payment systems and design and development of a Transparent Solution for Securing Networks and Systems at CDAC, Hyderabad.