Security will slowly rival job loss as the biggest concern over outsourcing, said a research firm yesterday, but even doubts about inadequate security on the part of overseas companies won't stop enterprises from going global.
"The security exposure that both clients and service providers have to deal with, as global sourcing becomes more strategic and complex, increases by orders of magnitude," said Partha Iyengar, a vice president with Gartner's India group.
Although low-value projects may have been the initial target for outsourcing, today's often involve keys to the kingdom - core technologies, for instance, or state-of-the-art R&D - that must be protected at all costs.
The problem is that standard out-of-the-box security solutions can't cut it when regulations and legislation, and thus the risks companies are exposed to, vary so greatly between not only industries, but also locales. Security that may be appropriate to keep customer records private isn't the same necessary to protect application development. Nor are all outsource destinations equal.
There's a connection between legislative and regulatory security requirements and cost, said Iyengar.
Outsourcers working in developed countries such as Ireland and New Zealand, he said, face a more mature legal framework and thus must meet more stringent security requirements, while firms operating in, say Russia or India, reap the cost benefits of a more laissez-faire atmosphere.
"Enterprises need to understand all the nuances around these regulations to put an effective strategy in place," said Iyengar.
To help enterprises evaluate the risks of security regulations when going global for their workforces, Gartner's come up with a model that tabulates a country's risk status.
The model takes into account such elements as the country's track record in adhering to its security provisions, the indigenous "culture" of privacy (if one even exists), the risk of government interception of data and limits on encryption, and protection of intellectual property.
"There's a significant 'cost of security'," said Iyengar. "It's not cost-effective to provide the same level of security to every aspect of a company's offshore exposure."
That means enterprises must put security issues at the top of the talking points list when they begin negotiating with offshore outsourcers, he continued. "It's imperative that security issues are addressed right from the start," he said.
"And this requires information security staff to be at the table in both operations and strategic planning functions."
Getting the facts will also cut down on the hype that can distort outsourcing issues, said Iyengar. While an enterprise's customers may worry about call centres staffed by workers with unfamiliar accents, "that may not present a real risk," he said.
"The most significant security issues revolve around the protection of data in one manner or another."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
