Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO.
-
Upload
giles-armstrong -
Category
Documents
-
view
235 -
download
3
Transcript of Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO.
Secure outsourcing: Possibility or oxymoron ??
Vishal GuptaCEO
The problem
The problem
The problem
The problem
The problem
In 2012, the total size of the outsourcing market is expected to be about USD 184B
~USD 4.2B will be spent on proactive and reactive actions on information breaches
An average breach costs an enterprise USD 6.75 M in direct costs
The risks - human
Each person in the chain of outsourcing process handoffs represents a “risk”
*High man power churn typical to the industry
=Mother of all HR problems !!
This element of risk is indispensable, intelligent, adaptive and prone to greed !
The risks – legal and compliance
Legal cover for malfunction for any of the risks is critical
Outsourcing process is typically under compliance norms of various country specific norms,
compliance frameworks and cross border data flow agreements
Liability is largely spread across multiple entities and reputation risks are not covered
Insurance is at-best, high cost !
The risks - technology
Information through the lifecycle of creation – storage – transmission – use – archival & deletion
represents one of the biggest risks
Multitude of information systems with hand offs have shown themselves to be prone to breaches
Controls are typically built into individual applications
The underlying issues
Share it = It becomes his (also)Usage and access control separation is not possible
Share it once = Share it foreverNo possibility of information “recall” if relationships change
Out of the firewall = Free for allOnly legal contracts protect information outside the
“perimeter”
Illustration
BankBPO
BPO Employees doing data entry
Bank Employee
Kay Bank outsource it’s data entry work to a remotely located business partner IntServices Pvt Ltd
Illustration
BankBPO
BPO Employees doing data entry
Bank Employee
Certain documents are scanned and image files are sent by a bank employee to the business partner via a secured FTP connection.
Illustration
BankBPO
BPO Employees doing data entry
Bank Employee
Different employees process the scanned image files to enter data into excel or database files. These files are sent back to bank via secured FTP.
Illustration
BankBPO
BPO Employees doing data entry
Bank Employee
Confidential data may be leaked by one of the employees to a telemarketer.
Telemarketer
15
• WHO can use the information
People & groups within and outside of the organization can be defined as rightful users of the information
• WHAT can each person doIndividual actions like reading, editing, printing,
distributing, copy-pasting, screen grabbing etc. can be controlled
• WHEN can he use itInformation usage can be time based e.g. can
only be used by Mr. A till 28th Sept OR only for the 2 days
• WHERE can he use it fromInformation can be linked to locations e.g. only
3rd floor office by private/public IP addresses
IRM technologies allow enterprises to define, implement & audit information usage “policies”. A “policy” defines :
Rights Management Defined
Illustration - After
BankBPO
BPO Employees doing data entry
Bank Employee
Kay Bank outsource it’s data entry work to a remotely located business partner IntServices
Illustration - After
BankBPO
BPO Employees doing data entry
Bank Employee
Certain documents are scanned and image files are protected & sent by a bank employee to the business partner via a secured FTP connection.
Illustration - After
BankBPO
BPO Employees doing data entry
Bank Employee
After legitimate use, Kay bank can ensure that information shared with or generate by Intservices is destructed
19
What enterprises say ...
Senior Vice President and CISO, HDFC Bank.
"In today’s world, where the boundaries of the organisation’s functionality are disappearing, we are dependent on different business providers to process our customer information. Given that requirement, we still want to control how that information is used and processed by the service providers. Seclore’s technology has allowed us to do that." - Vishal Salvi, CISO
Seclore user profile…….Diversified business groups
….Engineering and manufacturing organizations
…Government and service providers
21
More Info?
www.seclore.com+91-22-6130-4200