Firms fail to see security risks in IT offshoring

Different cultures and regulations create problems, says Gartner

Offshore outsourcing presents security problems

Companies are underestimating the security challenges posed by offshore outsourcing, according to analyst Gartner.

Different legal frameworks, financial environments, cultural variations and lack of understanding of local regulatory requirements are all contributing to security risks, says a report to be published by the analyst.

‘Attitudes towards security and privacy are different overseas,’ said Gartner analyst Partha Iyengar. ‘If a UK firm is outsourcing its payroll data to a centre in India, for example, a worker might not think it is a big deal to discuss financial data with a colleague, whereas this would not happen in the UK.’

‘You have to have some appreciation that damage can be caused even if it is not meant in a malicious way. You have to protect the data more and assess it on a need to know basis,’ he said.

Gartner says firms that have offshored are often faced with the dilemma of having different policies in place for their in-house employees in the local market and more stringent policies for their offshore employees, creating a culture of distrust.

Employees should be told that security measures are the result of regulatory compliance and the same procedures should be introduced in all locations to prevent this distrust, the report says.