Information security concerns surrounding global sourcing will gradually take center stage along with public concern over job losses, according to Gartner. As offshore outsourcing evolves from low value/low exposure projects to increasingly complex global projects involving core competencies, the cost and exposure of inadequate attention to security will increase significantly.

Gartner urged enterprises and service providers to start an informed dialogue to address security early and to perform due diligence throughout the outsourcing life cycle. Although security issues will lengthen the sales cycles of global delivery, it will not stop enterprises from adopting global sourcing models. Gartner presented its view on the real issues related to security, privacy and IP/confidentiality when going offshore at its IT Security Summit in London.

Gartner said there is also tremendous hype and a lack of understanding of the issues surrounding security. The most significant security issues revolve around the protection of data in one manner or another. There are, however, other issues that are not well understood, vague and based on emotion rather than fact.

Understanding the relationship between business, security, IP and privacy is essential for enterprises in effectively managing business risks associated with corporate and individual privacy. Security deals with data, people and technology, privacy deals with data confidentiality and customers records, while IP concerns patents, copyrights and trade secrets.

To help enterprises evaluate the high-level risks posed by security regulations in global delivery, Gartner created a country status risk model that includes looking at security risks, privacy protection, government interception risks, IP risks, employee/labor laws and contractual/legal risks. Gartner also gave enterprises three key recommendations when addressing security issues in a global sourcing model:


  1. Tackle security issues very directly and early in the sourcing strategy development phase. Then review throughout the life of the outsourcing deal through evaluation and selection, contract development and sourcing management, the three remaining phases of Gartner's sourcing life cycle.
  2. Develop a detailed dialogue with your service provider and ensure you understand their approach and track record in delivering robust security. Do not cede overall control and responsibility for management of security onto the provider. This control should remain in-house, including responsibility of some of the auditing mechanisms.
  3.  Work with the service provider to create and deliver an information protection framework to identify and spell out each of the concerns, determine their validity and make educated decisions about the risk they may or may not pose, and how much should be spent on mitigating that particular risk.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access