Most organizations still need to enhance security reviews of all services procurements, according to META Group, Inc. Furthermore, the company's recent research reveals that reviews of outsourcer policies (e.g., personnel, physical security, perimeter, remote access) and process (e.g., security monitoring and response, malicious code protection, configuration management) as well as provisions for periodic compliance audits should be negotiated early for any procurement.

"Organizations should institute rigorous security reviews on all IT services procurements, regardless of provider," said META Group IT security analyst Chris King. "Some offshore engagements have a few more areas of scrutiny (local laws and legal recourse) than similar onshore engagements, but otherwise there's little difference. In fact, some of the offshore outsourcers are actually doing more on the security front than their domestic counterparts."

Companies interested in offshore IT outsourcing, especially application development/maintenance and business process outsourcing, should not limit security reviews to their home country's domestic standards. Offshore outsourcers may pose some unique (and unknown) security concerns (e.g., differences in regulations, legal protections, recourse between the customer's and outsourcer's home countries), but these can often be offset by policy statements and enumeration of appropriate penalties.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access