Face up to offshoring security risks, urges expert

Businesses are putting themselves at risk by failing to consider the impact of offshore outsourcing on the security of their IT systems and critical information, according to a former US government security adviser.

Businesses are putting themselves at risk by failing to consider the impact of offshore outsourcing on the security of their IT systems and critical information, according to a former US government security adviser.

Ira Winkler, author of several books on corporate security and espionage, told Computer Weekly that too many organisations were exposing themselves to risk because they thought about security only after having decided to outsource.

"I have had security managers telling me they are offshoring half their staff overseas and asking whether there is anything they should be worrying about. They don't even know what they should be thinking about," he said.

Winkler advised businesses to view their offshore operations as "hostile environments" and to examine the risks before signing a contract with an offshore supplier.

"If you do not treat development facilities as if they are a completely hostile environment, people can and will tunnel in," he said. "I have had a case where a company was attacked from its own subsidiary in India."

David Lacey, security consultant and former head of IT security at Royal Mail, said many organisations made the mistake of leaving it to their lawyers to write security clauses into their contracts with offshore suppliers. "Chief information security officers should be involved right from the start," he said.

Foreign governments are also a potential risk, said Winkler, who estimates that 100 countries are engaged in espionage against the US.

"The way to combat the internal threat is to make sure people have more to lose if they are caught than if they stay clean. Giving people careers and a good salary is a way to make people stay loyal," said Lacey.

David Lacey's security blog:

The latest ideas, best practices, and business issues associated with managing security

Read more on IT for government and public sector

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close