| META Group warns not to limit security efforts to offshore outsourcing Most organisations still need to enhance security reviews of all services procurements, according to META Group, Inc. Furthermore, the company's recent research reveals that reviews of outsourcer policies (e.g., personnel, physical security, perimeter, remote access) and process (e.g., security monitoring and response, malicious code protection, configuration management), as well as provisions for periodic compliance audits, should be negotiated early for any procurement. "Organisations should institute rigorous security reviews on all IT services procurements, regardless of provider," said META Group IT security analyst Chris King. "Some offshore engagements have a few more areas of scrutiny (local laws and legal recourse) than similar onshore engagements, but otherwise there's little difference. In fact, some of the offshore outsourcers are actually doing more on the security front than their domestic counterparts." Companies interested in offshore IT outsourcing, especially application development/maintenance and business process outsourcing, should not limit security reviews to their home country's domestic standards. Offshore outsourcers may pose some unique (and unknown) security concerns (e.g., differences in regulations, legal protections, recourse between the customer's and outsourcer's home countries), but these can often be offset by policy statements and enumeration of appropriate penalties.
•Date:
11th September 2003 • Region: Worldwide•Type:
Article •Topic: BC
general
|
