Monthly newsletter Weekly news roundup Breaking news notification      

Security an ‘afterthought’ as UK organisations move operations offshore

Get free weekly news by e-mail@stake, Inc., a digital security consulting firm, is warning that security considerations are being overlooked in the rush to move UK business operations to ‘offshore’ locations such as India, Malaysia and China. Decisions are made after considering the financial benefits and legal issues but security risks are often not identified in time for them to be properly quantified and addressed. @stake cited one recent example where the security staff of an enterprise were only told of an offshore relocation after it began operations, overlooking the need to evaluate their offshore risk profile and new security requirements.

Samir Kapuria, @stake’s director of strategic solutions, commented, “Offshoring is like the dot com boom: companies are so enamoured by the opportunities that they remain blind to the digital risks involved, transforming security from a core discipline to an afterthought. Moving operations or outsourcing corporate functions to another country can create significant cost-savings but although companies reap economic benefits, they inherit a host of new digital risks. These risks need to be properly identified, quantified and accepted if security is going to be maintained.”

Companies planning overseas activities need to assess the digital risks and corporate dependencies associated with offshore initiatives. @stake has identified basic security steps to consider when making an offshore plan, these include:

• Generating and communicating effective security policies for offshore third parties, defining corporate security requirements for offshore application development;
• Conducting vulnerability assessments and penetration tests of both the network infrastructure and applications; and
• On-site audits to ensure that all environments comply with corporate security standards.

@stake recommends that digital risks should be evaluated at the start of any offshoring decision so as to ensure an effective, holistic, security solution.

Kapuria continued, “Effective security should not be bolted on after the fact - it needs to be built in as an integral part of the offshoring process. Executives need to ask themselves, ‘What new business continuity risks are introduced by the decision to offshore operations?’ The earlier these risks are identified, the easier it is to address them.”

www.atstake.com

Date: 11th February 2004 •Region: UK •Type: Article •Topic: BC general
Rate this article or make a comment - click here


Copyright 2004 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help