You can?t miss the security drill while entering the premises of any BPO major. And this airline-or-rather-military-like check does not end at the entrance. Leading BPOs deploy state-of-the-art systems to monitor phone conversations, mails and virtually every move of their employees.
Security seems to be as basic as hygiene in an industry that brings international clients? sensitive and confidential information, including health data, financial data, corporate information and trade secrets, to India. ?BPOs are entrusted with a lot of confidential data and it is the responsibility of the BPO company to ensure its safety, security and thus win the trust of the client,? says Pradeep Narayanan, president, (new services) 24/7 Customer. ?Three important factors that enhance the risk of data security are breach in technology, breach from employees and breach in processes and systems,? he adds.
BPO firms are always on their toes to handle the constantly evolving security landscape, with new threats to enterprise networks emerging everyday. While industry leaders boast of international certifications and security measures, small and mid-sized companies are also revving up to address international concerns. Nasscom has set up a self regulatory data security watch dog. They can also gain from the National Skills Registry (NSR), which is a centralised database that contains third-party verified professional details of IT and BPO employees that allows employers to vet staff before recruiting. ?BPOs need to be extremely vigilant in ensuring customer?s confidential data from internal information leaks and also from the threat of external web based attacks,? says Mark Murtagh, product director, information leak prevention, EMEA & APAC, Websense Inc.
?Data security models can be broken down into several categories. First is a perimeter or network defence with which many organisations have done a pretty good job. Secondly, there is end point security that focuses on the actual protection of the devices connecting to a network like personal computers, servers and network storage,? says Bill Watkins, CEO, Seagate. ?Non availability of physical and personal security systems, support procedures including support framework, helpdesk and user accounts life cycle management systems, secure network configurations, licensed operating systems and software?s, intrusion and unauthorised access, ignorance or human error are some factors which enhance the risk of breach of data security,? agrees Devashish Ghosh, executive vice-president, global operations, Aptara.
To maintain stringent security network and risk reduction, they need to actively protect data by implementing appropriate measures like identifying sensitive data, access control, encryption and network monitoring and compliance of the threat specific environment, ?There are many types of security risks associated with high value content both from intentional theft to unintentional data loss. It is important to recognise that securing critical or valuable information from these types of risks has elements in common, but also, that each has its own special needs for protecting it,? adds Watkins.
High risk of data security proliferation in outsourcing companies has prompted them to adopt the security specific technological trends and the infrastructure. ?The IT infrastructure in any BPO needs to have foolproof measures taken right from installing, using and maintaining components like desktops, LAN connections hardware and software layering and firewalls. ?At the user level, locked down desktops, regularly updating anti-virus, curtailed administrator account access, absence of floppy/CD drives and locked USB ports are some measures that need to be taken,? adds Narayanan.
?Adopting international security standards such as internal security management systems (ISMS) and ISO 27001:2005 certification systems, adopting latest data security technology framework and infrastructure and to have risk assessment function to ensure compliance to customer contractual agreements can help in overcoming the risks of breach of data security,? advises Ghosh.
Short-term data loss is not the only thing that worries the outsourcing companies. It can result in a loss of competitive advantage, loss of business and damage to company?s reputation.
For the protection of data, there is a need for stringent measures and vigilant approach as the cyber criminals and technically skilled hackers will continue to exploit the technical applications and internet to hack the confidential data including electronic identities.