A report published on the front page in the Companies section of yesterday’s edition of The Financial Times (paid subscription required or free metered view) indicates that there is a link between the current alarming rise in cybercrime and the adoption of outsourcing. The article concludes that according to corporate security officials, outsourcing companies that provide low-cost IT focused services are becoming the “weakest link” in the battle against rising cybercrime.
The article cites sloppy security practices and lax controls for handling of sensitive data. Noted is that the consumer protection bureau of the U.S. Federal Trade Commission “has brought around 40 data security cases against businesses and at least six involved a failure to properly oversee a service provider.” The article cites a recent survey conducted by the Ponemon Insititute that found that there was a continued lack of agreement as to who’s responsibility it was to maintain good security. A partner of consulting firm PwC indicates that that while outsourcing contracts generally contain clauses requiring service providers to notify clients if data is compromised, monitoring of security standards has not taken hold.
Prediction Ten of our Annual 2013 Supply Chain Matters Predictions for Global Supply Chains pointed out that cloud computing and managed services options would continue to gain traction, provided that vendors and service providers resolve current lingering customer concerns. Those concerns are often noted as data and information security. Up to now, cloud computing options directed at point applications may have caused procurement, supply chain and IT teams to overlook such provisions but with the current alarming rise in cyber security and data breach threats, these issues are becoming much more troublesome.
In its article, FT points out that the weakest link in the security chain may be an outsourced business process or cloud based application. This threat is becoming very real and teams are well advised to insure that data and information security provisions related to outsourced processes meet rigorous standards. Vendors and service providers of outsourced and cloud service offerings are further advised to insure that security of data and information meets the most rigorous standards, especially with reliance on a third party IT infrastructure provider.
As a reminder, readers can download the full version of our Predictions research report with our compliments by accessing our Research Center and providing some basic registration information.