Burnt by poor IT security standards at offshore locations such as India, Australian companies are revisiting their outsourcing requirements.
The offshoring fears emerged after police officials confirmed they are investigating the alleged theft of source code at Jolly Technologies’ Mumbai development centre in India.
Jolly lacked a security policy at its Mumbai centre and the company issued a statement confirming that an employee uploaded and e-mailed files containing the source code and other confidential data to a Yahoo Inc. e-mail account.
Such breaches are nothing new, according to IT security consultant Ajoy Ghosh, who is aware of at least a dozen cases in recent years that have involved Australian companies, one of which involved one of the big four banks in Australia.
Ghosh pointed out that offshoring providers in India, China and Argentina do not have the same standards of privacy and data protection as in Australia.
“It is partly cultural as they do not recognize intellectual property (IP) and there is very little awareness,” he said, adding that customers are also to blame for not thoroughly screening the IT security standards of potential providers.
“Offshore outsourcing is a huge industry for countries like India, but standards aren’t likely to change until customers demand it.”
Precision Valve IT manager Gary Brown has chosen not to engage in offshore outsourcing.
“We have some real reservations about the quality of work carried out in places like India. We have spoken to people who have been burnt by offshoring and it seems it’s very difficult to carry out good quality control,” Brown said.
“They’re working to a different set of rules. Even if you go and investigate a site before commencing work, you know they are only going to show you their best side.
“The law here looks after us; over there it’s a whole different ball game.”
Meta Group Principal Consultant Wissam Raffoul agrees there are risks involved in offshoring, but says it comes down to selecting the right provider.
Make sure the provider adheres to your security standards and be aware there are inconsistencies across countries, he said.
“You cannot assume outsourcing works on its own; you have to make it work,” he said.
Whitehorse Strategic Group managing director Ian Dennis said to suggest India is less secure than other locations is “patently ludicrous”.
Dennis said it was up to companies to keep in mind the implications of offshoring company data, not just from a security perspective, but in terms of privacy and commercial leakage.