U.S. firms urged to push for stronger security from offshore vendorsApril 9, 2010
Computerworld - Companies who send software development work to India need to ensure that their vendors take holistic measures to protect data and aren't simply "checking the box" on security issues, Forrester Research warned this week.
Many Indian companies have bolstered their security controls and business continuity measures in recent years, Forrester said in a report. But the lack of executive support for security efforts, an over-reliance on technology controls and inadequate training and awareness undermine the effectiveness of such measures.
"Clients should push their suppliers to invest in people and training, demonstrate C-level commitment, and push government agencies for a better legal framework and judiciary reforms for timely prosecution," the report said.
Forrester analyst Sudhir Apte, who authored the report, said that many of the security measures in place appear designed to appease concerns more than anything else. "What I am seeing is most vendors are checking the box" on technology controls to address security threats and business continuity issues. "They view it as marketing collateral" while pitching their services.
As part of an effort to shore up customer comfort, the Indian government, industry trade association Nasscom and many Indian firms have taken steps to bolster security, Apte noted. For instance, many big Indian vendors have deployed international security standards such as BS 7799, pledged more transparency in their financial reporting standards and ramped up physical security to protect against terrorist disruptions such as the one that hit Mumbai in Dec. 2008. The BS7799 standard specifies a precise set of security controls for IT systems.
More:
http://www.computerworld.com/s/article/9175147/Indian_outsourcers_emphasize_cosmetic_security_measures_Forrester_warns
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
