Point/Counterpoint: Outsourcing to India – Secure or Not Secure?

It was with great coincidental irony that I read two stories back-to-back today discussing whether or not outsourcing business processes to India was or was not secure.  One was a personal opinion article, and the other was based upon a study.  Both are good to consider, and make some serious points.

The Financial Express story claimed, "Security concerns unwarranted."  The Daily Telegraph reported, "Secrets for Sale."

So…does this point to these stories as ad hominem arguments, or do they each make some truly valid points? 

With that question in mind I was taken back in time (imagine retrospective music now playing…perhaps Carly Simon…or Five for Fighting…) to when I was but a wee, very young toddler…and the 60-Minutes segments, Point/Counterpoint, were on each Sunday with James Kirkpatrick and Shana Alexander …which of course then brought to mind Saturday Night Live’s take of it with Dan Aykroyd and Jane Curtin spoofing the roles…which was hilarious!  Yes, I should not have been staying up that late when I was but a wee, very young toddler, but usually no one realized I was up watching from the depths of the dark hall in the back of the living room… 🙂

I wonder; how would these stories work by intertwining the reports?  Hmmm…Let’s give it a try…

The part of Dan will be played by the Financial Express story that all outsourcing to India is secure; the Jane part will be played by the Daily Telegraph story about widespread fraud with outsourced organizations in India.  Let’s see how this works with actual excerpts from the reports…

Dan (Financial Express):  "…complex outsourcing businesses have moved to technical support centres located in countries such as Mexico, China, South Africa and India."

Jane (Daily Telegraph): "ANZ employs hundreds of workers in Indian call centres and NAB is also looking to shift 160 data processing jobs for India."

Dan (Financial Express):  "The Indian ITeS-BPO industry has also become the favourite hunting ground for the Western tabloid press. These publications have started conducting ‘sting’ operations to investigate and highlight the ‘rot’ in the Indian BPO companies. In an already tense situation, these press articles often paint the entire Indian ITeS-BPO industry with the same brush. The ground reality, however, is different. There have been isolated instances of breach of privacy by some individuals. Once detected, both the companies and the Indian authorities have acted swiftly and promptly to investigate and prosecute the con-cerned individuals."

Jane (Daily Telegraph): "CALL centre fraud is flourishing in India with confidential details of bank and mobile phone customers readily available for sale."

Dan (Financial Express): "Indian BPO companies as well as trade bodies such as NASSCOM and CII have also put their weight behind industry-wide initiatives to strengthen the screening of employees, monitor and report adherence to accepted worldwide security best practices and lobby with the Indian government to amend and update the Indian IT Act."

Jane (Daily Telegraph): "The Dispatches documentary The Data Theft Scandal claims the fraud is widespread and exists in major Indian cities including Calcutta, Delhi, Hyderabad and Bangalore."

Dan (Financial Express): "I believe that the security concerns are being blown a bit out of proportion, given the ‘high decibel’ visibility and hype surrounding the outsourcing industry, particular in India."

Jane (Daily Telegraph): "One former call centre worker told the Channel 4 program: "The potential for fraud was very, very high. "I mean, security where I worked was non-existent. It’s really that easy to take anything you want out of the buildings." A middleman admitted the information he was selling for $20 per set was obtained from an Indian call centre selling mobile phones – and boasted he could provide the records of 100,000 customers each month."

Dan Aykroyd (RH*): Jane, you ignor…oops…sorry; the SNL sketches became a bit too vivid…

Jane (Daily Telegraph): "One call centre consultant showed off the illegal data he was offering for sale from his laptop. His database of about 200,000 identities included some passport and licence details obtained from customers who bought mobile phones via an Indian call centre. Data protection lawyer Stewart Room said the program proved the fraud was systematic. "What I’ve seen here is the best evidence you could give me … of wholesale disregard for fair and lawful practices in information processing,” he said.  "You couldn’t scare me more. This is as bad as it gets. This is evidence of serious criminal offences.""

Dan (Financial Express): "The government and industry in India have taken some important measures to address the issue of data security and the associated perceptions. These initiatives, if implemented in letter and spirit, would go a long way in promoting the Indian ITeS-BPO sector."

Jane (Daily Telegraph): "Another middleman offered details for as little as $12.50 per customer. He said the data was mined by agents posing as technical support staff, who carried the sensitive data away using computer memory sticks. One seller who feared he was being set up agreed call centre fraud was bad for India’s economy because foreign companies might pull out and leave thousands unemployed."

Dan (RH): Jane, you ignorant, misguided sl*t! Once again, you missed the point entirely.  Why should…

Jane (RH): Thank you, Dan!  Hoping your news is good news. Good night, and have a pleasant tomorrow.
 

Thank you for indulging my attempted levity…I just finished working another 14-hour day, so I thought it would be good to lighten up a bit…ahh…I needed that!  🙂

The outsourcing of business processes and the caretaking of sensitive data *IS* a huge risk to organizations, no matter to what country or to what other organization, and ensuring the security of that data entrusted to the outsourced entities is very important.  I spend much of my time researching and investigating the information security claims of my clients’ business process outsourced vendors; such due diligence is not only a good idea in today’s environment, but it is also important for showing due diligence, as well as required by various laws, regulations and contractual agreements.

* RH: Rebecca Herold

Technorati Tags







Leave a Reply