NETWORK WORLD NEWSLETTER: MARK EHR ON OUTSOURCING 10/13/04 Today's focus: Technologies to help ensure secure offshore outsourcing
Dear [EMAIL PROTECTED], In this issue: * Offshore outsourcing security concerns and solutions * Links related to Outsourcing * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Veritas Meta Group Whitepaper Database Infrastructure Performance Challenges: Approaches to Better Manage Application Database and Storage Subsystem Performance Corporate relational databases now manage the majority of business-critical data within the enterprise. IT organizations face continuing challenges in managing increasingly complex, data-driven application environments. Read this white paper to discover several factors which will converge to challenge the IT organization's ability to manage its database software infrastructure. http://www.fattail.com/redir/redirect.asp?CID=84687 _______________________________________________________________ WHAT DO YOU KNOW ABOUT THE NEW DATA CENTER? Sign up for Network World's Data Center Newsletter in which Johna Till Johnson and the team at Nemertes Research will provide an ongoing assessment of current data center business drivers and future trends; concrete advice and guidance for IT executives seeking to consolidate data centers, improve disaster recovery, and deploy virtualization techniques. Click here to subscribe: http://www.fattail.com/redir/redirect.asp?CID=84810 _______________________________________________________________ Today's focus: Technologies to help ensure secure offshore outsourcing By Mark Ehr A few weeks back, I wrote a couple of articles on the subject of offshore outsourcing, and the avalanche of reader and vendor responses convinced me that it is a hot topic that deserves more coverage. One of the key concerns raised was about security of data entrusted to an outsourcer. Several readers, both in the U.S. and elsewhere, indicated that their companies had been the victim of "IP theft" - intellectual property that was stolen by an employee of an outsourcer, whom then sold it to a competitor of the client company. This situation seems to be all too common, and the lack of strong patent and copyright laws in many countries makes the situation even worse by decreasing the risk to the perpetrators of the crime (indeed, IP theft may not even be considered a crime in the host country). This is a problem for companies that send any type of business critical work to an outsourcer. This includes development, technical support, and even customer service call centers. There are many risks involved in this type of endeavor, and the loss of IP may actually be the lowest risk. Consider, for example, that regulatory compliance laws stipulate that the legal liability for compliance rests with the company, regardless of where the work is performed. In the case of privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA), if a U.S.-based company were to hire an offshore outsourcer to perform work on patient data, such as data entry or customer service, and that data were to become compromised, severe penalties could be imposed on the company regardless of where the breach occurred. HIPAA penalties for wrongful disclosure of information include $50,000 and/or imprisonment for up to 1-year; $100,000 and/or imprisonment for up to 5 years if under false pretenses, and $250,000 and/or imprisonment for up to 10 years if there is intent to sell the information for _each_ instance of disclosure. Penalties for other regulations, such as Sarbanes-Oxley, could easily add up to millions of dollars, include several years of incarceration for the guilty individuals and company executives. That said, the rewards of using an offshore outsourcer can still outnumber the risks, and risk mitigation technologies are growing at an astonishing rate. The biggest offshore outsourcers are implementing their own security policies and procedures, and their customers can count on being reasonably secure. It also doesn't hurt that these outsourcers have excellent political connections in their home countries. In addition to work being done by the outsourcers themselves, consumers may choose to leverage technology to mitigate risk. Citrix Systems, for example, has been rapidly beefing up and publicizing the security features of its MetaFrame product suite to allow an increasingly fine-grained amount of control over what users can and cannot do within a MetaFrame session. For instance, administrators can choose whether a user is allowed to access disk drives outside of the Citrix environment, and whether they are allowed to print or not. Citrix customers also have the option of recording user sessions, which can be useful in proving regulatory compliance. Citrix sessions may be encrypted across the wire, and data that are accessed remains in the data center (which can be safe inside an onshore data center). Next year, Citrix will introduce technology that can perform deep discovery of the physical and logical environment that a user is running the Citrix session on and set security access accordingly. For example, if a user logs in from inside a secure company facility, they could be granted full access to the PC's resources, including the ability to save data on removable media and to print. Later, if a user logs in from a system in an insecure environment (like from home), the system could restrict access to only the Citrix environment, disallowing printing and access to local drives. It is these types of technologies that can arm companies that wish to send work overseas not only with the ability to tightly control what an outsourcer does with sensitive data, but also with the ability to prove to government officials that they are in compliance with regulations. It is critical when sending work to an outsourcer regardless of whether they are onshore or offshore that both the service consumer and provider ensure that they can maintain the security and integrity of the data that they are being entrusted with. I welcome your ideas, suggestions and comments on the subject of outsourcing; my e-mail address is below. Thanks for reading. _______________________________________________________________ To contact: Mark Ehr Mark Ehr is a Research Director with Enterprise Management Associates in Boulder, Colo., a leading market research firm focusing exclusively on all aspects of enterprise management software and services. Mark has more than 20 years of experience working with distributed systems, applications and networks. His current focuses at EMA are applications and systems management, mobile and wireless, enterprise application integration, security, and Web services. He can be reached via e-mail at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Veritas Meta Group Whitepaper Database Infrastructure Performance Challenges: Approaches to Better Manage Application Database and Storage Subsystem Performance Corporate relational databases now manage the majority of business-critical data within the enterprise. IT organizations face continuing challenges in managing increasingly complex, data-driven application environments. Read this white paper to discover several factors which will converge to challenge the IT organization's ability to manage its database software infrastructure. http://www.fattail.com/redir/redirect.asp?CID=84686 _______________________________________________________________ ARCHIVE LINKS Archive of the Outsourcing newsletter: http://www.nwfusion.com/newsletters/asp/index.html Breaking outsourcing news and resource links: http://www.nwfusion.com/topics/outsourcing.html _______________________________________________________________ FEATURED READER RESOURCE THE NEW DATA CENTER Today's top companies are accelerating toward Web-based computing. That means building the new data center -- where grids, virtualization, autonomic computing and other big changes shatter the traditional boundaries on applications and information, and bring the extended enterprise to life. Learn about The New Data Center on NW Fusion's Research Center at: <http://www.nwfusion.com/topics/datacenter.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
