Largest banks, insurance companies and hospitals that chose to outsource their IT services are claimed to be vulnerable to hackers due to the weaknesses in their partners.
According to Evan Francen, an insecurity expert, a number of largest top companies would be able to pass a rigorous security audit, but those relying on business partners may not. He explained that today we are in the Wild West period of security compliance, where there’s plenty of dosh to be made. It looks like the weakest point in this game is outsourcers that consider it difficult to comply with confusing and, as they believe, excessive security demands of largest firms for which they handle information.
Nevertheless, the outsourcers are bit stuck, since lots of their customers don’t actually realize what kind of protection they are really looking for. The only thing they know for sure is that they don’t want to end up in the news with all their customer details compromised. Local media points out that a lot of security rules have been written by non-IT people, and thanks to that they were not specific enough to give IT professionals a clear idea of how to arrange security issue. In fact, there are lots of various ways to do it.
This situation is currently forcing the outsourcers to spend huge money on getting hold of consultants that help them pull their socks up. Of course, they can choose to encrypt and secure everything to some degree, but this choice would cost them plenty of money, while in most cases the outsourcers are being hired to save cash. But the problem is not even about the money here.
The alarming moment today is that there’s a vulnerability for lots of largest corporations throughout the globe because of their outsourcing partners, who are a sort of a hole waiting to be exploited. The security experts noted that a number of companies have been only focusing on their own security, in the meantime forgetting about their outsourcing partners. At the same time, many international corporations are forcing their partners to undertake stiff IT audits, but the outsourcers don’t seem equipped to handle it in the first place. It seems that it is a problem that should be solved in the nearest future, unless the companies want to find themselves in headlines screaming about customer data leaks.
According to Evan Francen, an insecurity expert, a number of largest top companies would be able to pass a rigorous security audit, but those relying on business partners may not. He explained that today we are in the Wild West period of security compliance, where there’s plenty of dosh to be made. It looks like the weakest point in this game is outsourcers that consider it difficult to comply with confusing and, as they believe, excessive security demands of largest firms for which they handle information.
Nevertheless, the outsourcers are bit stuck, since lots of their customers don’t actually realize what kind of protection they are really looking for. The only thing they know for sure is that they don’t want to end up in the news with all their customer details compromised. Local media points out that a lot of security rules have been written by non-IT people, and thanks to that they were not specific enough to give IT professionals a clear idea of how to arrange security issue. In fact, there are lots of various ways to do it.
This situation is currently forcing the outsourcers to spend huge money on getting hold of consultants that help them pull their socks up. Of course, they can choose to encrypt and secure everything to some degree, but this choice would cost them plenty of money, while in most cases the outsourcers are being hired to save cash. But the problem is not even about the money here.
The alarming moment today is that there’s a vulnerability for lots of largest corporations throughout the globe because of their outsourcing partners, who are a sort of a hole waiting to be exploited. The security experts noted that a number of companies have been only focusing on their own security, in the meantime forgetting about their outsourcing partners. At the same time, many international corporations are forcing their partners to undertake stiff IT audits, but the outsourcers don’t seem equipped to handle it in the first place. It seems that it is a problem that should be solved in the nearest future, unless the companies want to find themselves in headlines screaming about customer data leaks.
No comments:
Post a Comment