Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO.

Slides:

Advertisements

Similar presentations

Question : Why do F1 cars have the biggest brakes ? Answer : Because they need to go the fastest.

Advertisements

View and manage corporate files from within Baan and ERP LN. Allows you to access the files on the network from within Baan maintain sessions!

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.

Compliance storyboard: Classifying & controlling content at the input device.

Proprietary and Confidential Secure Mobile Productivity & Collaboration for the Enterprise Secure mobile productivity Access, sync and edit files.

Accounting back office partnership proposal

Appendix F: Common risk categories for the public sector Insert client-specific photo here.

This presentation contains forward-looking statements. Because such statements deal with future events and are based on KCS’s current expectations, they.

Information Rights Management (IRM): Enhancing Security of IBM FileNet.

© Pearson Prentice Hall 2009

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Experian – SCV file security 1. FSCS Security & Audit Data security is likely to be a important factor to organisations involved in the SCV Verification.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Copyright © 2003 Americas’ SAP Users’ Group Making a Profit with Customer Service David Baethke, Vice President, The Baer Group Wednesday, May 21, 2003.

ECM Base Compliance Input Messaging & Alert Compliance dashboard Compliance Monitoring Internal & External Audit Tracking Access Control Compliance & Financial.

Credit Strategy.Net Web Based (ASP) Application Credit Module Copyright (C) Credit Strategy, Inc. All rights reserved Page Up or Down to navigate.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

Best in Class Controls for AP The Institute of Financial Operations Indiana – Southern Illinois Chapter June 15, 2011 Sherry DePew.

ViciDocs for BPO Companies Creating Info repositories from documents.

SecureAware Building an Information Security Management System.

PayDox Corporate Document Management System Rotech AB Interface Ltd Business Software Integration.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.

Chapter 3 Internal Controls.

Global Program Management Dawn Davis, SVP Global Records Management.

Creating an Effective Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.

TRANSACTION PROCESSING SYSTEM Whenever two people make an exchange, it is called a transaction. Transactions are important events for a company, and collecting.

Page Up or Down to navigate through the program.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.

Document Management System for Construction Industry From Infocrew Solutions Pvt Ltd.

© Grant Thornton LLP. All rights reserved. Next – Generation Outsourcing Kris Ruckman June 4, 2008.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

TRACK 3 (EXECUTIVE): Managing Storage -- A Plan of Attack Roles and Responsibilities in the Storage Group John Webster Senior Analyst and Founder Data.

BEST Guard – Information Logging. bEST Guard Records all actions executed on an MFP Produkt type: Server based application (software only) Development.

SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.

Chapter 8 Auditing in an E-commerce Environment

Protecting your Managed Services Practice: Are you at Risk?

INTRODUCTION  netCORE offers 360 degree digital communication solutions Messaging and Mobility  Pioneers in Linux based mailing solution and catering.

1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.

Securing Information Wherever it Goes Trends in Enterprise Digital Rights Management.

Data Loss Prevention and Information Rights Management in SharePoint Tim Beamer, Plus Consulting

Chapter 7. Identifying Assets and Activities to Be Protected

92% of the world’s data was created in the past 2 years

Current ‘Hot Topics’ in Information Security Governance Auditing

The Information Protection Problem

General Data Protection Regulation

Managing the IT Function

GDPR - Individual’s Rights

LEGAL SERVICES SOLUTIONS

Which is right for your business, Office 365 or Microsoft 365?

Which is right for your business, Office 365 or Microsoft 365?

Security in SharePoint and Teams with DLP, IRM, and AIP

Searchable. Secure. Simple.

DATA LOSS PREVENTION Mr. Collins Oduor.

Security in SharePoint and Teams with DLP, IRM, and AIP

Presentation transcript:

Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO

The problem

In 2012, the total size of the outsourcing market is expected to be about USD 184B ~USD 4.2B will be spent on proactive and reactive actions on information breaches An average breach costs an enterprise USD 6.75 M in direct costs

The risks - human Each person in the chain of outsourcing process handoffs represents a “risk” * High man power churn typical to the industry = Mother of all HR problems !! This element of risk is indispensable, intelligent, adaptive and prone to greed !

The risks – legal and compliance Legal cover for malfunction for any of the risks is critical Outsourcing process is typically under compliance norms of various country specific norms, compliance frameworks and cross border data flow agreements Liability is largely spread across multiple entities and reputation risks are not covered Insurance is at-best, high cost !

The risks - technology Information through the lifecycle of creation – storage – transmission – use – archival & deletion represents one of the biggest risks Multitude of information systems with hand offs have shown themselves to be prone to breaches Controls are typically built into individual applications

The underlying issues Share it = It becomes his (also) Usage and access control separation is not possible Share it once = Share it forever No possibility of information “recall” if relationships change Out of the firewall = Free for all Only legal contracts protect information outside the “perimeter”

Illustration Bank BPO BPO Employees doing data entry Bank Employee Kay Bank outsource it’s data entry work to a remotely located business partner IntServices Pvt Ltd

Illustration Bank BPO BPO Employees doing data entry Bank Employee Certain documents are scanned and image files are sent by a bank employee to the business partner via a secured FTP connection.

Illustration Bank BPO BPO Employees doing data entry Bank Employee Different employees process the scanned image files to enter data into excel or database files. These files are sent back to bank via secured FTP.

Illustration Bank BPO BPO Employees doing data entry Bank Employee Confidential data may be leaked by one of the employees to a telemarketer. Telemarketer

WHO can use the information People & groups within and outside of the organization can be defined as rightful users of the information WHAT can each person do Individual actions like reading, editing, printing, distributing, copy-pasting, screen grabbing etc. can be controlled WHEN can he use it Information usage can be time based e.g. can only be used by Mr. A till 28th Sept OR only for the 2 days WHERE can he use it from Information can be linked to locations e.g. only 3rd floor office by private/public IP addresses IRM technologies allow enterprises to define, implement & audit information usage “policies”. A “policy” defines : Rights Management Defined 15

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Kay Bank outsource it’s data entry work to a remotely located business partner IntServices

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Certain documents are scanned and image files are protected & sent by a bank employee to the business partner via a secured FTP connection.

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee After legitimate use, Kay bank can ensure that information shared with or generate by Intservices is destructed

19 What enterprises say... Senior Vice President and CISO, HDFC Bank. "In today’s world, where the boundaries of the organisation’s functionality are disappearing, we are dependent on different business providers to process our customer information. Given that requirement, we still want to control how that information is used and processed by the service providers. Seclore’s technology has allowed us to do that." - Vishal Salvi, CISO

Seclore user profile… ….Large financial services groups ….Diversified business groups ….Engineering and manufacturing organizations …Government and service providers

More Info?