Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO.

Published byGiles Armstrong Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO."— Presentation transcript:

1 Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO

2 The problem

3

4

5

6 In 2012, the total size of the outsourcing market is expected to be about USD 184B ~USD 4.2B will be spent on proactive and reactive actions on information breaches An average breach costs an enterprise USD 6.75 M in direct costs

7 The risks - human Each person in the chain of outsourcing process handoffs represents a “risk” * High man power churn typical to the industry = Mother of all HR problems !! This element of risk is indispensable, intelligent, adaptive and prone to greed !

8 The risks – legal and compliance Legal cover for malfunction for any of the risks is critical Outsourcing process is typically under compliance norms of various country specific norms, compliance frameworks and cross border data flow agreements Liability is largely spread across multiple entities and reputation risks are not covered Insurance is at-best, high cost !

9 The risks - technology Information through the lifecycle of creation – storage – transmission – use – archival & deletion represents one of the biggest risks Multitude of information systems with hand offs have shown themselves to be prone to breaches Controls are typically built into individual applications

10 The underlying issues Share it = It becomes his (also) Usage and access control separation is not possible Share it once = Share it forever No possibility of information “recall” if relationships change Out of the firewall = Free for all Only legal contracts protect information outside the “perimeter”

11 Illustration Bank BPO BPO Employees doing data entry Bank Employee Kay Bank outsource it’s data entry work to a remotely located business partner IntServices Pvt Ltd

12 Illustration Bank BPO BPO Employees doing data entry Bank Employee Certain documents are scanned and image files are sent by a bank employee to the business partner via a secured FTP connection.

13 Illustration Bank BPO BPO Employees doing data entry Bank Employee Different employees process the scanned image files to enter data into excel or database files. These files are sent back to bank via secured FTP.

14 Illustration Bank BPO BPO Employees doing data entry Bank Employee Confidential data may be leaked by one of the employees to a telemarketer. Telemarketer

15 WHO can use the information People & groups within and outside of the organization can be defined as rightful users of the information WHAT can each person do Individual actions like reading, editing, printing, distributing, copy-pasting, screen grabbing etc. can be controlled WHEN can he use it Information usage can be time based e.g. can only be used by Mr. A till 28th Sept OR only for the 2 days WHERE can he use it from Information can be linked to locations e.g. only 3rd floor office by private/public IP addresses IRM technologies allow enterprises to define, implement & audit information usage “policies”. A “policy” defines : Rights Management Defined 15

16 Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Kay Bank outsource it’s data entry work to a remotely located business partner IntServices

17 Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Certain documents are scanned and image files are protected & sent by a bank employee to the business partner via a secured FTP connection.

18 Illustration - After Bank BPO BPO Employees doing data entry Bank Employee After legitimate use, Kay bank can ensure that information shared with or generate by Intservices is destructed

19 19 What enterprises say... Senior Vice President and CISO, HDFC Bank. "In today’s world, where the boundaries of the organisation’s functionality are disappearing, we are dependent on different business providers to process our customer information. Given that requirement, we still want to control how that information is used and processed by the service providers. Seclore’s technology has allowed us to do that." - Vishal Salvi, CISO

20 Seclore user profile… ….Large financial services groups ….Diversified business groups ….Engineering and manufacturing organizations …Government and service providers

21 More Info? www.seclore.com +91-22-6130-4200 21

Download ppt "Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO."

Similar presentations

Question : Why do F1 cars have the biggest brakes ? Answer : Because they need to go the fastest.

Question : Why do F1 cars have the biggest brakes ? Answer : Because they need to go the fastest.
View and manage corporate files from within Baan and ERP LN. Allows you to access the files on the network from within Baan maintain sessions!

View and manage corporate files from within Baan and ERP LN. Allows you to access the files on the network from within Baan maintain sessions!
CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
Compliance storyboard: Classifying & controlling content at the input device.

Compliance storyboard: Classifying & controlling content at the input device.
Proprietary and Confidential Secure Mobile Productivity & Collaboration for the Enterprise Secure mobile productivity Access, sync and edit files.

Proprietary and Confidential Secure Mobile Productivity & Collaboration for the Enterprise Secure mobile productivity Access, sync and edit files.
Accounting back office partnership proposal

Accounting back office partnership proposal
Appendix F: Common risk categories for the public sector Insert client-specific photo here.

Appendix F: Common risk categories for the public sector Insert client-specific photo here.
This presentation contains forward-looking statements. Because such statements deal with future events and are based on KCS’s current expectations, they.

This presentation contains forward-looking statements. Because such statements deal with future events and are based on KCS’s current expectations, they.
Information Rights Management (IRM): Enhancing Security of IBM FileNet.

Information Rights Management (IRM): Enhancing Security of IBM FileNet.
© Pearson Prentice Hall 2009

© Pearson Prentice Hall 2009
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Experian – SCV file security 1. FSCS Security & Audit Data security is likely to be a important factor to organisations involved in the SCV Verification.

Experian – SCV file security 1. FSCS Security & Audit Data security is likely to be a important factor to organisations involved in the SCV Verification.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.

1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.

Similar presentations

Ads by Google