Better safe than sorry! When outsourcing, keeping an eye on data security right from the planning stage can save your company from nasty surprises. Readers should learn how to protect their confidential data when they exchange information with external partners.
Expert
articlesIs Your Outsourcing Secure?-Olaf Siemens, Head of R&D, Utimaco Safeware - The Data Security Company
Better safe than sorry! Just how seriously does staff in outsourced divisions of companies concerns right at the start of outsourcing planning. Your companytake data security? And what happens if a freelancer working for retains complete control from the very beginning and can decideWhen outsourcing, the outsourced partner gets the clever idea of leaking critical who is allowed to see what. keeping an eye on company data to the competition? Inside company offices, datadata security right security can be maintained with bullet-proof access control: What needs to be taken into consideration when selectingfrom the planning anyone who is not supposed to have access to confidential data encryption software? The cryptography must be secure and shouldstage can save your is kept out. However, when parts of the company are being be based on recognized, tried-and-tested hard-encryptioncompany from nasty outsourced, the possible security risks take a back seat at many algorithms such as AES, the most common algorithm at thesurprises. enterprises and only come to the forefront again when the present time. In addition, there should be no known attacks oncontract with the outsourced services is already a done deal. the algorithm, and the key lengths should be large enough thatdata cannot be viewed by means of brute force attacks. KeysBe on the safe side: deploy both organizational must have a minimum length of over 100 bits, and thanks to itsand technical protection 256-bit key length, AES will be able to offer adequate security forSummary: The subject of data security for both organizational and technical a long time. If possible, your encryption solution should workReaders should learn protection needs to be on the agenda right at the start of with certificate-based authentication or, better still, withhow to protect their outsourcing negotiations. Organizational protection provides a smartcards or comparably secure USB tokens. When usingconfidential data contractual definition of how sensitive data are to be handled and password-based authentication, you need to make sure that thewhen they exchange what penalties are to be expected in the event of damage or software prevents attacks such as dictionary attacks.information with breaches of confidence. Furthermore, critical information such asexternal partners. financial data should often not even get outsourced in the first Unauthorized users get a jumble of dataSome companies outsource their entire system administration.place. Using professional encryption software ensures technical For backups or other typical administrative procedures, physicalprotection, which lets a company retain control over the data access is necessary and possible, while logical data access isencryption key - and therefore also over the content and use of not. Security solutions that are already tried and tested on theits data. Prevention makes sense for both the outsourcing market will not allow network administrators, whether at yourcompany and the service provider: if critical data should ever leak own company or at your outsourced service provider, access toout, you can use the auditing-login to ascertain the last person to critical information; the network administrators will only see anprocess the data and whether certain people ever had access to it. encrypted jumble of data on their screens. However, this doesWhen it comes to data security, not prevent unlimited, efficient, and cost-effective administrationIndia is behind the times of the infrastructure. In addition, you need to keep in mind thatYou have probably heard horror stories about data security backups often have to be saved for several years for statutorybreaches - the majority of them from the outsourcing mecca reasons. With some security solutions, the encryption informationIndia. While the market researchers from India's National is stored at another location in the system, mostly in a hidden fileAssociation of Software and Service Companies expect growth of known as an "envelope." The envelope also needs to be saved27 to 30 percent in 2007, resulting in revenues of $29 to $31 with the backup so that no valuable in... [download for more]
