Outsourcing business processes and the data related to these processes has the inherent risk of the data being compromised, particularly when it is being outsourced to an off-shore outsourcing services provider.

Recently, there is news about how private, medical information of patients in the United Kingdom being sold. Security breaches impact business negatively, negative impact that can ruin business.

However, there are some recommended measures to counteract the negative impact.

Determine your sensitive data, make sure your services provider knows it too.

Determine WHICH your data assets are sensitive – by “sensitive data”, that’s data whose theft or exposure would cause serious damage to the business, its employees, shareholders, customers or partners.

Determine WHERE such sensitive data assets are stored and determine WHO gets access to this data, preventing unauthorized copying, printing and backups.

Ensure that your services provider follows these determinations with discipline and diligence, put in on paper as a policy, which leads us to the second measure.

Set-up with your service provider a viable, up-to-date security policy

Many companies have policies that address yesterday’s threats, or policies that are current but the employees are unaware of these policies. Communicate these policies to staff, both in-house and remote, revise these periodically to deal with new threats.

Have your outsourcing services provider enforce policies and procedures in place for quick response so that if a data breach occurs, you and your service provider can react rapidly and minimize damage.

Enforce the least privilege principle

Do not grant privileges based on future needs but current ones. Regularly review existing privileges, revoke the ones that are no longer required.

With so many consultants, outsourced developers, partners gaining access to your company’s internal systems, it is easy to disregard how many externals have access to systems and information for which they no longer need it.

Encrypt data, stationary and in motion.

Select the encryption solution that’s rational for your environment, using strong encryption standards and algorithms, coupled with authentication and key exchange mechanisms.

This ensures that only those who need to see sensitive data see it. It is important to choose the right kind of encryption and do it judiciously, covering only sensitive data.

Key management is vital. If encryption keys are distributed to many users, applications and devices, the effort of encryption becomes useless in terms of security.

Outsourcing Solutions, Inc. – your outsourcing partner!


Markovich, Slavik. “How to avoid the Next Data Breach.” 21 December 2007. eWeek. 21 October 2009. Link Here


You must be logged in to post a comment.

Recommended Providers

Recommended Articles

Ask the Expert

Please click here or send an email to jeff@outsourcing.ph with your questions about outsourcing.