Security Concerns at Offshore Development Centers


Security Concerns at

Offshore Development


MIS Practicum Presentation

Week 6

Ashish Bahety

The Issue

The Issue: Security Concerns at offshore development centers.

The Problem: Security Breaches

Sale of personally identifiable information

Unintentional exposure of information to outsiders

Loss of Laptops, backup tapes

Dishonest insiders

How is the issue looked at?

By the Offshore Development Center


By the Client Company

“Necessary evil”

By the governments

Exporting Country (India/China)

Seriously: Hampers the industry as a whole

Importing Country (US)

Politically (Jobs are being lost)

Creating legislation forbidding information leaving US, or to inform customers that their data may be sent out.

Examples of the issue

TJX security breach: Credit Card

A security breach at HSBC's offshore data-processing unit in Bangalore has led to £233,000 being stolen from the accounts of a small number of UK customers.

Iron Mountain Inc lost backup tapes of client Time

Warner Inc. holding personal data of 600,000 former and current Time Warner employees.

Bank of America lost an unencrypted backup tape with credit card information on up to 1.2 million federal employees while it was being shipped on a commercial airline.

Vendor and consultant white papers

Good idea of the different theories

What to outsource and what not?

How to select a vendor?

Guidelines to follow to reduce the risk.

Relevance to Academic Coursework

IS Security

Systems Analysis and Development

What to outsource and what not to?

Associated Risks

IS Planning

Global Supply Chain Management

What parts of the Supply Chain to outsource.

General Issue

General Issue: Security

Academic Research:

There is a huge cost to document each and every process that is outsourced.

Best people in the industry are used at the time of procuring the contract and then they are shifted.

Studies that identify the key factors and challenges:

What is being done?

Increased usage of “more” secure channels.

Training to employees to keep data secure.

Payment to hackers to test the system and identify the weak links.

Investment in secure facilities.

Careful analysis of vendor before selecting them.

Security Audits.