Fort Knox of data security?
Indian IT and ITES-BPO firms consider foolproof security to be an indispensable element of global service delivery, writes Kiran Karnik.india Updated: Oct 15, 2006 00:37 IST
The growth and success of the Indian ITES-BPO sector is due to a combination of strengths India possesses, of which high security standards and world class practices are a key part. Recognition of this comes from various independent studies. For example, the AT Kearney Global Services Location Index 2005 ranks India highest in a detailed analysis comparing 40 sourcing destinations across the world.
The fact that India is very secure, from a data protection viewpoint, has also been confirmed by independent surveys by various credible organisations, including the Financial Services Authority and the Banking Code Standards Board, both of the UK.
Yet, owing to the critical and sensitive nature of work being outsourced to Indian companies, concern from customers about the protection of their data is but natural. The Indian IT-BPO industry has been able to adequately meet all such worries and has remained ahead of the curve in ensuring data security.
Indian IT and ITES-BPO companies consider fool-proof security to be an indispensable element of global service delivery, and lay special emphasis on ensuring that their security policies and practices minimise any form of information risk. We aim to be the global outsourcing hub for the world and understand the associated responsibility from a data security perspective.
There have been a few isolated cases of data theft and sale, including some instigated by media looking for “scoops”. These operations sometimes go beyond uncovering wrongdoing and actually induce criminal activity that is then recorded and aired. While the ethics and motive of such operations is as questionable as the veracity and quantity of data, the industry treats any such case with utmost seriousness. As in the case of air accidents, the whole industry — worldwide — is affected by any mishap. However, if national comparisons are to be made at all, the Indian IT industry is certainly far ahead.
Research conducted in 2005 found many more security breaches in UK and the US than in India. In the past 18 months, according to reports by privacy watch-groups, the incidents of identity theft in the US alone have been 148, affecting nearly 94 million identities. In the UK, the Home Office estimates that identity thefts result in losses of over a billion pounds, and a quarter of all UK citizens have either been affected by ID theft or know someone who has been.
NASSCOM has taken a holistic view of information security through its ‘Trusted Sourcing’ initiative to strengthen the regulatory framework and further improve India’s attractiveness as an outsourcing destination. NASSCOM’s National Advisory Board guides its multi-pronged ‘4E’ framework, involving engagement (with all stake-holders), education, enactment (legal framework) and enforcement.
A Self Regulatory Organisation (SRO) for the IT-ITES industry is in the works, to help further upgrade data protection and security practices. Another important initiative now actively underway is the National Skills Registry. Launched in January 2006, NSR has already registered 25000 employees, and 24 companies — accounting for approximately 30 per cent of industry’s total workforce.
On the policy side, the industry has closely engaged with the Government to suggest amendments to the IT Act 2000, which will further strengthen the legal framework, taking note of the evolving nature of technology and also of cyber crime. We expect the amendments to be tabled in the forthcoming session of Parliament.
However, effective enforcement of these laws is most critical, which requires well trained police and enforcement authority officials, well versed with technology. Even the best law will be a dead letter if not executed well. As part of the ‘4E Framework’, NASSCOM has conducted training in cyber crime handling for over 1800 police officials, and organised workshops and seminars for judiciary, law makers and other stakeholders. It has also helped set up Cyber Crime Laboratories.
However, the long delays in our justice system are of serious concern as they dilute deterrence. Prevention is key to checking cyber crime.
Security awareness and education have to be made a part of the process of IT education. The annual Cyber Safety Week organised by NASSCOM (in Mumbai for the past three years, and in Hyderabad beginning this year) is also being extended to other cities to ensure we reach out to as many users as possible.
In the wake of the recent incident, offices which deal with such issues in the UK like the Information Commissioner, and even companies outsourcing to India, have not indicated any special concern with regard to outsourcing work to India, and have spoken of their continued confidence in data security here. Also, we do not see any business impact of such stray and unverifiable incidents of alleged data theft.
That said, there is no room for complacency. In India, we are determined to keep all procedures under review in order to stay ahead of criminals no matter where in the world they may be based. Security is and will remain our number one priority. We want India to be the “Fort Knox” for data.
(The author is president, NASSCOM)