Offshoring of IT services imperils private data

All enterprises should look at data masking technology that can help protect private data when outsourced, says Forrester

Guidelines for government departments that are considering outsourcing IT work overseas are in the pipeline, though apparently some way off. According to the State Services Commission, work is in its very early stages and no date has been set for completion.

Offshoring has always been contentious. The issue was recently raised anonymously to IT publications by someone who was concerned that Unisys was sending work to India on behalf of the Accident Compensation Corporation, Inland Revenue and the Ministry of Agriculture and Forestry.

It was, according to Unisys managing director Brett Hodgson, not an issue for concern because only metric data was going offshore.

Inland Revenue’s response to Computerworld’s questions was interesting. It was “only” routine monthly management reports going to India. Content was produced in New Zealand and formatted in India to take advantage of time zones. Time zones for monthly reports? Really? No infrastructure or application work was sent offshore. Appropriate security measures were taken.

Well, who — other than the department — knows how important the information is in IRD’s monthly management reports. One assumes that it’s about trends.

Much of the concern expressed about offshoring is the potential for the misuse of financial data. A case in point last year concerned several UK banks. The Sun newspaper uncovered a network of call centre workers in Delhi selling confidential information that included addresses, passwords, credit card details, passports and driving licence information. In another case, a worker at HSBC’s Bangalore call centre was charged with hacking into computers and breaching confidentiality agreements and privacy laws. According to press reports, around $650,000 was stolen from the accounts of 16 UK customers.

Which raises the issue of data masking. In a briefing paper last year, the Forrester Group pointed out that while most enterprises secure production data when dealing with private data, only a few secure such data when it’s used for application development and testing or when it’s sent out to outsourcing or offshore vendors.

Forrester said all enterprises should look at data masking technology that can help protect private data in test environments or when sent to an outsourcing or offshore vendor.

Data masking is a technology that helps conceal real data by creating new, legible data but retaining the original data’s properties, such as width, type and format. Typically, organisations make a copy of production data and use that for testing and quality assurance purposes, largely because applications need data for testing.

“Though most enterprises rely on trust when outsourcing or offshoring data, data masking technology helps conceal private data, thus protecting it from being misused or getting stolen,” says Forrester analyst Noel Yuhanna.

Forrester predicts that 35% of US enterprises will be implementing data masking by 2010, led by the government, financial services and healthcare sectors.

The idea of data masking is not new but applications have become more complex and increasingly interdependent, complicating the process. Anecdotally, it is used by few organisations in New Zealand when it should probably be part of any database management system strategy.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]