 |
| A Tech Partnership demonstrating threat management analysis |
In the past recent years, given 20 years and so, outsourcing has manifested itself has a business trend all over the world as more business turn to this tool with obvious choice to reduce costs. Hence the companies have seen numerous departments/functions that can be outsourced such as human resources, customer service and the company’s information technology functions.
With the recent assenting to regard data/information as company assets outsourcing IT functions must be given a careful consideration as a riskier practice that must be carefully chosen if implemented. It can be safely argued with no doubt that offshoring or outsourcing some functions is a potential threat to the cybersecurity of of the system and organisation.
Outsourcing organisation’s functions poses a variety of security concerns. When an organisation outsources some functions the authorised number of access to company’s material, equipment and IT asset increases which in return increases the surface of a breach.
Beginning with confidentiality and privacy through total loss of system control. When an organization outsources its functions to a third party, it loses its confidentiality because the information stored on computers is now accessible to a third party. A third party breach means a breach to the offshored organization. It means information stored for employees and clients is also breached. This is tickling down from the outsourcing to the offshoed and down to its employees and clients revealing a large potential area.
Imagine the FBI outsourcing a private firm to install access controls, authentication and database maintenance. The outsourcing firm gains access to all of the information that passes through the FBI computer system. This information includes financial data, agent’s records, ongoing investigation, which if released, could place the FBI organization in a serious vulnerable position.
Ultimately from the industries’ experience the controls imposed on suppliers will sadly be lacking compared with those imposed on internal capabilities. And that is the soft underbelly that can expose a business to often difficult to manage cyber risk.
Says Computerweekly
Image courtesy; Tech Partnership
No comments:
Post a Comment