According to a survey of 1,000 chief information security officers, 59 percent of companies experienced third-party data breaches, which is not surprising considering the frequency by which providers who secure data are attacked.
How to protect companies from 3rd party data breaches
(The Philippine Star) - September 2, 2019 - 12:00am

MANILA, Philippines — Outsourcing to third-party service providers is always a viable, if not inevitable, option for organizations especially regarding IT-related business functions where data is mission critical. The prospect of time and cost-efficiency and the ability to enlist others’ expertise in highly specialized fields is immensely enticing. However, handing over the reins to an outside party especially for tasks like data collection, analysis and storage comes with a risk, often at the expense of both finance and reputation.

According to a survey of 1,000 chief information security officers, 59 percent of companies experienced third-party data breaches, which is not surprising considering the frequency by which providers who secure data are attacked. Why wouldn’t they be, their data security capabilities may be far superior compared to their clients, but once attackers gain unrestricted access to their network, the culprits get the data of all their clients. Now that is working smart but in a bad way.

Fortunately, this and other risks associated with IT outsourcing can be mitigated by focusing on three important factors in the partnership: the capabilities of the provider, the proper laying out of the agreement between the parties and constant communication.

Choosing the best partner

A thorough examination of a provider’s track record is a must before making any outsourcing deal as this says a lot about their credibility. An organization can conduct its own background check by seeking reviews about the provider, whether through professional experience or even just online. A quick Google search can shed light into the credibility and capabilities of a provider, as this can give information about their solutions and how their clients benefitted from them, among others. Furthermore, searching for legitimate news about them and their executives are a diligent practice as this would show their success stories and current activities.

 Since capabilities are an important measure, interested organizations may initially ask the potential third-party partner for a paid trial period of their services to further gauge their performance. Testing the solutions firsthand can help remove any issues in compatibility between the provider’s services and the hiring company’s processes.

Be as meticulous as possible

The entire process of outsourcing hinges on the service level agreement (SLA) between the parties. A well-defined SLA outlines the boundaries of the partnership in terms of the functions and services that the provider will deliver. Usually, the SLA covers a number of areas, including but not limited to the functions of the provider, standards by which service is measured, quality of deliverables, volume of work to be accepted and delivered, and steps to take if and when functions aren’t met.

In crafting the SLA, the hiring company should be utterly meticulous, even going as far as assuming everything that might go wrong will go wrong. While having more instructions may look restricting, this will be beneficial if a disaster happens since they’re covered under the SLA. For instance, if a data breach did happen and mission critical information was stolen, then the hiring organization should be able to expect the security provider to take the agreed necessary steps to reduce damage. However, if such steps aren’t fully outlined in the SLA, the hiring organization not only suffers losses but won’t get any recompense from the third party in return.

Keep in constant touch

It goes without saying that communication is critical when it comes to any type of business partnership. Without communication, things may get out of control once parties no longer know what is going on and therefore cannot steer things in the right direction. It doesn’t even have to be a face-to-face meeting all the time. Calls or teleconferences to maintain a healthy outsourcing partnership are enough.

When done correctly, the benefits of IT outsourcing still outweigh the risks. All it takes is proper preparation even before the partnership is started. While primarily done to cut costs, outsourcing should be a strategic move for a company. Tasks that are too repetitive or are way out of their core strength are best outsourced to professionals with proven track record on expertise, quality service, and robust technological capabilities. It is especially critical for industries that generate tons of data, the world’s most valuable commodity today. — Niño Valmonte is the director for Marketing and Digital Innovation at IPC. IPC is an ePLDT company.

  • Latest
Are you sure you want to log out?
Login is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

or sign in with