Lack of Diligence Lead to Security Breach in IT Outsourcing Deals

According to 2013 Global Security Report by Trustwave, 63% of 450 suspected data breaches they analysed involved IT outsourcing providers.

However, outsourcing itself is not the culprit. Instead, bad decisions from both IT buyers and outsourcing providers were to blame.

Director John Yeo of Trustwave's SpiderLabs unit in EMEA (Europe, The Middle East and Africa) said that IT buyers don't practice due diligence. Security, and those responsible for it within the organisation, are not part of the procurement process.

"The third-party evaluation process tends to be focused on costs and service level agreements (SLAs), without security being a real consideration," Yeo said.

On the other hand, the report found that in most cases service providers don't have experience with security attacks or ignore security requirements because of cost and inconvenience.

"Many third-party suppliers leave the door open for attack, as they don’t necessarily keep client security interests top of mind,” the report said.

The report warns that both parties can only achieve cost savings when there is no security breach. Businesses should identify the security risks involved with IT outsourcing, and work to reduce those risks.

Access the 2013 Global Security Report Here.