Data breaches are up by 49% in 2014 according to the Breach Level Index (BLI), a global database of data breaches. The most number of data breaches were in North America (76%), followed by Europe (12%), and the Asia-Pacific region (8%). Hacking by malicious outsiders is seen as responsible for 55% of the total breaches while accidental loss is responsible for about 25%. Malicious insiders and state-sponsored attackers contribute 15% and 4% respectively. The recent flood of high-profile breaches such as Sony Pictures has brought the necessity of implementing strategies and tools to evaluate vendor risk and manage the security of sensitive data outsourced to third parties.
A number of factors in the emerging outsourcing scenario have contributed to the complexity of data security in the outsourcing space.
IT governance and risk management: Data loss through theft, non-compliance, obsolete IT architecture, service delivery problems, down time, and lack of productive and systematic IT integration with the business are some of the significant challenges faced by companies. Creating a conducive and accountable company culture to effectively manage and mitigate these risks and treat them at par with and as part of the enterprise wide risk management is an important first step by the organizations.
Big data and analytics: 62% of respondents found it difficult or very difficult to protect data when dealing with big data, hybrid cloud and mobile devices. Tracking and storing of customer data is being enabled by an increasing usage of connected mobile devices and embedded technology. Incidentally, data on the move accounts for 7.9% data breaches. Although invaluable in terms of business intelligence and customer insights, it also leaves customer’s personal and financial data vulnerable to misuse by unauthorized access and data security breach.
Vendor outsourcing: More than 60% of data breaches might be linked to a third party responsible for IT system support, development, or maintenance. While making an outsourcing decision, businesses need to ensure that the service provider has the infrastructure and technology backup to deliver optimum productivity; also ensure the provider shares your data and IP security concerns and has standardized measures in place to protect your data security. Most clients tend to focus on cost and service level agreements, without due importance being given to data security.
The risk of the cloud: As cloud computing becomes an important aspect of technology-enablement for organizations, it also increases the risk in terms of compliance and governance of data. Transferring and storage as also data computation is governed by country-specific laws and compliance policies. However, as multisourcing becomes the norm, data is distributed and aggregated across multiple providers across geographies leaving it open to privacy and risk concerns. The absence of an adequate collaborative framework between multiple players and lack of standardized protocol for sharing, communicating and contractual protection can create a complex situation in terms of data security.
Infrastructure and staff allocations: Global spending on data center technology infrastructure and services crosses $350 billion each year, according to a McKinsey report, with one half being expended on products and the other half on services and labor. The complexity and scale of cyber threat management requires continually updated skills and strategizing which can prove untenable on an ongoing basis, particularly for SMEs.
As businesses increasingly face the complexity of data theft and loss, IT leaders are considering the need for managed security services, with more than a quarter actively deciding to opt for outsourcing some or all of their IT security functions to a managed security service provider. The option of outsourcing to managed security services is driven by affordable, high-performance, multi-threat security solutions along with 24-hour risk mitigation.