Can You Trust Outsourcing Companies with Data Protection?

Cybersecurity is one of the most serious business risks nowadays, and not just for IT companies but for any company on the market, as more and more companies are starting to use complex information systems, mobile technologies, and cloud and implement Bring Your Own Device (BYOD) practices.

Globally, cybercrime costs businesses $375 billion annually, according to McAfee’s report “Net Losses: Estimating the Global Cost of Cybercrime.” IBM estimated that a single data breach would cost a US company $3.5 million. The most targeted industries are finance and insurance, manufacturing, information and communication, healthcare, and retail and wholesale.

The results of the Global Information Security Survey by Ernst & Young are clear-cut: 57% of respondents consider their own employees to be the main threat to information security and source of data breaches. In its Global State of Information Security Survey 2015, PricewaterhouseCoopers (PwC) also named employees “the most-cited culprits of incidents,” saying that the number of respondents who point the finger at current employees for data breaches jumped by 10% over 2013.

Here, we should understand that we are talking not only about intentional security breaches and data leakage but also about other reasons employees are/might be at fault in the loss of information. These reasons include (but, of course, are not limited to) inefficient information security arrangements and company policies and human recklessness. Additionally, we should consider the BYOD trend where employees use their own devices to access corporate networks and information, increasing the risk of data leakage because of additional risk factors, such as mobile malware, unauthorized access, theft, device loss, etc. You can read more about the risks of BYOD and using mobile devices in the business environment here.

While companies can take control of their own policies and security arrangements, they often have concerns when it comes to outsourcing certain tasks to third parties.

The IT services market has shown consistent growth in the last few years, along with the outsourcing market. According to Gartner, in 2015, the worldwide IT services market will exceed $980 billion, and more than half of that volume will be due to outsourcing deals. Experts believe that by 2018, the market will exceed $1 trillion USD.

But unfortunately, cyber security risks are forecast to grow as well, and companies are still unsure of whether they can trust outsourcing providers with their confidential information. As we know, information is a key asset for a company, and being exposed to the risk of losing trade secrets, expertise, and personal data of employees and customers is something no company wants.

However, let’s take a closer look at the situation. As an outsourcing provider, we are interested in keeping our clients’ data safe. If we do not do this, we will not only damage our reputation and lose our market position, but also face lawsuits and the eventual loss of all of our clients—not exactly an ideal outcome.

Having been in the outsourcing industry for 25 years, we understand the cautiousness of companies considering using the services of an outsourcing provider, which is why we have the most rigorous security arrangements in place. The level of data protection our customers receive is in most cases higher than the level of security measures implemented by the customers themselves, and given that many of our customers are vendors of software and high-tech products themselves, that says a lot.

In addition to up-to-date security measures (anti-virus systems, firewalls, intrusion/attack prevention and detection systems, logging systems, etc.), our company uses only secured protocols (SSH, HTTPS, SFTP) for all internal and external connections. We have a complex backup system and disaster recovery system as well as a two-factor authentication system to protect remote VPN access in place.

We have a number of enforced information security policies and rules, including, but not limited to, confidential data-storing rules, rules for data exchange with customers, Internet usage rules, etc.:

  • All employees sign an NDA
  • All employees are briefed and complete information security training sessions
  • All resources are protected by access rules, so only authorized individuals have access to client information
  • Physical security provision: security badges (for employees to access the premises), visitor logs, video control system with motion-detection recording for area access and critical rooms

In the last couple of years, three of our largest clients—companies with very high information security standards—conducted independent external audits of Auriga’s security policies and measures and were satisfied with the received results.

Of course, if a customer requests, we can employ additional measures, such as dedicated servers/products/hardware, dedicated real and virtual IP address pools, and LAN segments for workstations/servers with access only provided to the team and the customer.

According to Elena Baranova, Auriga’s director of engineering,

It is important for us to constantly improve all the processes that are related to the protection of data and information. Our customers trust us with the most important information, the loss and/or theft of which would be potentially disastrous to them. It is not enough nowadays to remain stagnant in matters concerning information security. The cyber threats are developing, and the security measures should be as well. At Auriga, we make sure to use the most up-to-date security measures and tools to detect and eliminate threats and vulnerabilities and to protect information.