Outsourcing can be biggest threat to data security

The company makes the point that pundits have been highlighting lack of processes and controls as the chief threats to data security, but suggests that the trend for organisations to outsource increasing amounts of their business functions poses a bigger threat. Says Jamie Stone, ArcSight’s director of government and defence: “The protection of data remains the responsibility of the firm or government department that initiated its collection. And no outsourcing contract will allow them to argue otherwise.” Data security should be a pillar of any organisation’s business processes, he explains – but once the security responsibility has been outsourced, the focus invariably shifts towards contract profitability for the outsourcing provider. He believes the HMRC data loss was the result of “a disconnect between people and technology/business processes,” and adds: “In order to prevent future leaks, organisations with sensitive data need to document the business process required to support best practice, train IT support people and deploy the technology with all the appropriate checks and balances in place.”