Do Indian vendors take measures for data security?
Tuesday, 06 April 2010, 15:00 IST   |    2 Comments
Printer Print Email Email
Do Indian vendors take measures for data security?
New Delhi: India IT and BPO services providers are yet to understand the basic spirit behind data security even as their overseas clients worry more and more about terror strikes in India, according to a survey conducted by Forrester Research. The research found that Indian companies are confusing gadgets and technology for the real need - a culture of security. "Most vendor initiatives are merely gestures or marketing activities rather than genuine efforts at holistic change," states the report titled 'How secure is your offshore work?'. In the last few years, it is witnessed that Indian IT and BPO firms have come under increased scrutiny for data breaches. In April 2005, three former employees of MphasiS were arrested on suspicion of stealing more than $350,000 (1.65 crore) from four customers of a U.S. Bank. Similarly in 2006, a HSBC employee at Bangalore center allegedly leaked the personal information of more than 20 British customers to criminals in London, resulting in the loss of nearly 1.6 crore from their bank accounts. In response, both the industry and the government had announced a slew of measures, including passing the Indian IT Act and setting up of the Data Security Council of India (DSCI). Since then, Forrester found that most firms have implemented tools such as antivirus and antispyware, network access control, stringent user ID/password controls, and antispam etc. But Forrester says they are yet to take the tough steps. Talking to Deccan Herald, Sudin Apte, Lead Analyst said, "When asked what their top initiatives are, most security executives described what tools and new technologies they will implement. Achieving certifications, publishing policy statements, and writing white papers were also at the top of the list. Firms have taken relatively easy and client-facing steps. Their emphasis is on showcasing what they are doing to build client comfort, rather than trying to coherently reduce threats."

siliconindia