Advertisement

Mitigating third-party data breaches

By Niño Valmonte, IPC Director for Marketing & Digital Innovation

Outsourcing to third-party service providers is always a viable, if not inevitable, option for organizations especially regarding IT-related business functions where data is mission critical. 

Mitigating third-party data breaches

The prospect of time and cost-efficiency and the ability to enlist others’ expertise in highly specialized fields is immensely enticing.

However, handing over the reins to an outside party especially for tasks like data collection, analysis, and storage comes with a risk, often at the expense of both finance and reputation.

According to a survey of 1,000 Chief Information Security Officers, 59 percent of companies experienced third-party data breaches, which is not surprising considering the frequency by which providers who secure data are attacked. Why wouldn’t they be, their data security capabilities may be far superior compared to their clients, but once attackers gain unrestricted access to their network, the culprits get the data of all their clients. Now that is working smart but in a bad way.

Fortunately, this and other risks associated with IT outsourcing can be mitigated by focusing on three important factors in the partnership: the capabilities of the provider, the proper laying out of the agreement between the parties, and constant communication.

Choosing the best partner

A thorough examination of a provider’s track record is a must before making any outsourcing deal as this says a lot about their credibility. An organization can conduct its own background check by seeking reviews about the provider, whether through professional experience or even just online. A quick Google search can shed light into the credibility and capabilities of a provider, as this can give information about their solutions and how their clients benefitted from them, among others. Furthermore, searching for legitimate news about them and their executives are a diligent practice as this would show their success stories and current activities.

Since capabilities are an important measure, interested organizations may initially ask the potential third-party partner for a paid trial period of their services to further gauge their performance. Testing the solutions firsthand can help remove any issues in compatibility between the provider’s services and the hiring company’s processes.

Be as meticulous as possible

The entire process of outsourcing hinges on the service level agreement (SLA) between the parties. A well-defined SLA outlines the boundaries of the partnership in terms of the functions and services that the provider will deliver. Usually, the SLA covers a number of areas, including but not limited to the functions of the provider, standards by which service is measured, quality of deliverables, volume of work to be accepted and delivered, and steps to take if and when functions aren’t met.

In crafting the SLA, the hiring company should be utterly meticulous, even going as far as assuming everything that might go wrong will go wrong. While having more instructions may look restricting, this will be beneficial if a disaster happens since they’re covered under the SLA. For instance, if a data breach did happen and mission-critical information was stolen, then the hiring organization should be able to expect the security provider to take the agreed necessary steps to reduce damage. However, if such steps aren’t fully outlined in the SLA, the hiring organization not only suffers losses but won’t get any recompense from the third party in return.

Keep in constant touch

It goes without saying that communication is critical when it comes to any type of business partnership. Without communication, things may get out of control once parties no longer know what is going on and therefore cannot steer things in the right direction. It doesn’t even have to be a face-to-face meeting all the time. Calls or teleconferences to maintain a healthy outsourcing partnership are enough.

Mitigating third-party data breaches
Niño Valmonte, IPC Director for Marketing & Digital Innovation
When done correctly, the benefits of IT outsourcing still outweigh the risks. All it takes is proper preparation even before the partnership is started. While primarily done to cut costs, outsourcing should be a strategic move for a company. Tasks that are too repetitive or are way out of their core strength are best outsourced to professionals with proven track record on expertise, quality service, and robust technological capabilities. It is especially critical for industries that generate tons of data, the world’s most valuable commodity today.

Topics: service level agreement , digital innovation
COMMENT DISCLAIMER: Reader comments posted on this Web site are not in any way endorsed by Manila Standard. Comments are views by manilastandard.net readers who exercise their right to free expression and they do not necessarily represent or reflect the position or viewpoint of manilastandard.net. While reserving this publication’s right to delete comments that are deemed offensive, indecent or inconsistent with Manila Standard editorial standards, Manila Standard may not be held liable for any false information posted by readers in this comments section.
AdvertisementGMA-Congress Trivia 1
Advertisement