Seclore InfoSource - Security Concerns in Outsourcing

Views:
 
Category: Entertainment
     
 

Presentation Description

http://www.seclore.com/ : The webcast looks at typical information security issues faced in outsourcing, their causes possible remedies. It also introduces Seclore InfoSource, a secure outsourcing technology for “end to end encryption” of information shared with outsourcing partners. Seclore InfoSource introduces an easy to integrate method in existing business processes and involving minimum changes in infrastructure.

Comments

Presentation Transcript

PowerPoint Presentation:

Security concerns in outsourcing An Introduction to Seclore InfoSource Abhijit Tannu CTO www.seclore.com

The problem:

The problem

The problem:

The problem

The problem:

The problem

The problem:

The problem

The problem:

The problem In 2010, the total size of the outsourcing market is expected to be about USD 154B ~USD 1.9B will be spent on proactive and reactive actions on information breaches An average breach costs an enterprise USD 6.75 M in direct costs

The risks - Human:

The risks - Human Each person in the chain of outsourcing process handoffs represents a “risk” * High man power churn typical to the industry = Mother of all HR problems !! This element of risk is indispensable, intelligent, adaptive and prone to greed !

The risks – Legal and compliance:

The risks – Legal and compliance Legal cover for malfunction for any of the risks is critical Outsourcing process is typically under compliance norms of various country specific norms, compliance frameworks and cross border data flow agreements Liability is largely spread across multiple entities and reputation risks are not covered Insurance is at-best, high cost !

The risks - technology:

The risks - technology Information through the lifecycle of creation – storage – transmission – use – archival & deletion represents one of the biggest risks Multitude of information systems with hand offs have shown themselves to be prone to breaches Controls are typically built into individual applications

Information exchange in outsourcing:

Information exchange in outsourcing Remote application access is provided Vendor may be part of same network / domain Vendor may be complete disconnected. ENTERPRISE Outsourcing partner Firewall VPN Network Outsourcing partner Disconnected Network Outsourcing partner VPN Remote Access

The underlying issues:

The underlying issues Share it = It becomes his (also) Usage and access control separation is not possible Share it once = Share it forever No possibility of information “recall” if relationships change Out of the firewall = Free for all Only legal contracts protect information outside the “perimeter”

Illustration:

Illustration Bank BPO BPO Employees doing data entry Bank Employee Kay Bank outsource it’s data entry work to a remotely located business partner IntServices Pvt Ltd

Illustration:

Illustration Bank BPO BPO Employees doing data entry Bank Employee Certain documents are scanned and image files are sent by a bank employee to the business partner via a secured FTP connection.

Illustration:

Illustration Bank BPO BPO Employees doing data entry Bank Employee Different employees process the scanned image files to enter data into excel or database files. These files are sent back to bank via secured FTP.

Illustration:

Illustration Bank BPO BPO Employees doing data entry Bank Employee Confidential data may be leaked by one of the employees to a telemarketer. Telemarketer

A new concept in secure collaboration:

A new concept in secure collaboration Right Location Right Time Right Action Right Person Users from bank as well as outsourcing partner can access protected information provided it is - Right Person : Only pre-identified authorized persons / groups Right Action : Action performed by the processing application – View / Edit / Print / Full Control Right Time : Within the stipulated time Right Location : Only pre-identified trusted machines / applications Defined by the enterprise Outsourcing partner

Illustration - After :

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Kay Bank outsource it’s data entry work to a remotely located business partner IntServices

Illustration - After :

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Certain documents are scanned and image files are protected & sent by a bank employee to the business partner via a secured FTP connection.

Illustration - After :

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Different employees process the scanned image files to enter data into excel or database files. These files are sent back to bank via secured FTP.

Illustration - After :

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee Telemarketer In case anyone attempts to make copies of the information and send it to an unauthorized user / location, the information becomes inaccessible

Illustration - After :

Illustration - After Bank BPO BPO Employees doing data entry Bank Employee After legitimate use, Kay bank can ensure that information shared with or generate by Intservices is destructed

Introducing Seclore InfoSource:

Introducing Seclore InfoSource A technology for defining and implementing usage policies on information before sharing Granular usage policies can define … Right person, Right action, Right time & Right location of usage Policies are persistent and travel with the information wherever it goes

Introducing Seclore InfoSource:

Introducing Seclore InfoSource ENTERPRISE OUTSOURCING PARTNER “Hot Folder” with pre-defined permissions for usage Email, Web, FTP, Fileshare Processing Application

Introducing Seclore InfoSource:

Introducing Seclore InfoSource Outsourcing Partner Source Application Processing Application Enterprise Processing Application Hot Folder Anywhere else

PowerPoint Presentation:

About … Seclore is a high growth information security product company focussed on providing Security without compromising collaboration Seclore’s flagship product Seclore FileSecure is used by More than 1 million users & some of the largest enterprises . . .

PowerPoint Presentation:

26 What customers say about us … Senior Vice President and CISO, HDFC Bank. "In today’s world, where the boundaries of the organisation’s functionality are disappearing, we are dependent on different business providers to process our customer information. Given that requirement, we still want to control how that information is used and processed by the service providers. Seclore’s technology has allowed us to do that." - Vishal Salvi, CISO

PowerPoint Presentation:

27 Want to know more … Website : www.seclore.com Blog : blog.seclore.com Email : info@seclore.com Phone : +91-22-4015-5252

authorStream Live Help