Industry news

When it comes to safeguarding data, third-party partners, such as business process outsourcers (BPOs), have emerged as de facto extensions of the modern enterprise organization.

In today’s modern enterprise, intangible assets such as intellectual property, customer information and other critical data account for more than one-half of the organization’s value worldwide, according to Brand Finance, a consultancy specializing in the valuation of intangible assets.

Enterprises are increasingly entrusting these assets to external partners, with 57 percent of those studied sharing critical consumer information with third parties or BPOs, according to research from the Ponemon Institute. Further, global IT outsourcing now amounts to a $287 billion market that’s growing at a compound annual rate of 6.5 percent, according to Gartner.

However, businesses are encountering significant risks. Nearly two-thirds, in fact, have repeatedly experienced a breach of consumer data that had been outsourced to a vendor, according to the Ponemon study. In 56 percent of the cases, companies discovered the breach by accident, in contrast to just 27 percent of cases that were revealed by security/control procedures.

Overall, 28 percent of threat incidents are attributed to third parties, up from 20 percent in 2010, according to PwC. Despite the trend, less than one-third of organizations require third parties to comply with their policies. Three-quarters have not developed a complete inventory of all third parties that handle personal data relating to employees and customers. Roughly one-half say they do not or are unsure whether they monitor the security and privacy practices of the vendors with which they share sensitive or confidential consumer information on an ongoing basis, Ponemon reports.

Meanwhile, only 43 percent of vendors can demonstrate proof of reasonable security practices and a mere 21 percent continuously train their security teams. Vendors are also falling short on encryption, as only 43 percent of those studied encrypt sensitive data in motion and at rest. That could stand out as the most glaring of lapses, because data-centric encryption, particularly as it applies to the sharing of data and intellectual property, is proving to be business-critical.

Encryption solutions exist that enable companies to maintain full administrative control over the files and data they share with their partners, outsources and network of stakeholders. Outsourcers need to leverage object-level, data-centric solutions that ensure shared data is secured whether on-premise or in the cloud, accessed by a desktop or mobile device. Indeed, BPO partners can gain a distinctive advantage over competitors by effectively deploying object-level encryption. In doing so, BPOs will convey a more substantial security posture by locking down vulnerable data at the cross-border and network level.

To be clear: BPOs should not abandon traditional, perimeter-based tools such as firewalls, endpoint-protection products and anti-malware solutions, but their mindsets should transform from perimeter-centric to data-centric. Through object-level encryption, security follows the flow of data instead of the flow of the network. Thus, when hackers gain access to third-party systems (and they will), they’ll conclude that the “plunder” within – the data – is useless due to the advanced key management, identity oversight and policy implementation characteristics of object-level encryption.

With proper key management, teams designate a unique key for every data file with on-device encryption. Then, identity oversight determines who receives the key, to verify that the users in question merit the access. The policy component of this three-layer “cake” imposes authoritative control over any and all data. Security teams and business leaders define access controls down to the smallest details – including what can be printed, what can be called up on “view only” and whether copy-paste restrictions apply. These teams and leaders can view file history and – if it’s necessary for data protection – immediately revoke availability.

One simply has to read the most recent headlines about breaches to comprehend the urgency at hand. The 2013 Target hack, of course, stands out as a textbook example, as cyber criminals stole network-access credentials from a heating, air conditioning and refrigeration contractor hired by the mega-retailer.

That’s why encryption must play the leading role in safeguarding the enterprise’s data. Adversaries, after all, aren’t plotting their next network attack in the interest of a sporting challenge. They want to grab the data inside of the network and exploit it to its maximum potential. When the strategies of outsourcers and their client organizations focus on object-level encryption, hackers discover that the data is as worthless to them as Monopoly money – paving the way for the partnership to endure in a productive, secured manner.

Sources:

- Brand Finance information

- Ponemon study

- PwC study

- Gartner outsourcing forecast

For more articles like this, subscribe to our email newsletter.

Transport for London (TFL) has chosen 12 suppliers to be included in its IT solutions framework. The group consists mostly of large organisations who have previously worked for the government, such as Sopra Steria, CSC, Atos, BAE, Capita, Deloitte and CGI.

According to TfL CIO Steve Townsend, its “information management team undertook a major review of how IT services were delivered across the organisation with the aim of providing more effective services that add value to the operating businesses". The framework will provide the “project teams with a pre-approved list of suppliers who can bid for a particular category of work”.

The framework is valued between £80m and £95m, and will last for two years. Services to be provided include business change, consultancy and advice, cyber security, design, implementation, project delivery and project management services.

Only one of the chosen providers, Keytree, is considered an SME – Keytree’s achieved a turnover of £17.5m in 2014 – causing complains that the government has contradicted its 2011 pledge to conduct 25 per cent of its business with SMEs.

For weekly news updates, subscribe to our email newsletter.

Related: Transport of London awards ICT contract to Computacenter

United Airlines has decided to suspend its outsourcing programme – which involved the outsourcing of baggage-handling, check-in services and other customer service jobs at some airports – until at least the end of 2016.

This U-turn decision was made by new United CEO Oscar Munoz, who took over from old chief executive Jeff Simsek in September. The move has been described as a “charm offensive” in order to win over disgruntled employees and customers.

The original outsourcing plans, made earlier in 2015, were intended to cut $1 billion in costs over the next two years, and involved the planned outsourcing of up to 2,000 jobs. These plans were preceded by previous attempts to outsource ground staff in 2013 and 2014 across almost 20 airports.

For weekly news updates, subscribe to our email newsletter.

Related: United Strikes Deal with Machinists Union

EVRY, one of the largest IT companies operating in the Nordic region, has signed a £355m deal with nine Norwegian banks to supply banking and IT solutions. The nine banks are a part of a joint collaboration agreement, where Haugesund Sparebank will act as the manager of the contract.

The IT giant is expected to deliver next-generation core banking and payment solutions, which take into consideration both the intensification of regulatory demands and the growing expectations on the part of consumers for a personal and interactive digital experience.

The agreement is also expected to help the nine banks in achieving considerable savings in the five-year period covered by the contract. According to Knut Grinde Jacobsen, Chair of the Board of the DSS alliance, the agreement will “strengthen [their] position as competitive local banks in the regions where we operate in the years ahead”.

EVRY is a part of the Banking Industry Architecture Network, which has established a model for Service Oriented Architecture with standardised service definitions, levels of detail and boundaries. This will ensure that the new solutions will be consistent with international requirements and best practice.

For weekly news updates, subscribe to our email newsletter.

Related: Capgemini to provide Nationwide with enhanced IT services until 2020

With the ambitious aim of achieving almost £40m in savings over the next decade, four councils – Cheltenham Borough Council, West Oxfordshire District Council, Cotswold District Council and Forest of Dean District Council – have agreed to expand their shared services.

The four councils already share HR, finance and payroll service. ICT, building control, legal and customer services have now also been added as part of the deal.

The project is part of the “2020 Vision” programme target, which aims to achieve savings of £38m across the four districts, taking into account the support of a £3.8m grant from central government. Patrick Molyneux – the leader of Forest of Dean District Council – has publicly acknowledged that this initiative “makes a lot of sense”, since it enables the councils to provide efficient services while saving money over the coming years.

For weekly news updates, subscribe to our email newsletter.

Related: Birmingham looks to replace citizen registration system

Polaris Consulting & Services Ltd is planning to offload its BPO business.

This branch, which represents only 1 per cent of the company’s revenue but employs 15 per cent of its workers, is no longer seen as a core operation. It’s a seven year old venture with around 1,000 employees across India – Guragon, Hyderabad and Chennai – throughout its call centre facilities, which offer support to banks and telecom companies.

Nevertheless, the BPO business failed to deliver the profits expected. Therefore, with minds set on the expansion of Polaris’ core business, the board of directors is now looking to sell.

For weekly news updates, subscribe to our email newsletter.

Related: The Evolving Role of Rapid Automation in Business Process Outsourcing

Birmingham City Council (BCC) has launched a tender process in order to find a supplier to replace its online citizen registration system.

The Council wants a secure system which will enable citizens “to create their own account and securely access a range of services across the council either within the portal or by providing seamless secure sign-on into online modules for services such as benefit applications”.

The BCC will test supplier’s offers with their existing services in order to assess the possibilities and limitations of their systems. With this tender process, the Council is seeking solutions for a number of general and technical issues related to their existing online account solution.

This is a great opportunity for major and minor service providers alike, enabling them to demonstrate the full potential of their modern digital services.

For weekly news updates, subscribe to our email newsletter.

Related: Hampshire County Council seeks private cloud supplier in £75m deal

An agreement has been reached between the Cabinet Office and software firm Collabora Productivity, for the provision of a new range of open source applications for desktop, mobile and cloud.

Crown Commercial Services (CCS) has praised the quality of Collabora’s services, which will allow the Cabinet Office to replace existing office applications with improved software at a very competitive price.

The new software includes two products: Collabora Office and Collabora CloudSuite. This deal, as well as saving the tax payers money, is expected to reduce the government’s reliance on a small number of large suppliers, making it potentially less prone to outsourcing scandal.

For weekly news updates, subscribe to our email newsletter.

Related: Government Department for BIS ends contract with SSCL, the Met’s new outsourcing partner

A tendering process – with a deadline of 25th November – is being held by Hampshire County Council, who are looking to find a private cloud supplier.

The Council intends to expand its shared service offering and is aiming for a five-year contract, worth £75m, with the possibility of being extension for another two five-year periods.

Other public sector bodies – who share several services with the Council – would also be allowed to make use of the contract. It is thought that major service providers, including Atos, Capita, Sopra Steria and others, may consider making bids.

For weekly news updates, subscribe to our email newsletter.

Related: Gloucester City Council expands Civica contract after achieving savings of £200,000 a year

Procurement departments are becoming more important for adding value and contributing to growth against the rising cost pressures faced by several mature industries.

Supply Management suggests that the way forward “is to ensure they are integrated into the complete procurement process”. Therefore, handing more responsibility to procurement departments can result in many benefits - not only the promotion of tighter and more transparent relationships between companies and suppliers, but also increased savings and efficiencies for the client company.

However, these processes are affected by many issues – which include risk management, product development and quality of supply. However, they also offer many opportunities, such as the promotion of digitalisation, and higher internal and external performance as a consequence of the procurement processes.

In order to add value and contribute to growth, procurement must be involved earlier in the supply process, producing internal and external benefits such as improving the internal communications, flexibility regarding suppliers and innovation, risks mitigation and higher savings.

For weekly news updates, subscribe to our email newsletter.