Industry news

In a global environment, IT responsibilities are increasingly being outsourced and proving to be a popular tool for organisations seeking to reduce costs effectively. The number of third party personnel given long term access to organisations’ critical systems and sensitive information is growing rapidly and these third parties are becoming increasingly essential to many businesses and IT operations. They may operate a network infrastructure, maintain a web site or provide email or CRM services or perform a myriad of other invaluable IT services. Adopting outsourcing as a tool for IT processes invariably involves an organisation trusting an outside party with a variety of sensitive information, be it customer or financial data, which in turn comes with its own risks. Third parties are beginning to reap the benefits of user monitoring for their own activities within the client network, as this way they can prove what they did and did not do. Having an activity monitoring tool in place, enables third parties to increase their transparency and customers can put more trust in a third party solution provider when their activities are transparent and they can see in real time who accessed what sensitive data and what is happening in their IT systems.

What are the risks?

Almost all organisations and sectors are faced with the problem of managing security breaches caused by insider threats to vital computer assets. Giving responsibility to external IT contractors could be seen as an even greater security risk as it can potentially weaken the protection controls and increases the number of third parties having the same privileges and access rights as employees.

Without the appropriate inbuilt protections a shift to the use of outsourced IT along with the high rate of worker turnover in outsourcing can lead to an increase in vulnerability for organisations, ranging from the loss of intellectual property, to the possibility of high value knowledge being transferred to a competitor or other external source. This provides the opportunity for malicious actors, who have access to sensitive information which can harm the organisation and its reputation.

The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. For example, a former employee at Home Depot who was authorised to have access to computer systems, leveraged that access to obtain credit card information from Home Depot tool rental transactions.

Malicious insiders hold an advantage over an external hacker in that a company’s primary security tools are often designed to protect against external threats, not against trusted employees. A malicious insider has the potential to cause huge amounts of damage to an organisation and possesses many advantages over an external attacker. For example, they often have privileged access to facilities and sensitive information, have knowledge of the organisation, how its processes work and are able to distinguish the location of valuable assets. Insiders will know in what way, what time, where to attack and how to cover their tracks after the attack which is precisely why organisation needs to recognise the need for IT security measures for privileged users.

How to overcome the security risks of outsourcing

But what measures can enterprises adopt in order to stop their sensitive data from being compromised by these third parties? In order to mitigate this risk, it is necessary to develop stringent safeguards and integrate activity monitoring capabilities when organisations employ outsourcing contractors for their IT responsibilities. Firewalls and standard application protection are not enough for protecting against insider threats. When trying to reduce the risk of sensitive data being compromised, adopting a holistic view to IT security can benefit the organisation. An approach which organisations are adopting in order to close the blind spot of traditional security monitoring tools and uncover risks that many security tools cannot identify, is through the use of examining a user's behavioural patterns. This is carried out through analysing how we interact with IT systems which can leave a recognisable fingerprint that can then be detected. Users log into to the same applications, do the same things while working and access similar data. These profiles are then ‘learned’ and can be compared in real-time to the actual activities of a user to detect irregularities and differences in behaviour. Once the abnormalities are detected, counter actions can be applied to stop an ongoing attack or to investigate the event further.

Malicious insiders have been proven to behave differently compared to normal employees. If a resigned employee of the outsourcing company plans to steal company data, real-time user behaviour technologies enable organisations to detect this abnormal activity and will alert the relevant security team in real-time for further investigation. By detecting deviations from normal behaviour and assigning a risk value, it helps companies focus their security resources on the most important events and also allows them to replace some controls, yielding greater business efficiency. Adding more tools that restrict users won’t make your company safer, it will just make your employees less productive.

As well as identifying the unusual activities within a system, the reaction to this unusual activity is important when trying to significantly reduce the time a malicious attacker has before any counter measure is taken. By utilising different machine learning algorithms which work autonomously, organisations are now able to learn about user behaviour quickly and efficiently before it’s too late. In the majority of attack scenarios, the high-impact event is preceded by a ‘reconnaissance phase’. The swiftness of detection and response to this phase is critical when preventing any further high-impact activity from occurring. Likewise, being aware of the normal habits of high risk users is also valuable.

As outsourcing continues to gain in popularity, the threat of malicious insiders will grow in. However with the right security software in place to monitor the activity of these third parties, it is possible to mitigate the risks of opening up your sensitive data to outside agencies, as well as ensure compliance with regulations requiring the careful monitoring of data access.

www.balabit.com

Hewlett-Packard CEO Meg Whitman has announced that HP intends cut a further 25,000-30,000 jobs in the near future, as part of HP’s restructuring into two separate companies and in reaction to rapid changes in the technology market.

“As new technologies come in, we’ve got to restructure [our] labour force to low-cost locations, to much more automation than we have today,” she commented in an interview with CNBC.

HP expects to ultimately save roughly $2.7 billion a year as a result of the planned changes. The company also expects its share of workers employed outside of the United States to grow from 42 per cent today to 60 per cent by 2018.

The news comes at a time when robotics in particular is in the limelight, with both Sky and the BBC producing special reports on how robotic automation is like to impact on the workplace over the coming decade.

For weekly news updates, subscribe to our email newsletter.

Do you want to learn more about how robotics will shape the future of outsourcing?

The EOA Leadership Summit on 8th October in Lisbon features an open workshop on integrating automation in your organisation and driving customer-centricity. Book your place today!

Groupe Acticall has announced that it has completed its acquisition of Sitel Worldwide Corporation.

The deal, which was originally announced mid-July, will see Sitel continue to operate as an independent brand owned by Acticall.

Over the past two years, Sitel’s top line growth has been poor when compared to its global competitors – analysts have speculated that Groupe Acticall’s strong CRM experience should have a positive impact on Sitel’s revenue performance.

For weekly news updates, subscribe to our email newsletter.

Related: Serco sells Indian BPO unit to Blackstone with £100 million loss

The Ministry of Justice’s attempt to replace G4S and Serco as the service providers responsible for the electronic tagging of criminals has failed, the Financial Times has reported.

After the two suppliers were found to be overcharging the government for the offender-tagging service, the contract was handed over to Capita, valued at £400 million over the course of six years. However, the FT claims that this contract has not yet been successfully delivered, meaning G4S and Serco are still providing, and being paid for, tagging services.

G4S has been paid a total of £8.7 million for electronic tagging since March 2014, with Serco making £4.5 million off the service over the same period of time.

For weekly news updates, subscribe to our email newsletter.

Related: G4S awarded new security contracts in Afghanistan and Iraq

A committee comprised of members of West Sussex County Council has met to discuss how the council might improve interactions with its customers, including how to deliver a more consistent service, improve online capabilities and reduce the number of phone calls received by the authority.

Unsurprisingly outsourcing may be central to these plans, which has caused concerns among representatives from public service union Unison. The council currently outsources its contact centre services to Capita, and new plans to improve customer service may affect up to 470 staff, who may be offered the chance to move to part time contracts or take up full time employment with Capita.

Dan Sartin, Unison branch secretary, claimed he was worried that giving any further work to Capita would make the contract “too big to fail”; he also asked “why are we not looking harder at how we can do these things in-house?” but reportedly did not offer further suggestions for how this might be done.

Many councils across the UK are finding outsourcing to be the preferable solution for both meeting austerity measures and improving services; it is often easier to improve customer experience with the assistance of a company that specialises in providing customer support across a wide variety of sectors.

For weekly news updates, subscribe to our email newsletter.

Related: CGI paid £186 million to transform IT services for Edinburgh Council

In a bid to increase focus on work related to the public sector, Serco has finally managed to offload its Indian BPO unit to private equity firm Blackstone for £250 million.

Serco originally bought the unit - known as Intelenet - from Blackstone in 2011 for £350 million, making the sale price £100 million less than that of the original purchase. However, the successful deal has caused Serco shares to rise by 4.4 per cent, increasing the service provider’s chance of stabilising after a rocky 2014.

The sale of Serco’s Indian BPO unit was expected to be concluded back in June – the fact that Serco failed to meet this target had led to speculation that the group might search for alternative ways to derive value from the business. It was thought that the original failure to sell was due to the asking price being too high, causing Blackstone to briefly drop out of the race to buy back Intelenet.

For weekly news updates, subscribe to our email newsletter.

Related: Serco secures £85 million Norfolk and Norwich University Hospital extension

Vodafone India is in talks with IBM over the renewal of a $1 billion contract due to expire in June 2016, Economic Times India has reported.

However, Vodafone is also on the verge of issuing a request for proposals from other vendors, with Wipro, TCS, Infosys and Tech Mahindra all thought to be in the running to replace IBM as the sole service provider for the contract.

Sources close to Vodafone India have suggested that the company is not interested in potentially dividing the contract between a number of suppliers, as some of its competitors have done.

The contract involves the provision of Vodafone India’s application development and its IT network. While also trying to hang onto the contract, a source told Economic Times India that IBM is also trying to sell Vodafone its data analytics solution as an addition to the current package.

For weekly news updates, subscribe to our email newsletter.

Related: BT seeks High Court injunction to prevent Cornwall Council contract termination

In an interview with The Register, newly-instated Head of the Police ICT Company Martin Wyke has indicated how the UK’s police might go about reducing its hefty £1 billion-a-year IT bill.

The Police ICT Company was established in June 2015 after a four-year gestation period; Wyke has previously worked as CIO for the likes of TalkTalk, Virgin Media and Debenhams, and is expected to apply his expertise first and foremost to saving money for police departments across Great Britain.

The organisation’s official aim is to cut at least £150 million a year from the police’s spending on IT-related services, with Wyke claiming that he can reduce IT spend by 10 per cent by 2020, shaving £100 million of the police’s current IT expenses.

He expects to do this primarily by transforming procurement procedures, consolidating licensing contracts and cutting down on the number of data centres currently used. However, the most substantial savings are likely to come from people: Wyke believes that there are a high number of role duplications across the UK’s 43 police forces, which will also be consolidated over the next five years.

On the subject of outsourcing, Wyke stated that it would certainly have “a role to play” in the future of police IT, but refrained from elaborating: “There are certain functions that I would be happy to see outsourced, and others that would be better to keep in-house," he said.

Wyke also declined to comment on the Met’s recent decision to outsource a variety of back office services to Shared Services Collected Limited, in a contract valued at £216 million.

For weekly news updates, subscribe to our email newsletter.

Related: Government Department for BIS ends contract with SSCL, the Met’s new outsourcing partner

G4S has been awarded a £100 million security contract to protect diplomats at the British Foreign and Commonwealth Office in Afghanistan, along with a two-year extension with Basrah Gas Company in Iraq.

In Iraq, the global service provider will provide Basrah Gas Company with 500 staff and 220 armoured vehicles in order to protect two gas plants, a liquefied natural gas storage facility, shipping terminal and pipelines.

G4S is the world’s largest security company and “high risk” accounts, such as the above, account for approximately three per cent of its operations. However, this has risen by 50 per cent over the past year, as the firm has increased its marketing as a supplier of security for corporates in war-torn areas.

For weekly news updates, subscribe to our email newsletter.

Related: Goldman Sachs advises investors to sell G4S shares

In a documentary broadcast last night on BBC Panorama, reporter Rohan Silva investigated the robotic and automation revolution, and its impact on the UK.

The 30 minute programme, available on BBC iPlayer (click here), included interviews with a range of industry experts, all of whom agreed artificial intelligence (AI) was changing the world and the workplace as we know them. The speed of technological change is rapid and, according to the Massachusetts Institute of Technology (MIT), artificial intelligence is about to advance faster than anyone previously thought possible. To illustrate this exponential growth, one analyst featured on Panorama said that today a child’s PlayStation is more powerful than a military super computer from 15 years ago.

The programme picked up on Deloitte research, quoting that over 800,000 jobs have been lost to automation in the UK over the past 15 years, but that that there is “equally strong evidence to suggest that it has helped to create nearly 3.5 million new, higher-skilled ones in their place”.

Angus Knowles-Cutler, Senior Partner at Deloitte, was interviewed on the programme and stated that 1/3 of today’s jobs in the UK are at risk of bring automated over the next 10-20 years (a total of roughly 10 million jobs). He went on to say that, since the year 2000, over half of the secretarial, travel agent and librarians jobs have disappeared in the UK.

Statistics featured on the documentary from Deloitte and Oxford Economics suggested that telesales agents, typists and bank clerks have the highest probability of being replaced next. In addition to this, jobs that pay £30k or less at the moment are five times more likely to be replaced by technology than jobs that pay £100k or more.

Virgin Trains was also featured on the programme, due to its use of AI in conjunction with its customer service. Christian Clarke, Customer Service Manager at Virgin Trains, said the aim was not to reduce headcount but to dedicate more time on the customer, as opposed to time-consuming administrative tasks.

Although Deloitte claimed jobs lost to automation were being redeployed, Rohan Silva argued that those losing their lower level, paid jobs to automation were not the same people benefiting from the more highly skilled work becoming available. He also highlighted the importance of future-proofing children and educating them on the change of skills required in the workplace – focusing on the jobs computers can’t do - but equally he argued that adults should also be supported. Baroness Morgan said there hasn’t been enough time, money or investment into the availability of training following formal education.

Rohan Silva finished by suggesting that we should look at the positives technology can bring, but they will only be possible if training and skills advancement are universally available.

Read the full Deloitte report.

Do you want to learn more about how robotics will shape the future of outsourcing?

The EOA Leadership Summit on 8th October in Lisbon features an open workshop on integrating automation in your organisation and driving customer-centricity. Book your place today!