Outsourcing providers should prove IT security credentials

The YouGov survey found that 20% of IT managers working in large businesses believe that their outsourced systems and processes have less IT security than those based in-house, indicating a lack of confidence in the IT security of outsourcing providers, NCC Group said.

Only 64% of the IT managers at medium-sized businesses surveyed expect their organisations’ suppliers to have formal IT security procedures and policies in place, compared to 78% in large companies.

Despite these growing concerns, the separate PA International Outsourcing Survey 2009 said that 31% of companies plan to outsource more IT over the next year, suggesting that companies are more concerned with cutting costs than IT security.

Although a large percentage of IT managers are concerned about their suppliers' IT security, companies are opting for low-cost providers that cannot prove their IT security credentials.

John Redeyoff, head of 365 assured at NCC Group, said, “The security industry and IT managers are calling for suppliers to prove they are secure, yet companies choosing to outsource business critical systems simply aren’t asking the right questions, and are putting business critical functions at risk as a result.

“Businesses that fail to check their suppliers’ credentials, choosing cost and convenience over security, are investing in false economy.

“Suppliers, particularly to highly regulated industries such as banking or the public sector, need to demonstrate their commitment to security, giving reassurance to existing or potential customers that they take these issues seriously. As fast as technology develops, so does the potential for data compromises, and businesses need to be prepared to answer serious questions about their IT systems. Proving you are secure is simply good business.”

The NCC Group commissioned report surveyed 549 IT managers and directors.

What’s Hot on Infosecurity Magazine?