With outsourcing on the rise in the financial-services industry, there has been widespread discussion about the security of sensitive data. As we all know, data is the lifeblood of the securities industry and its integrity cannot be compromised. However, there is a more intense frenzy around data security and outsourcing abroad. As a result, WS&T set out to uncover the additional security threats related to outsourcing to an offshore vendor.
The outcome? Outsourcing to India, China, Russia, etc. is really no different from sending data to what were once called service bureaus or what we now call application service providers. It's been done for years and the onus has always been on the financial-services firm to make sure it does its due diligence before choosing a partner.
The security threats these vendors face abroad are the same threats securities firms themselves face when data is housed on-site. As a result, strong firewalls and a formal data-security strategy must be in place to prevent hacking, viruses or misappropriation of data.
The primary concern, we found, is that executives don't like the idea of sending their data to a location where their competitors' data is also being stored. That is an understandable concern, but again, it is no different from sending your back-office data to ADP, which processes a good deal of the industry's trades, or to SunGard for data storage and back-up.
The real fear revolves around the mistrust of people and what they might do with the data - such as selling it to a competitor. There are certainly unscrupulous people everywhere - we've seen quite a few right here in the U.S. securities industry very recently. Anyone can steal information or data and sell it to competitors or use it for their own personal advantage. However, it's no more or less likely to happen overseas.
The concerns around outsourcing security have been exaggerated. (Of course, there are other valid challenges relating to outsourcing - but that's another story.) In my opinion, this issue revolves more around the anger of losing American jobs, fear of the unknown, and, unfortunately, slight prejudice.
As Ivy Schmerken, WS&T editor at large, discusses in her cover story, no one has more at risk than the offshore companies. If there was a breach in security, these vendors would be finished. And that is one security risk they are not willing to take.