We all know about the off-shore call-centers in places like India and Indonesia, but there's more to outsourcing than call-centre operations. A fascinating article in Bank Technology News paints a beautifully clear picture of IT outsourcing in India, particularly the islands of investment awash in a sea of poverty.
It's easy for us Westerners to overlook the cultural differences and make false assumptions about India, especially if we have never visited that part of the world. Outsourcing may be a massive earner for India and is still growing strongly but the local infrastructure is creaking under enormous strain. The caste system survives, meaning inherent inequalities. India has over a billion citizens, half of them under 25, and an average wage of just US$3,300 per year. Whereas two thirds of the population survives on less than a dollar a day, highly-trained IT specialists earn well and are in short supply. High IT staff turnover creates its own security issues.
The article specifically calls out the information security and privacy concerns in India. "... background checks of personnel remains a nagging concern. No central criminal databases exist and credit agencies remain relatively new, so any background checks must be done in person, which is often invasive. "Sometimes they'll just ride around the [potential employee's] neighborhood and talk to the constable," says Crosby. "None of this stuff is documented."
"... the Indian Information Technology Act of 2002 makes cyber crimes a federal offense, enforceable by India's Central Bureau of Investigation. The CBI established the Cyber Crime Investigation Cell in March 2002 to patrol such crimes, including a crime lab to train investigators. Parliament is now debating an amendment to the act, already approved by the Cabinet, that would make fines and jail time more stringent for those convicted of IT privacy crimes."
Indian data centers are reasonably secure according to those who have inspected the facilities. "... most outsourcers are compliant and certified for BS779 and ISO17799 controls, the two U.S. best-practice controls for information security, which have now become internationally recognized." [Some artistic license there by the journalist: British Standard BS 7799 became ISO standard ISO/IEC 17799, neither of which are American!].
More privacy and information security management links