U.K., India Sign Cybersecurity Pact
Government and law enforcement agencies will collaborate to protect U.K. data held by Indian outsourcers and cloud vendors.
U.K. Prime Minister David Cameron last week signed a cybersecurity deal with India's Prime Minister Manmohan Singh to reassure Brits about protection of data held by outsourcers or cloud companies in India.
British newspaper The Telegraph said the pact will: create a joint task force to exchange and share information about identifying and countering threats; help police from the two nations share expertise in cyberforensics and other areas of detection and enforcement; and enable regular cooperation meetings among leaders in cybersecurity research from academic circles and industry.
More Security Insights
- The Untapped Potential of Mobile Apps for Commercial Customers
- Get Actionable Insight with Security Intelligence for Mainframe Environments
White PapersMore >>
What's particularly interesting is that the agreement-- framed as designed to improve "the protection of personal data and sensitive commercial and government information" -- may herald much greater use of offshoring and outsourcing of U.K. state information and communications technology (ICT) work to India.
"Other countries securing their data is effectively helping us secure our data," Cameron said during his visit to India. "The threat in terms of cybersecurity comes from all sorts of different places and organizations -- a lot of it is criminal. Hacking bothers me wherever it comes from." Meanwhile a Downing Street spokesperson told The Financial Times that the pact marks "an unprecedented level of cooperation with India on [computer] security issues."
[ Worried about the Chinese, Russians, hacktivists or cybercrime gangs stealing your data? Don't Blame China For Security Hacks, Blame Yourself. ]
The context here is the fondness British companies -- from banks and financial services firms to retailers -- have for outsourcing their customer contact centers to India, where English-speaking, often graduate-level staff can interact -- at greatly reduced costs -- with British callers. In the past few years, even before cloud computing took off, this was supplemented by a drive by many corporations, especially in the City of London financial center, to take advantage of low-cost Indian programming talent.
Now, Indian cloud work is now said to be set for big growth: IDC said 15% of all new cloud jobs -- or two million posts -- will be created there by 2015.
That hunger for hosting British customer information overseas has, unfortunately, caused some issues. Last year it emerged that at least one of these call centers contained employees willing to sell British citizens' credit card info and personal data including medical information -- to undercover reporters, at least.
Not all observers are convinced of the wisdom of the move, though. U.K. based managed hosting supplier Claranet's product director Martin Saunders, for example, said: "We're all for tightening up security around the world, but the issue here is whether or not businesses are comfortable with their data being stored in India -- even with these additional safeguards. Indeed it might come as a surprise to many to find that their data is even being held in the subcontinent.
"It's important that cloud users equip themselves with enough knowledge to be able to ask the right questions of their cloud service providers to ensure their data is properly protected."
Data sovereignty remains a big obstacle to British cloud usage, especially in the public sector, which has to follow compliance rules that require that organizations know precisely where, geographically, their data is physically located at any given time. For example, Saunders' own company reported late last year that 47% of the 250 IT decision-makers from a range of small and midsize businesses, enterprises and public sector organizations it had polled identified data sovereignty as a key security concern.
Saunders again: "If users have no visibility or control over where their data resides, they are risking the security of their data, their customers and even their own business' survival."
Rick Falkvinge, the founder of the Swedish Pirate Party and a campaigner for sensible information policy, will present the keynote address at Black Hat Europe 2013. Black Hat Europe will take place March 12-15 at The Grand Hotel Krasnapolsky in Amsterdam.