Government // Cybersecurity
12:43 PM
Connect Directly
Repost This

U.K., India Sign Cybersecurity Pact

Government and law enforcement agencies will collaborate to protect U.K. data held by Indian outsourcers and cloud vendors.

U.K. Prime Minister David Cameron last week signed a cybersecurity deal with India's Prime Minister Manmohan Singh to reassure Brits about protection of data held by outsourcers or cloud companies in India.

British newspaper The Telegraph said the pact will: create a joint task force to exchange and share information about identifying and countering threats; help police from the two nations share expertise in cyberforensics and other areas of detection and enforcement; and enable regular cooperation meetings among leaders in cybersecurity research from academic circles and industry.

What's particularly interesting is that the agreement-- framed as designed to improve "the protection of personal data and sensitive commercial and government information" -- may herald much greater use of offshoring and outsourcing of U.K. state information and communications technology (ICT) work to India.

"Other countries securing their data is effectively helping us secure our data," Cameron said during his visit to India. "The threat in terms of cybersecurity comes from all sorts of different places and organizations -- a lot of it is criminal. Hacking bothers me wherever it comes from." Meanwhile a Downing Street spokesperson told The Financial Times that the pact marks "an unprecedented level of cooperation with India on [computer] security issues."

[ Worried about the Chinese, Russians, hacktivists or cybercrime gangs stealing your data? Don't Blame China For Security Hacks, Blame Yourself. ]

The context here is the fondness British companies -- from banks and financial services firms to retailers -- have for outsourcing their customer contact centers to India, where English-speaking, often graduate-level staff can interact -- at greatly reduced costs -- with British callers. In the past few years, even before cloud computing took off, this was supplemented by a drive by many corporations, especially in the City of London financial center, to take advantage of low-cost Indian programming talent.

Now, Indian cloud work is now said to be set for big growth: IDC said 15% of all new cloud jobs -- or two million posts -- will be created there by 2015.

That hunger for hosting British customer information overseas has, unfortunately, caused some issues. Last year it emerged that at least one of these call centers contained employees willing to sell British citizens' credit card info and personal data including medical information -- to undercover reporters, at least.

Not all observers are convinced of the wisdom of the move, though. U.K. based managed hosting supplier Claranet's product director Martin Saunders, for example, said: "We're all for tightening up security around the world, but the issue here is whether or not businesses are comfortable with their data being stored in India -- even with these additional safeguards. Indeed it might come as a surprise to many to find that their data is even being held in the subcontinent.

"It's important that cloud users equip themselves with enough knowledge to be able to ask the right questions of their cloud service providers to ensure their data is properly protected."

Data sovereignty remains a big obstacle to British cloud usage, especially in the public sector, which has to follow compliance rules that require that organizations know precisely where, geographically, their data is physically located at any given time. For example, Saunders' own company reported late last year that 47% of the 250 IT decision-makers from a range of small and midsize businesses, enterprises and public sector organizations it had polled identified data sovereignty as a key security concern.

Saunders again: "If users have no visibility or control over where their data resides, they are risking the security of their data, their customers and even their own business' survival."

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.