HOME | ABOUT US | CONSULTING | RESEARCH INSTITUTE | JOURNAL | EUROPE | PAPERS | SUPPLIERS | FOCUS AREAS | EVENTS | NEWS | CONTACT US

ASP Home
Journal
Back Issues

Table of Contents

Insights
Today a Moat Won't Do

Case Studies
Xdrive: Handling Growth to the X Degree

A Taxing Solution

Supplier Voice
Data Storage at the Speed of Light

Remote Control

Special Feature
A Purr-fect Outsourcing Relationship

Service 911 Makes Nothing an Emergency

Startup HMO Quickly Makes Its Mark

Corio Offers One Stop Shopping

Asia
Australia
Best Practices
BPO Outsourcing Journal
Business Process (BPO)
Canada
Events
Finance & Accounting
Financial Services
Healthcare
Human Resources
Information Technology
Manufacturing
Offshore
Outsourcing Journal
Supply Chain Management

The wonderful thing about the Internet is that it is democratic, allowing access to all. The downside of the Internet is that it is very democratic and allows access to all.

Breaking down barriers eliminates the protective filters that separate the good from the evil. That means people with ignoble motives can hijack your information and profit from it. Or, the data could just take the wrong turn and get lost on the information super highway and accidentally end up parked in the wrong place.

Privacy and security are at the heart of a company's ability to do business on the Internet safely. And these issues form a special concern in the ASP market. In fact, in my experience, privacy and security are the biggest constraint keeping companies from adopting the ASP model as their outsourcing solution.

Here's an example why. Companies outsourcing their human relations (HR) functions to an ASP like Exult, a supplier that offers complete HR services, have to be assured their employee information remains private and confidential.

Here at the Outsourcing Center, we faced these security challenges when we set up our Outsourcing Exchange Center. The Exchange, a business-to-business marketplace, gives buyers the capability to structure their ASP procurements, distribute Requests for Quotations (RFQ), and then purchase the services they need, all through the Internet.

We know these transactions are substantial and require private, sensitive and confidential information. We realized our buyers would have to share this data with their prospective providers via the Web. We had to make sure their data was protected in every way possible.

We talked to numerous ASPs to learn how they handled data security. Fortunately, we discovered the technology has matured, making privacy more secure. We wrestled with various alternatives and selected multiple levels of security as our answer.

Encryption Enables Security Efforts

Here's a case study of how we handled the situation. Our thought process might help you make your key decisions regarding data security.

We felt the best path was to establish several levels of security for the Exchange. First, we require encrypted data throughout the entire process. We use 128 bit super certificates issued by Verisign and Thawte, the industry leaders. This creates a secure sockets layer (SSL) capability. All transactions in the Exchange require SSL. This prevents anyone from accessing the online RFQs from using a standard Internet connection.

That's just the first layer of security.

The next layer makes sure each request is validated against an access control list to ensure the requester has the authority to access that document. This provides a "sandbox" type of security that keeps buyers inside the buyer area of the system while regulating suppliers to their own sandbox. There is no way a supplier can access a buyer's home page, for example.

This level also insures that the RFQ is only accessible to the buyer that created it and the suppliers the buyer invited to bid on it. Supplier A can't view the response from Supplier B.

Finally, we have created a virtual private network between our Exchange site and our hosting provider in Atlanta, Georgia. (We're in Dallas, Texas.) That insures all the maintenance we do to the site is done over a secure link.

XDrive, a company you'll read about in this issue, offers its users four layers of security, depending on their needs. Today technology can make things as secure as they can be. Now, if you share your password?

The ability to provide layers of security is precisely why the ASP industry has flourished. Vendors are able to calm nervous buyers with authentication and encryption capabilities. During this year technology has cracked the code to provide the security buyers demand.

Put Privacy Concerns in the Contract

On the other hand, keeping information private requires a commitment between supplier and buyer. Although most ASPs are taking these issues very seriously, very few address the privacy issue in their outsourcing contracts. We feel privacy clauses should be an important part of the contract.

Here's why: There have been cases when buyers have discovered, to their shock, that their vendor has resold information about them. Or, what if your ASP becomes acquired by another company, an outcome that can happen as the industry consolidates?

My advice: If you are purchasing ASP services, you must be clear about your demands for privacy and security. Put it in writing in the contract. Do NOT rely on the ASP's privacy statement.

Then you can sleep at night.

Lessons from the Outsourcing Primer:

• Security and privacy form the major concern for companies considering an ASP solution.
• Technology today allows several layers of security which serve as a powerful deterrent.
• Put privacy requirements into the contract. Do not rely on the vendor's privacy statement to protect you.

Publish Date: December 2000

For more information...
Printer friendly...

Related Articles
Smoothing Over the Privacy Potholes in BPO Outsourcing

Copyright © 2000 - Everest Partners, L.P.

[Previous Story] [Next Story]