India off-limits for outsourcing?

Australian Federal Police (AFP) boss Mick Keelty is the latest to voice concern about India becoming an outsourcing no-go zone, but how real is the risk?

Keelty this week told the American Chamber of Commerce there was a risk in outsourcing to India as it was one of the most technologically sophisticated nations on earth.

The net effect of this is that the country plays host to plenty of specialist identity theft groups, according to Keelty.

While I can't disagree with the existence of these groups, I do question whether, in practice, most outsourced technology operations in India have increased risk.

I'm reminded of my chat last year with Martin Telfer, Asia Pacific regional IT director with law firm Baker and McKenzie. Baker and McKenzie outsources to the Philippines, another country often linked with identity theft and cybercrime.

When I asked Telfer whether outsourcing to such locations posed increased risk, he said he felt a tier-one outsourcer, such as an CSC, EDS, IBM or Infosys would provide the same data security standards that all its datacentres must adhere to. In fact, he said he trusted their premises to be more secure than his own. That's hard to argue with.

In reality, most organisations that can afford to outsource to locations like India are hardly going to hand their data to "DelhiDodgyBlokes" or some other mid-size company. They're going to go best of breed.

That's not to say there isn't the risk of an insider job at these companies, just that it's unlikely because they have stringent data security standards in place around the globe.