The outlook of business processing outsourcing units on information security has undergone a sea change.
Under pressure from foreign clients to focus on comprehensive security and the option of charging higher rates for providing such security, many BPOs have tripled their information security budgets in the last one year.
The trend started with foreign clients imposing stricter conditions in their service level agreements (SLAs). This required BPOs to undertake security audits and adopt those classification standards that are being followed by their foreign clients worldwide.
"There has been a 25 per cent rise in security spending per desktop in the last 15 months," said Sunil Gujral, chief technology officer, Wipro Solutions.
The increased spending on security is being defrayed from the overall budget of companies and not just the IT budget. This reflects the growing realisation by companies for a more comprehensive information security set-up.
"We had bad experiences after which we increased the spending on IT security from 5 per cent 2 years ago to 15 per cent of the IT budget this year," said Satish Sayal, CIO, NIIT Ltd. Companies had also increased their infotech budgets from 1 per cent of their revenues to 3 per cent in the last 1 year, he added.
To avoid security breaches, principals are now specifying the security standards for different customers in the SLAs.
The audits have also undergone a change from being just "rubber stamp" audits to those involving greater participation from the clients.
"Till last year principals had a fault-finding approach. The focus was on testing the process. But, now its all about testing the outcome" said Captain Raghu Raman, CEO, Mahindra SSG.
The higher investments are paying off. "Companies that have invested in information security are charging a premium from clients," said an industry expert.
"Companies with proper security infrastructure are able to charge as high as $2 per hour from their clients," he added.
The move towards greater security has, however, raised serious privacy issues where employees' personal mails are being routed through security agencies.
Some companies are now embroiled in lawsuits as their employees have sued them for infringement of privacy.
Traditional sectors like shipping and FMCG companies, too, are investing in information security.
"Information security spending has increased from 5 per cent last year to 20 per cent this year," said Mani Mulki, CIO, Godrej.
Taking a call