Challenges of Information Security Management in a Research and Development Software Services Company: Case of WirelessComSoft

Challenges of Information Security Management in a Research and Development Software Services Company: Case of WirelessComSoft

Varadharajan Sridhar (Sasken Communication Technologies, India)
Copyright: © 2010 |Pages: 15
DOI: 10.4018/jcit.2010040102

Abstract

WirelessComSoft, a software company based in India, provided research and development outsourcing support in an Intellectual Property strong wireless communication products and services space. Over a period, WirelessComSoft developed a robust information security infrastructure and complied with industry standard auditing procedures. However, implementing information security across its different world-wide sites, updating it in tune with evolving user needs, deploying robust business continuity architecture, and maintaining logical and physical isolation of clients’ off-shore development centers were challenges that WirelessComSoft’s security implementation team grappled with every day. The case presents how information security infrastructure at WirelessComSoft evolved, the challenges faced and the methods implemented by the information security team to overcome these challenges.
Article Preview

Setting The Stage

Rapid diffusion of the Internet while bringing numerous benefits, also demonstrated the urgent need to craft effective information security management practices. The nature of business and the technology intensive workplace provided challenges in implementing a comprehensive information security management practice at WirelessComSoft. As telecommunications industry was very competitive with innovation being the key driver for sustaining competitive advantage, the customers demanded proactive information security practices at WirelessComSoft to prevent any possible IP theft and leakages. The clients often did assessment of information security controls, which as per the Chief Information Officer were more strict and comprehensive compared to even International Standards Organization (ISO)/British Standards (BS) audits. The clients also required elaborate self-assessment documents which created the need for WirelessComSoft to implement a robust information security infrastructure and perform its own security audits periodically. The self-assessment reports often served as eye-openers for WirelessComSoft as it required a re-look at some of the organization’s information security polices, procedures and controls.

From being Bangalore, India centric, WirelessComSoft expanded its geographical reach to deliver global R&D services from its multi-site locations. Teams at WirelessComSoft’s software development centers located at China, Finland, Germany, India (Bangalore, Pune and Chennai) and Mexico collaboratively worked on multi-site projects. The importance of information security became more pronounced when all the different sites were networked together to facilitate such multi-site projects. Figure 1 highlights WirelessComSoft’s global presence.

Figure 1.

Global presence of WirelessComSoft

Arora et al. (2009) contended that though IT services contributed to the bulk of off-shore revenue, there was increasing evidence of new product development and innovative R&D services being outsourced to Indian IT companies. Companies such as Microsoft, IBM and SAP Labs were shifting their new product development activities to India. WirelessComSoft, being one of the few Independent Software Vendors in India, catered to such R&D and product development outsourcing activity for Tier-I network manufacturing and semi-conductor companies in the US and Europe, by setting up dedicated Off-shore Development Centers (ODCs) at various locations. WirelessComSoft had to manage the confidentiality, integrity and availability of customer related information in the respective ODCs. The clients were very particular that teams working for them didn’t share vital information outside their ODCs. WirelessComSoft had to ensure and protect the intellectual property of its clients with a highly secure physical and logical IT infrastructure.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 21: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 20: 4 Issues (2018)
Volume 19: 4 Issues (2017)
Volume 18: 4 Issues (2016)
Volume 17: 4 Issues (2015)
Volume 16: 4 Issues (2014)
Volume 15: 4 Issues (2013)
Volume 14: 4 Issues (2012)
Volume 13: 4 Issues (2011)
Volume 12: 4 Issues (2010)
Volume 11: 4 Issues (2009)
Volume 10: 4 Issues (2008)
Volume 9: 4 Issues (2007)
Volume 8: 4 Issues (2006)
Volume 7: 4 Issues (2005)
Volume 6: 1 Issue (2004)
Volume 5: 1 Issue (2003)
Volume 4: 1 Issue (2002)
Volume 3: 1 Issue (2001)
Volume 2: 1 Issue (2000)
Volume 1: 1 Issue (1999)
View Complete Journal Contents Listing