| :: Business Solutions > Security ™ |
Security ™
Background
Information and the technology used to access, utilize, store, and transfer it have become the primary drivers of value and wealth creation in today's global digital economy. Businesses in every industry deal with massive amounts of information on a daily basis that must be protected from unauthorized access, vandalism, destruction, and theft. Likewise, the complex computer systems/networks through which this information is processed must be safeguarded. Failure to protect these valuable information assets can result in devastating consequences, including major financial losses and legal liability. Within the last few years, the importance of information security has increased significantly due primarily to the proliferation of cyber crime and security-related legislation across the globe. Once a function relegated to the IT department, information security has moved up to the executive board rooms in many companies as a mission-critical initiative demanding serious focus and investment.
There is no doubt that security is both a complex and ever changing landscape. A "good enough" security program is not good enough in today's volatile environment. Putting in place a second-rate program can result not only in major business losses, but ultimately business failure.
Security takes many forms, the reference framework below illustrates the many different facets of end to end information technology security. Important to note that physical, personnel and operational are equally as important in constructing a robust environment.
The increasing complexity of security requirements and solutions is driving increasingly more companies to consider managed security services (MSS) outsourcing as an adjunct to or to act as a replacement for more directly employed resource. Those who have pursued this strategy are experiencing a wealth of advantages by leaving security in the hands of experts, and re-focusing their attention on their core business.
Historically there has been much concern in the industry about the possible repercussions of handing control of security to a third party but, this is handing control to experts who have built their reputations and businesses around getting security right. Concerns about data privacy - the 'will they read my email' reaction - are largely non-issues and companies are starting to see beyond such worries and buy into the idea that a dedicated third party can manage your security far better than you can.
The market is has taken taken off
According to Quocirca research, 65 per cent of companies still want to try to make a success of in-house security management, but that 35 per cent, and growing, represents an interesting level of approval for managed security services. We have passed the "tipping point" whereby companies will sign up in increasing numbers - attributing this to a "me too effect" with businesses seeing others taking the plunge and deciding to do likewise.
Information security drivers
Cyber crime
The increasing risks and costs of cyber attacks are forcing businesses to take a much more aggressive approach to information security. Cyber crime is escalating at an alarming rate, victimizing people, businesses, and governments worldwide. While the Internet is revolutionizing communication and commerce, its open and ubiquitous nature has made computer systems and networks more vulnerable to internal and external attacks. Spanning the globe, the Internet has made it possible for a single cyber criminal to wreak havoc from anywhere in the world using only a personal computer and a modem.
News reports on the staggering damage caused by the latest computer virus or hacking incident have become commonplace. As society as a whole becomes more computer literate and new technologies emerge, the number of cyber criminals and the types of attacks they devise continue to multiply rapidly. Although it is difficult to put an exact dollar figure on the costs of cyber crime on the world economy, it is estimated that the costs run into the billions of dollars every year. Cyber attacks impose both direct and indirect costs on businesses. Direct costs include money spent on security systems, programs and staff, as well as lost productivity due to security breaches. Although the indirect costs of cyber crime, including lost sales, damaged reputations, damaged customer relations, decreased shareholder confidence and legal liability, are more difficult to quantify, some researchers estimate they greatly exceed the direct costs.
Security-related legislation
The threats posed by privacy and security breaches in cyber space have fueled an explosion in government legislation and regulations around the globe. Compliance, however, is an enormous challenge for companies due to the sheer number and complexity of these requirements. Worse yet, the risks of non-compliance, including fines, penalties, and negative media attention, can be very costly.
Benefits of an MSS approach
Companies face an uphill battle in their quest for information security. Threats to security continue to change and multiply along with the technologies used to deter them. Designing, implementing, and managing a successful security program is a vast, complex, and costly undertaking for most companies. Since no security program is 100 percent fail-proof, the success of a program is measured by its effectiveness in managing risk. Rather than assuming all of the risk/liability themselves, many companies are sharing the responsibility with managed security services (MSS) providers, and reaping a number of business advantages in return.
Cost
Cost reduction is probably the biggest advantage that companies achieve by outsourcing their security functions. In general, it is less expensive to outsource than to maintain a fulltime security staff in house. MSS providers offer economies of scale by spreading out the cost for security experts, facilities, hardware, and software over numerous clients. In addition, the skills, experience, and advanced technologies offered by MSS providers substantially reduce the risk of cyber attacks, sparing companies the costs associated with those attacks.
Expertise
Due to the shortage of qualified information security professionals, attracting and retaining critical staff is a huge challenge for companies. Outsourcing relieves them of this responsibility, leaving staffing in the hands of MSS providers. It also gives them access to highly trained and experienced security personnel. An MSS provider is able to recruit the best in the profession - people who have made information security a lifetime career - by offering training, career challenges, and promotion opportunities. Companies benefit from their professional certifications, technology know-how, and extensive experience in handling hundreds, or even thousands, of security incidences on a daily basis across many clients.
Facilities
The facilities offered by MSS providers are another major outsourcing draw. Many providers have specialized security operations centers (SOCs) in multiple locations. Managed by highly trained personnel, these facilities are typically state-of-the-art, offering best-in-class hardware and software solutions designed to keep clients secure.
Service Performance
Companies benefit from higher service performance levels by outsourcing their security functions to MSS providers. Through their security operations centers (SOCs), MSS providers can offer management, monitoring, and support services 24 hours a day, 7 days a week, 365 days a year, compared to in-house personnel who may only be available during normal business hours. Their operational procedures ensure uninterrupted service availability and fast responsiveness. In addition, through best practices and proprietary methodologies, they are adept at determining threat relevancy and eliminating time-consuming false alarms. MSS providers are also accountable for the quality of their services. Service levels are guaranteed, thereby, minimizing client risk.
Compliance
Compliance with the myriad security-related laws and regulations existing in most countries today is a daunting task for businesses. Not only must they understand the intricacies of these complex legal requirements, but also come up with solutions for bringing their security programs into compliance. Through MSS outsourcing, companies gain access to compliance expertise and solutions. MSS providers offer comprehensive knowledge of legal requirements and industry standards, as well as experience in developing and implementing best security practices. They also provide audit services to ensure clients remain in compliance on an ongoing basis.
Blue Saffron focus
Whether supplementing in house expertise or acting as outsource partner Blue Saffron can assist. Our range of services and products cover a broad spectrum of security requirements and specializations.
Service Name |
Related Products |
Description |
| Hosted and simple industrial strength email | ||
| IT Resource Management | A full service lifecycle from procurement to disposal | |
| VPN | VPN Network | Secure,robust intersite communications |
| Managed Firewall | Managed Firewall | World class managed security service |