Home Articles The benefits of independent security advice

The benefits of independent security advice

archives2012

James Rees, Managing Director, Razorthorn Security

In today’s modern business world Information security is important…. Not just important but VERY important. Cybercrime is now a multibillion dollar industry, Symantec reported in 2011 some frightening statistics:

Cost of Global Cybercrime in 2011 = $114 Billion
Value victims placed on financial loss and time = $274 Billion

Now look at those amounts, it’s estimated that Cybercrime cost $388 Billion…. Astounding to think of, but frightening when you place that next to the drugs trade which in the same year cost $288 Billion…. Just the other day it came to light of three hacking attempts on the hotel giant Wyndham Worldwide Corp that allegedly involved the credit card information of hundreds of thousands of customers, this is just the most recent reported case out of the thousands that go unreported in our economy, and it’s getting worse!

Cybercrime is here to stay, it’s going to get more prolific and more expensive as our society becomes more dependent on technology and digital services… I know what you are thinking, “Oh god, another information security doom merchant with prophecies of impending disaster” and to be honest you would be forgiven. In recent history there have been many security professionals using this method to sell their services and it has become a central focus these days, especially with the sales people from many information security companies. I don’t personally agree with this method, I believe that information security is an asset to the business and that’s how I sell it. Selling through fear, although effective, is not in my honest opinion, the way of the future with Information Security.

In the last five years, the business world’s nominal business operations have been shifting dramatically from a host of internal systems, housed in a purpose built datacentre (or cupboard in the corner…. No really… true story). But in recent years many companies are looking to reduce costs to the business, by moving their technical management and infrastructure into an outsourced solution, the most recent iteration being this massive behemoth of a buzz industry… the cloud.

EVERY company we have spoken to about outsourcing to the cloud, list security of their data and solutions as the top three (usually No 1) concerns. I challenge you to go out and find me a company looking to move over to the cloud, that in the initial first meeting conversation, doesn’t list the security of the solution as a major requirement.

Information security is the KEY requirement, for any organisation looking to outsource any aspect of their operations, here are just a few simple examples:

  • Companies outsourcing their call centre operations take the security of their customer’s confidential data very seriously, as even a suspected security breach can have a very significant impact to not only their own reputation but the call centres too.
  • Companies outsourcing certain operations to the cloud want to ensure the solution protects the integrity, availability and confidentiality of their data and services. A security event of any sort that has a risk against these three key factors is a major issue.
  • Companies outsourcing their IT support functions to a cheaper location want to ensure that their proprietary information is protected and that the support staff from the outsourced company will use their administrative access to systems and services responsibly and not use them to steal customers information and re-sell it on.

Employing a professional Information Security professional can be (especially in today’s market) expensive talent to employ, PCI DSS for instance has led to a massive need for talented information security people and with demand comes a rise in price, we are expensive commodities.

The question then becomes, is there a way to get the same level of security but for a cheaper cost to the business? Of course there is, many SME’s (even the larger ones) do not need a full time information security person and cannot afford the cost of a good one. So the only way to get a good experienced information security professional is to outsource to an organisation that specialises in the information security field.

Outsourcing your information security to the right company, means that you can gain the support of some of the best information security people in the business for a fraction of the price you would normally pay for a permanent employee with the same level of knowledge and experience.

I want all of you reading this to ask yourselves and your board of director’s one question:

“Do we take the security of our operations, customers and business partners seriously enough? If so how serious?”