The advent of the digital economy has meant that companies need to open their IT systems to each other in order to trade electronically. While this has significant benefits in terms of speed and efficiency of business, it has a couple of serious drawbacks - it can be a security risk and expensive if it is not managed correctly.
Anthony Southgate, general manager of Security Solutions at Internet Solutions (IS), says it`s for this reason that many companies are investigating the viability of outsourcing their security needs to a managed security service provider (MSSP).
"The Internet and e-business are forcing organisations into an era of open and trusted communication. But this openness brings its share of vulnerabilities and threats," he says.
Key among these is intrusion into computer systems by unauthorised people. Sensitive, competitive and business-critical data can be manipulated or stolen.
Says Southgate: "The Internet was originally intended for the use of a small number of researchers and therefore built upon standards with little regard for security issues.
"During the late 1980s, however, the population of Internet users and networks exploded internationally and began to include commercial facilities.
"Today, nearly every desktop PC is connected to the Internet - the most public network in history - as are most servers, home computers and even PDAs and cellphones. And yet the Internet remains a public network, indiscriminately allowing access to everyone - criminals, industrial spies and bored teenagers alike. All it takes is a breach on a single trusted system to potentially compromise an entire network," he says.
Statistics from the Computer Security Institute bear this out. In 2001, 91% of companies surveyed reported a computer system security breach. So-called cyber incidents nearly doubled in 2001 and are expected to double again this year.
Southgate says: "Companies often remain silent about their security problems because they are afraid of the negative message it sends to investors and clients.
"A lack of sufficient security may not only end up in data-losses and down-times, but may cause enormous damage to an organisation`s image and therefore affect customer loyalty, shareholder value, financials and more.
"Company executives are concerned about security but at the same time, most companies don`t have the skills and resources to deal with it. They are also under pressure to reduce costs," he says.
Enter the MSSP - organisations that provide outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection and anti virus services.
MSSPs use high-availability security operation centres to provide around-the-clock services designed to reduce the number of operational security personnel a company needs to hire, train and retain in order to maintain an acceptable security profile.
Research firm Gartner says outsourcing security functions to a third-party results in a higher level of security at an equal or lesser cost than doing it in-house.
"Information security - like physical security - is more efficiently applied as an outsourced function. When contracting with an MSSP, companies gain a team of experts, whose core focus is security, day in and day out," says Southgate.
The benefits of outsourcing security requirements - both staff and money are freed up to be used for core business issues. Systems are better protected and the trust of employees, customers and shareholders increases.
"The decision to adopt a managed security solution can deliver considerable cost savings - it eliminates the expense of recruiting, training and maintaining skilled security staff. Customers benefit from economies of scale, without the risk of capital expenditure and result in greatly improved cash flow," says Southgate.
IS connects over 1 000 companies to the Internet, creating, in effect, the primary electronic commerce environment in SA. Not surprisingly, IS has a lot of vested interest in the success of local electronic commerce and regards online security a priority.
IS offers a range of services that protect businesses from the dangers of a public network, often working with leading technology companies to develop the most effective security solutions.
IS is the first certified Cisco Powered Network Partner (CPN) for Managed Security Solutions outside of the US.
"Our team of security experts support solutions in our Internet Data Centres (IDCs) in Rosebank, Cape Town and Durban. These IDCs are the finest in Africa with a combined area of 600m2 and currently host more than 1 000 servers," says Southgate.
Share