When Do-It-Yourself IT security no longer does
When Do-It-Yourself IT security no longer does
The complexities and continuous evolvement of IT security threats have made managing them a specialist field. With cloud services, third party applications and mobile devices proliferating the workplace, nobody without the necessary experience, technical skills or understanding of the threat landscape can effectively manage the number and nature of threats facing companies today.
"Many companies are falling prey to all manner of IT security related threats because they are not up to speed on emerging trends and don't have the technologies or resources in place to protect their networks and critical business information. In the current environment, this Do-It-Yourself (DIY) approach to IT security no longer does," warns Richard Broeke, General Manager at Securicom, a leading South African managed IT security services company.
To put up effective resistance against the burgeoning array of threats, both from inside and outside of the business, companies nowadays rely on a plethora of security systems – each one focused on identifying and stopping specific threats. None of these systems should ever be left unmonitored as each offer an "in" for cyber criminals, leaving the business open to risks extending from reputational damage and theft of intellectual capital right through to fraud, legal action arising from non-compliance with legislation, and of course disrupted business which also comes at a cost. It is also expensive to buy and maintain various point solutions to do different things.
"Generally there is an overemphasis on security products when the focus should really be on a complete solution, and a total solution cannot be devoid of the human element. Of course, this element should have an exceptional understanding not only of the technologies at play but also the macro-environment. If the necessary resources are not available in-house, the DIY approach can by no means be considered a total solution," says Broeke.
Securicom advocates a holistic approach to IT security which encompasses specialist human intervention and a multi-product solution. Outsourcing IT security to a specialist provider allows companies to tap into the skills of a team of experts whose business it is to stay ahead of security threats and trends, as well as a range of best of breed technologies.
Managed services can have a lower cost of ownership and ensure that IT security costs are predictable. Like with rest of the world, this lack of skills is already prompting South African companies to adopt managed security services.
However, the importance of choosing a credible and trustworthy cloud cannot be underestimated. Broeke offers this advice for choosing a managed IT security services provider:
* Evaluate their experience in the market by getting references from other customers.
* Ask how long they have been around and their level of expertise, both technology-specific as well as industry related proven skill sets.
* Inquire about the type of partnerships they've got with the vendors they prescribe.
* Find out where their datacenters are and what measures they have in place to protect them.
* Evaluate the terms and conditions of extracting and recovering your data at a later stage as there may be a hefty fee involved.
* Never sign up with a managed services provider that cannot offer multiple methods of security to secure the environment as it evolves.