|
Corsaire: IT security managers shift their focus from protectionism to profit-making; Economic woes are changing the way that modern companies are viewing - and using - their IT systems
(M2 PressWIRE Via Acquire Media NewsEdge)
RDATE:22012009
According to Corsaire, a leading independent expert in securing
information systems, IT consultancy, and risk assessment, the
priorities of today's IT managers are shifting as a direct response to
the current economic downturn. Even though "penetration testing" - the
probing of a computer system or network to seek out vulnerabilities
that an attacker could exploit - has traditionally been viewed as
something of a necessary evil, IT managers are increasingly looking for
ways to exploit the business benefits that this activity can offer,
according to a new white paper released today by Corsaire.
Historically, when IT Security Managers have implemented penetration
testing, their main objectives have been to manage risk and meet
regulatory compliance requirements. For this reason, a tendency to view
penetration testing as a way of keeping the "bad guys" out has
developed over the years. However, IT managers are beginning to view
penetration testing as a way of achieving much more than this, since
penetration testing can also provide a secure way of letting the "good
guys" in, and of supporting a number of important business initiatives
as a result.
"Although the traditional elements of network security are still
extremely important, effective and regular programs of penetration
testing can also provide the secure infrastructure upon which an
organisation can grow its business, as it can strengthen the
relationship with existing customers and partners, thereby creating
sales opportunities for additional products and services," says Jane
Frankland, one of Corsaire's directors. "Already, many organisations
are starting to realise the pitfalls of not operating in this way, and
in fact some have already paid the price in terms of receivership or a
hostile takeover."
According to Corsaire's new White Paper on the subject, one of the
biggest challenges to the creation and expansion of robust
customer/partner ecosystems is the lack of strong, consistent security
across these environments. Many organisations would like to tightly
integrate suppliers, distributors, outsourcers and other marketing
partners into a unified IT infrastructure that allows members of one
organisation to securely access the applications and information of
another.
To make this model a reality, however, an organisation needs to perform
routine penetration testing in order to assess any threats, including
any weaknesses in the security controls that protect against viruses,
hacker attacks and unauthorised access attempts. Once they have
assessed their suppliers' security posture (and revealed it as secure),
the organisation will be able to expand and more tightly integrate with
the partner's ecosystem and supply chain, and therefore greatly
increase the set of services available for its online users and
partners.
At the same time, organisations that make assurances to customers as a
result of thorough regular penetration testing will help to strengthen
customer confidence in the privacy of their confidential information,
whilst also helping to avoid costly and dangerous security breaches.
After all, the most important corporate asset is the corporate brand,
and the organisation's reputation goes hand in hand with this. Public
knowledge of security breaches can have a catastrophic effect on the
willingness of the public to do business with the organisation.
Assuring the privacy of customer confidential information is not only
critical for customer confidence, however, but also for meeting the
requirements of governmental privacy mandates such as the Data
Protection Act in the UK and Sarbanes-Oxley in the United States. Some
organisations have also had to certify with PCI-DSS, FSA and/or the GC
and have therefore adopted widely-used IT security frameworks, such as
ISO 17799/27001 and CoBIT to create an environment of accepted security
best practice. All of these schemes require regular programmes of
penetration testing in order to prove compliance.
Regulations and data protection aside, penetration testing offers
additional valuable benefits for customers, as well. Not only will
customers feel more confident in their dealings with companies that are
perceived as secure, but a secure, robust infrastructure will allow for
more positive interactions with customers, especially in terms of their
online experience.
"Modern penetration testing goes far beyond simply protecting customer
data, as it is increasingly being used to ensure business continuity
for modern customers who expect high levels of responsiveness and
service from the organisations with which they do business," Frankland
adds. "If an online service is unavailable for some reason, business is
usually taken elsewhere and revenue is lost. Having a website that is
available when needed, with no degradation in quality or service level
ensures customer satisfaction, and ensuring the security of an online
service is an important part of maintaining service availability."
Note to Editors:
The full version of Corsaire's latest White Paper, Penetration Testing
as a Business Enabler, is available on request. Please see Press
Contacts below.
About Corsaire
Corsaire is an expert at securing information systems, consultancy and
assessment. Through our commitment to excellence we provide a range
services to help organisations protect their information assets and
reduce corporate risk. Founded privately in the United Kingdom in 1997,
we operate on an international basis with a presence across Europe,
Africa and the Asia-Pacific rim. Our clients are diverse, ranging from
government security agencies and large blue-chip FTSE, DAX, Fortune 500
profile organisations to smaller internet start-ups. Most have been
drawn from banking, finance, telecommunications, insurance, legal, IT
and retail sectors. They are experienced buyers, operating at the
highest end of security and understand the differences between the
ranges of suppliers in the current market place.
CONTACT: Jane Frankland, Corsaire
Tel: +44 (0)1483 746 700
e-mail: jane.frankland@corsaire.com
WWW: http://www.corsaire.com
Andrew Ball, Chazbrooks Communications
Tel: +44 (0)1483 537 890
e-mail: andrewb@chazb.com
Chaz Brooks, Chazbrooks Communications
Tel: +44 (0)1483 537 890
e-mail: chazb@chazb.com
((M2 Communications Ltd disclaims all liability for information
provided within M2 PressWIRE. Data supplied by named party/parties.
Further information on M2 PressWIRE can be obtained at
http://www.presswire.net on the world wide web. Inquiries to
info@m2.com)).
Copyright ? 2009 M2 Communications Ltd.
[ Back To TMCnet.com's Homepage ]
|
Call Center/CRM
Info Tech 
IP Communications 
Mobile 
Green 
Satellite 
Robotics 
Internet Telephony Magazine
Click here to read latest issue
CUSTOMER 
Cloud Computing Magazine
Click here to read latest issue
M2M Evolution Magazine
