TMCnet News
Corsaire: IT security managers shift their focus from protectionism to profit-making; Economic woes are changing the way that modern companies are viewing - and using - their IT systems(M2 PressWIRE Via Acquire Media NewsEdge) RDATE:22012009 According to Corsaire, a leading independent expert in securing information systems, IT consultancy, and risk assessment, the priorities of today's IT managers are shifting as a direct response to the current economic downturn. Even though "penetration testing" - the probing of a computer system or network to seek out vulnerabilities that an attacker could exploit - has traditionally been viewed as something of a necessary evil, IT managers are increasingly looking for ways to exploit the business benefits that this activity can offer, according to a new white paper released today by Corsaire. Historically, when IT Security Managers have implemented penetration testing, their main objectives have been to manage risk and meet regulatory compliance requirements. For this reason, a tendency to view penetration testing as a way of keeping the "bad guys" out has developed over the years. However, IT managers are beginning to view penetration testing as a way of achieving much more than this, since penetration testing can also provide a secure way of letting the "good guys" in, and of supporting a number of important business initiatives as a result. "Although the traditional elements of network security are still extremely important, effective and regular programs of penetration testing can also provide the secure infrastructure upon which an organisation can grow its business, as it can strengthen the relationship with existing customers and partners, thereby creating sales opportunities for additional products and services," says Jane Frankland, one of Corsaire's directors. "Already, many organisations are starting to realise the pitfalls of not operating in this way, and in fact some have already paid the price in terms of receivership or a hostile takeover." According to Corsaire's new White Paper on the subject, one of the biggest challenges to the creation and expansion of robust customer/partner ecosystems is the lack of strong, consistent security across these environments. Many organisations would like to tightly integrate suppliers, distributors, outsourcers and other marketing partners into a unified IT infrastructure that allows members of one organisation to securely access the applications and information of another. To make this model a reality, however, an organisation needs to perform routine penetration testing in order to assess any threats, including any weaknesses in the security controls that protect against viruses, hacker attacks and unauthorised access attempts. Once they have assessed their suppliers' security posture (and revealed it as secure), the organisation will be able to expand and more tightly integrate with the partner's ecosystem and supply chain, and therefore greatly increase the set of services available for its online users and partners. At the same time, organisations that make assurances to customers as a result of thorough regular penetration testing will help to strengthen customer confidence in the privacy of their confidential information, whilst also helping to avoid costly and dangerous security breaches. After all, the most important corporate asset is the corporate brand, and the organisation's reputation goes hand in hand with this. Public knowledge of security breaches can have a catastrophic effect on the willingness of the public to do business with the organisation. Assuring the privacy of customer confidential information is not only critical for customer confidence, however, but also for meeting the requirements of governmental privacy mandates such as the Data Protection Act in the UK and Sarbanes-Oxley in the United States. Some organisations have also had to certify with PCI-DSS, FSA and/or the GC and have therefore adopted widely-used IT security frameworks, such as ISO 17799/27001 and CoBIT to create an environment of accepted security best practice. All of these schemes require regular programmes of penetration testing in order to prove compliance. Regulations and data protection aside, penetration testing offers additional valuable benefits for customers, as well. Not only will customers feel more confident in their dealings with companies that are perceived as secure, but a secure, robust infrastructure will allow for more positive interactions with customers, especially in terms of their online experience. "Modern penetration testing goes far beyond simply protecting customer data, as it is increasingly being used to ensure business continuity for modern customers who expect high levels of responsiveness and service from the organisations with which they do business," Frankland adds. "If an online service is unavailable for some reason, business is usually taken elsewhere and revenue is lost. Having a website that is available when needed, with no degradation in quality or service level ensures customer satisfaction, and ensuring the security of an online service is an important part of maintaining service availability." Note to Editors: The full version of Corsaire's latest White Paper, Penetration Testing as a Business Enabler, is available on request. Please see Press Contacts below. About Corsaire Corsaire is an expert at securing information systems, consultancy and assessment. Through our commitment to excellence we provide a range services to help organisations protect their information assets and reduce corporate risk. Founded privately in the United Kingdom in 1997, we operate on an international basis with a presence across Europe, Africa and the Asia-Pacific rim. Our clients are diverse, ranging from government security agencies and large blue-chip FTSE, DAX, Fortune 500 profile organisations to smaller internet start-ups. Most have been drawn from banking, finance, telecommunications, insurance, legal, IT and retail sectors. They are experienced buyers, operating at the highest end of security and understand the differences between the ranges of suppliers in the current market place. CONTACT: Jane Frankland, Corsaire Tel: +44 (0)1483 746 700 e-mail: [email protected] WWW: http://www.corsaire.com Andrew Ball, Chazbrooks Communications Tel: +44 (0)1483 537 890 e-mail: [email protected] Chaz Brooks, Chazbrooks Communications Tel: +44 (0)1483 537 890 e-mail: [email protected] ((M2 Communications Ltd disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to [email protected])). Copyright ? 2009 M2 Communications Ltd. |