TMCnet News
Cutting costs in IT Security is a bad policy(M2 PressWIRE Via Acquire Media NewsEdge) Managing Director of ramsac (www.ramsac.com) Business IT security is a perennially favourite topic of discussion. From SMEs to multi-national corporations (and even in government circles), the security of IT systems is much discussed and yet there is a feeling that maybe it is not always given the consideration it deserves. At a recent conference, CompTIA CEO Todd Thibodeaux suggested that it would be sensible to allocate 10% of a companys IT budget to providing security, and yet the evidence suggests that in reality this is often not the case. For example, a Gartner survey recently found that the industry average spend on IT security is only about five percent. Perhaps even more startling is a report by the Ponemon Institute, Cenzic and Barracuda Networks which found that 88% of companies surveyed indicate they spend more on coffee than they do on securing Web applications! In my experience this isnt unusual. If we took a poll across a cross section of small businesses I suspect many would say they either dont have a specific budgetary allocation for IT security or that it is a minimal amount. So why is there a shortfall between the professionally suggested levels and the reality of IT security within the business world? Having spoken to and worked with countless IT managers and business owners the anecdotal evidence is that providing IT security is, to many, a task with somewhat intangible benefits. Like buying insurance, investing in IT security doesnt give an immediate, visible, business benefit in the same way that purchasing a smartphone or company car does. In fact, very much like insurance, its a purchase that will only really remind you of its worth when disaster strikes and then it will also make it very evident whether you have bought the right or wrong product for your needs. Whilst failing to find the right level of protection could potentially leave your business open to serious problems, paying over the odds for products you dont need makes equally bad business sense. So like most business decisions, finding the right balance is vital. The suggested 10% of budget may be a good guide, but naturally all organisations are different and the appropriate amount will vary depending on a wide range of factors, including the type of business and the potential threats to it. When considering IT security for a business it is vital to understand the types of threats that could be a problem and the weak points in the organisation that leave it vulnerable. For companies that run an online ordering or sales system this could mean a specific threat to customers account or financial details by IT-savvy criminals. Most businesses hold personal details on their systems and there is a potential risk that these can be hacked remotely without proper protection being in place. At the most basic level, all businesses are open to threats via email viruses or lax security at the organisations premises, both on a physical level and also with regards to IT safeguards. The physical security of premises is a vital, if sometimes overlooked consideration with regards to information security. Allowing unauthorised people to enter the premises opens up the likelihood that a malicious visitor could infiltrate systems and pilfer valuable information or even remove hardware. Despite the ability to remotely hack business systems, physical intruders are still a very real danger. Businesses often forget the protection they already have through existing IT investments, which may not be fully utilised. Business systems often incorporate a certain degree of security built in, such as password protection which is vital to IT security. A robust policy that ensures employees and the management use unobvious and hard-to-break codes will significantly tighten security, as long as users dont just keep the details on their desk! Despite all the planning, in my experience many organisations lapse in their IT security from time to time, often when security software needs upgrading or renewing. Being an out of sight, out of mind technology, cash-starved businesses may let this important stage slip and undoubtedly this can be one of the most vulnerable periods for IT security within an organisation. Much like insurance, IT security is something that will cost a business dearly if it doesnt consider the potential ramifications of not having the right cover in place. Whilst additional financial outlay is never welcome, IT security should be seen as a necessity much like other critical business expenses such as telephones or an office. After all, you wouldnt do without fire alarms and fire extinguishers just because you havent had a fire! Ends About ramsac Founded in 1991, ramsac offers a menu of outsourced stress-free IT services that allows clients to match their individual needs. For some clients it may simply be support at the end of the phone, for others a part-time network manager, for many businesses its help in developing a longer term overall IT strategy. Whatever the requirement clients are guaranteed impartial, jargon-free advice. This enables those businesses and organisations for which a dedicated in-house IT department may not be practical, to outsource all or part of their IT needs. In return they benefit from properly planned cutting edge IT solutions and support without any of the headaches often associated with managing technology. The end result is that any business can now get top level joined-up grown up IT advice for a fraction of the cost ramsac is committed to providing excellence in customer service and is proud to maintain a 97% client retention rate. The company has won the 2011 Toast of Surrey Award for the Companies with a turnover of up to 5m category. ramsac is also an ISO 9001 Quality Approved firm, a Microsoft Gold Certified Partner, a Citrix Silver Partner and an accredited Investor in People. Editorial Contacts: Simon Hewitt/Graham Thatcher /Fiona Brewer MCC International T: 01962 888 100 F: 01962 888 125 E: [email protected] ((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to [email protected])). (c) 2011 M2 COMMUNICATIONS |