BreachExchange mailing list archives
It’s Time for Channel Firms to Get Serious about IT Security
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 1 Sep 2015 19:38:44 -0600
http://talkincloud.com/cloud-computing-security/it-s-time-channel-firms-get-serious-about-it-security In the wake of dozens of high profile data breaches and corporate data security exploits, many businesses have intensified their focus on IT security. However, internal security is only half the picture, and companies today are increasingly scrutinizing the data integrity of their channel partners. This growing concern is well founded; investigations revealed that Target’s high-profile data breach was possible due to credentials compromised during an attack on an HVAC contractor. According to CompTIA's Trends in Information Security study, 74 percent of U.S. companies say that security has a higher priority today than it did two years ago, and 85 percent say that it will have an even higher priority two years from now. Beyond ensuring the safety of client data, channel firms must recognize ongoing changes in how their clients manage security and evolve their service offerings accordingly. Managing Liability Despite broad agreement on the importance of IT security, many organizations seem comfortable with their existing risk policies and procedures. Only 22 percent of small businesses report dissatisfaction with their current security measures; security-skepticism drops to 15 and 17 percent, respectively, for medium-sized and large organizations. Even though businesses are willing to hold their channel partners accountable for security lapses, many simultaneously underestimate their own risk. For channel firms, this requires an aggressive approach to IT security. It's not enough to assume that organizations have implemented robust security policies or educated their end users about risks. Security must be embedded throughout a channel firm's interaction with a client, no matter how seemingly banal. The same security habits that plague consumer IT security – reused passwords, unencrypted data and failure to plan for worst-case scenarios – run rife within corporate IT environments. Channel firms should proactively identify and communicate security weaknesses to reduce risk to both partners. The other SaaS Software as a service is already a familiar concept to many companies, which rely on outsourced providers for everything from website hosting to mission-critical applications. Even though most channel firms (56%) have security baked in to their products or services, only 17 percent provide security as a standalone offering. Talk about a missed opportunity! According to IDC, three-quarters of CSOs are likely to report directly to the CEO rather than the CIO by 2018, suggesting that organizations increasingly view IT security as a distinct business process. Channel firms capable of providing Security-as-a-Service solutions stand to benefit immensely from this paradigm shift, especially those with the ability to integrate security across a variety of products. As security solutions become more complex, businesses will turn to third parties with the bandwidth and capability to simplify their firm’s security landscape. For channel firms, the renewed focus on IT security represents both risk and opportunity. Security blunders are more costly than ever: A small mistake can leave millions of sensitive records unprotected, not to mention damage a company's reputation and relationships. But the opportunity to build your security offerings with your customers’ needs also exists. In this data-centric age, it’s no longer enough to treat security as a product feature “bullet point.” It must become central to channel firms' services if they want to stay competitive.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- It’s Time for Channel Firms to Get Serious about IT Security Audrey McNeil (Sep 03)