It’s Time for Channel Firms to Get Serious about IT Security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://talkincloud.com/cloud-computing-security/it-s-time-channel-firms-get-serious-about-it-security

In the wake of dozens of high profile data breaches and corporate data
security exploits, many businesses have intensified their focus on IT
security. However, internal security is only half the picture, and
companies today are increasingly scrutinizing the data integrity of their
channel partners. This growing concern is well founded; investigations
revealed that Target’s high-profile data breach was possible due to
credentials compromised during an attack on an HVAC contractor.

According to CompTIA's Trends in Information Security study, 74 percent of
U.S. companies say that security has a higher priority today than it did
two years ago, and 85 percent say that it will have an even higher priority
two years from now. Beyond ensuring the safety of client data, channel
firms must recognize ongoing changes in how their clients manage security
and evolve their service offerings accordingly.

Managing Liability

Despite broad agreement on the importance of IT security, many
organizations seem comfortable with their existing risk policies and
procedures. Only 22 percent of small businesses report dissatisfaction with
their current security measures; security-skepticism drops to 15 and 17
percent, respectively, for medium-sized and large organizations. Even
though businesses are willing to hold their channel partners accountable
for security lapses, many simultaneously underestimate their own risk.

For channel firms, this requires an aggressive approach to IT security.
It's not enough to assume that organizations have implemented robust
security policies or educated their end users about risks. Security must be
embedded throughout a channel firm's interaction with a client, no matter
how seemingly banal. The same security habits that plague consumer IT
security – reused passwords, unencrypted data and failure to plan for
worst-case scenarios – run rife within corporate IT environments. Channel
firms should proactively identify and communicate security weaknesses to
reduce risk to both partners.

The other SaaS

Software as a service is already a familiar concept to many companies,
which rely on outsourced providers for everything from website hosting to
mission-critical applications. Even though most channel firms (56%) have
security baked in to their products or services, only 17 percent provide
security as a standalone offering. Talk about a missed opportunity!

According to IDC, three-quarters of CSOs are likely to report directly to
the CEO rather than the CIO by 2018, suggesting that organizations
increasingly view IT security as a distinct business process. Channel firms
capable of providing Security-as-a-Service solutions stand to benefit
immensely from this paradigm shift, especially those with the ability to
integrate security across a variety of products. As security solutions
become more complex, businesses will turn to third parties with the
bandwidth and capability to simplify their firm’s security landscape.

For channel firms, the renewed focus on IT security represents both risk
and opportunity. Security blunders are more costly than ever: A small
mistake can leave millions of sensitive records unprotected, not to mention
damage a company's reputation and relationships. But the opportunity to
build your security offerings with your customers’ needs also exists. In
this data-centric age, it’s no longer enough to treat security as a product
feature “bullet point.” It must become central to channel firms' services
if they want to stay competitive.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!