Welcome to the Business Insight blog, your all access pass to the very best thought leadership, information and tools for creating smarter business strategies and practices. You'll discover a broad range of resources including real-life case studies, insightful analyses, blogs, articles and ideas from leading experts in diverse industries.
|The IBM Business Insight Channel||IBM for Midsize Businesses|
|Most recent||Most recommendations||Most comments||Most visits|
Risky business? Entrusting security and resiliency to someone else
Craig Coffey 270005KDXK firstname.lastname@example.org | | Tags:  cybercrime disaster business recovery continuity_risk_resilienc... craig security coffey
0 Comments | 7,965 Visits
The question has never been more pressing. Today's organisations are constantly pushed to be operational 24/7. New technologies are emerging all the time. More people are using smart devices, and wanting to connect these devices to the corporate network. On top of that, threats are becoming increasingly sophisticated. Hacking, which was once the domain of 'script kids' out to have some fun, has become an industry in itself with businesses created solely to conduct cybercrime.
Midsize businesses traditionally suffer when it comes to risk management. While internal experts exist in larger organisations, the fundamentals of managing risk in a midsize business often fall with the 'IT guy' or, failing that, the general manager. As a business resiliency expert, I see a lot of organisations suffer specifically when they have a single point of failure or they have limited skill sets within their team. If you're relying upon one or two people to be there to save your neck, things can go badly very quickly.
This lack of dedicated resources can result in patchy security and poor resiliency, which is why the argument for using contracted services is gaining traction.
A service provider can help businesses manage risk in a number of areas. Firstly, by ensuring compliance with industry regulations, including the Payment Card Industry Data Security Standard (PCIDSS). Secondly, by conducting assessments to identify network vulnerabilities. And finally, they can provide ongoing security and resiliency services to help minimise the risk of a breach and ensure the right measures are in place in the instance that something does go wrong.
While some businesses may baulk at the idea of entrusting risk management to a third party, it isn't necessarily a matter of handing over the keys to the castle. Many organisations choose to pass off components of their risk profile, while keeping the overall management in house. Disaster recovery, for example, is one area in which the benefits of working with a partner can be easily gauged. While specific requirements vary for each business, an alternate premises for operations is often needed - something organisations can struggle to secure on their own.
Disaster recovery is definitely the type of service that lends itself to out-tasking. A vendor can essentially have the site, the facilities, the equipment, the people on standby, which means the organisation can be up and running relatively quickly.
The key to working with a third party is finding the solution that meets your organisation's unique needs. A service provider may best assist you by handling a one-off task, such as providing an independent assessment of your overall security posture. Alternatively, your in-house security staff may be stretched and want to siphon off monitoring or management tasks to allow them to focus on looking after the network.
Effective risk management is essential for every business.
A lot of people approach it in terms of the dollars that are lost if they're not selling.
Those tangible impacts are definitely important, but it also comes down to those intangibles such as your reputation and your ability to be seen as a reliable company in the market. Engaging a service provider can be a valuable step in ensuring your business gets risk management right.
Check the pulse of your organisation and take the IBM Business Continuity Index.