Firms Not Cutting IT Security

This is an article I found in business weekly which addresses Endsight’s main IT Security direction. Although the economy is down, companies cannot afford to skimp on security and IT maintenance. Endsight now offers virus and spam protection at the desktop and server levels. Many of our clients are realizing the value in protecting their most important asset- their knowledge. Back up is becoming more practicle, affordable and important these days. It’s a safe guard that many companies only realize the importance of once its too late.

Please enjoy this article written by Stewart Baines of silicon.com

Despite tight budgets, CIOs, faced with rising threats from malware and disgruntled employees, have decided it pays to be wary, surveys show

With IT budgets flat or declining, you might have expected security spending to be similarly under pressure. But it seems CIOs faced with rising threats—including those from malware and disgruntled employees—have decided that it pays to be wary.

Indeed, several surveys have reported that enterprises are increasing their security budgets in 2009 despite cuts in overall IT budgets, with tech chiefs expecting security issues to grow this year as a result of the economic uncertainty.

Speaking to IT directors, the story is the same: downturn or not, cutting security spending is not worth the risk.

Jane Kimberlin, the IT director of Domino’s Pizza, which is bucking the trend of depressing financial results thanks to diners downsizing to a takeaway, said: “We are in fortunate position of finding the downturn not affecting sales. Consequently I am not experiencing any budget constraints at all.

“Having said that, I don’t think we would ever reduce our security budgets. I often talk to other CIOs in the FTSE 250 and it’s not something anyone has said they would do.”

Similarly David Supple, IT director for Ecotec, a management consultancy working in the public sector, said despite the tricky economic climate: “Overall our IT security budgets are not down a lot.”

Crisis, what crisis?
So with IT security budgets largely intact, are companies well prepared for the challenges ahead? Over the past year there have been a string of high profile data breaches, and embarrassing cases of lost laptops, USB drives and CDs in the public and private sector.

But the fear is that such mistakes could be replaced with the deliberate theft of data, with disgruntled former employers made redundant in the downturn fuelling the insider threat to IT security.

Alan Rodger, senior research analyst, Butler Group said: “The insider threat is the most significant. With people’s jobs coming under threat, some will make the most of the opportunity before they leave. For others, simply being told their pay is being cut might inspire them to breach security.

“Investment over the years has focused on security threats outside of the organisation but I believe companies now need to spend a lot more time looking at the threats from within.”

Rodger’s stance is underlined by a recent Ponemon Institute survey of 950 people who had lost or left their jobs during the last 12 months. The research found nearly 60 per cent of them took company information, such as customer contacts, when they left.

The threat of flexibility
As the downturn rumbles on, there is pressure from business managers to be more flexible and cut costs: get closer to customers, work from home more often, and reduce the overhead on centralised offices. The counterpoint is that data leaves the once fortified confines of a company’s premises.

“My internal customers need to be more mobile and so we have seen an explosion of devices on market like netbooks which help them do this. I have to get the balance between making services accessible and security, and security has to win every time,” Domino’s Kimberlin said.

“But we have to recognise that there is a blurring between our work and personal lives so if our employees want to use social networking for instance, we let them do it as long as it doesn’t compromise our security,” she continued.

Ecotec’s Supple added: “Employees are working at weekends and in the evenings from home, maybe when they were not doing it before and using equipment that is not ours,” adds Supple. “Our perimeter has grown.”

So what can an IT director do when faced with conflicting pressures to make working practices more flexible, yet make access to sensitive corporate data more secure, particularly when there is little money around for investment in anything other than business-as-usual security? The trick is to focus investment on where it makes a difference.
Burton analyst Rodger said: “Over the years, most IT security projects have not had to be qualified by a business case but that is changing. Many businesses are recognising that they need to assess the risk, and find a balance between financial cost and the probability of a breach happening.

“When you understand the risk—and how the economic crisis could increase risks—you stop making short-term cost savings in the IT security budgets in ways that leaves you open to the worst risks.”

http://www.businessweek.com/globalbiz/content/mar2009/gb2009039_621530.htm?chan=top+news_top+news+index+-+temp_global+business

The Outsourced IT Managed Service Model for Venture Capital

When it comes to providing technical IT support for the Venture Capital society, breaking into the market is very difficult. But once you do, the return on the invested time is well worth the effort. I have spent a considerable amount of time speaking with Directors of Operations, CEO’s, CFO’s Controllers, etc., trying to explain to them the benefit of switching to a managed service’s contract. Even some cases where I have been able to set up meetings for our CEO to meet with them and run through the specifics on how we would support their network, the VC has generally decided against it. It seems that it comes down to that the fact that the Managers of the VC aren’t spending their own money but rather their investors, so they don’t’ care how much they spend on IT. From an outsider’s perspective, it seems that they believe there is a direct coloration between how much you spend and the level of support you receive. That may be the case in many situations, but it is really not true when it comes to IT. With all of the new remote support capabilities available, outsourced IT providers have been able to provide a high level of service that is constantly on par with having someone in-house if not better.

I was talking to one VC in particular and their situation was quite interesting. They are working with a non-managed service support consultant and they are spending a considerable amount of money. The amount they were being billed at and, considering how large their network is, they could of hired two full time IT managers onto their staff, but instead they chose to hire a traditional IT consultant who worked on their systems part time. In addition to paying the expensive hourly fees, they also had to pay for the consultant’s parking in downtown San Francisco, which is by no means cheap. When we went out and provided them with a MS contract that is 1/3 the cost of what they were spending now and would provide them with around the clock remote support, on-site support when needed, proactive maintenance and assign them a Chief Information Officer who will help them understand their network better, they weren’t comfortable with making a change.

At what cost does their excess spending outweigh their comfort on one element of their business that doesn’t necessarily make them any more profitable? Yes, having an unstable network can be very costly, but having a stable one won’t make you any more profitable. The best practice is to be as efficient as possible; spend a specific amount that is tailored for your network. (Thus every one of our contracts is based on the exact make/model of our client’s network.) The main reason why MS companies have been gaining favor and have been able to grow so rapidly is because they have devised a model that is essentially less than what everyone spends on a full time IT support and yet provides them with much better overall support.

While I appreciate their loyalty to their current provider, at some point you have to wonder under what mindset they approach their support. It really seems that the VC mindset is much different than any other small business because financing is not usually a problem. You are talking about companies with millions and millions of dollars to invest, so spending more on IT support really isn’t a concern. The few providers who have been able to break into the market are defiantly making plenty of profit. “It really seems like breaking into the Finance industry is like joining an elite college fraternity, once you are in you will make a lot of contacts with powerful and rich people.”