Firms Not Cutting IT Security

This is an article I found in business weekly which addresses Endsight’s main IT Security direction. Although the economy is down, companies cannot afford to skimp on security and IT maintenance. Endsight now offers virus and spam protection at the desktop and server levels. Many of our clients are realizing the value in protecting their most important asset- their knowledge. Back up is becoming more practicle, affordable and important these days. It’s a safe guard that many companies only realize the importance of once its too late.

Please enjoy this article written by Stewart Baines of silicon.com

Despite tight budgets, CIOs, faced with rising threats from malware and disgruntled employees, have decided it pays to be wary, surveys show

With IT budgets flat or declining, you might have expected security spending to be similarly under pressure. But it seems CIOs faced with rising threats—including those from malware and disgruntled employees—have decided that it pays to be wary.

Indeed, several surveys have reported that enterprises are increasing their security budgets in 2009 despite cuts in overall IT budgets, with tech chiefs expecting security issues to grow this year as a result of the economic uncertainty.

Speaking to IT directors, the story is the same: downturn or not, cutting security spending is not worth the risk.

Jane Kimberlin, the IT director of Domino’s Pizza, which is bucking the trend of depressing financial results thanks to diners downsizing to a takeaway, said: “We are in fortunate position of finding the downturn not affecting sales. Consequently I am not experiencing any budget constraints at all.

“Having said that, I don’t think we would ever reduce our security budgets. I often talk to other CIOs in the FTSE 250 and it’s not something anyone has said they would do.”

Similarly David Supple, IT director for Ecotec, a management consultancy working in the public sector, said despite the tricky economic climate: “Overall our IT security budgets are not down a lot.”

Crisis, what crisis?
So with IT security budgets largely intact, are companies well prepared for the challenges ahead? Over the past year there have been a string of high profile data breaches, and embarrassing cases of lost laptops, USB drives and CDs in the public and private sector.

But the fear is that such mistakes could be replaced with the deliberate theft of data, with disgruntled former employers made redundant in the downturn fuelling the insider threat to IT security.

Alan Rodger, senior research analyst, Butler Group said: “The insider threat is the most significant. With people’s jobs coming under threat, some will make the most of the opportunity before they leave. For others, simply being told their pay is being cut might inspire them to breach security.

“Investment over the years has focused on security threats outside of the organisation but I believe companies now need to spend a lot more time looking at the threats from within.”

Rodger’s stance is underlined by a recent Ponemon Institute survey of 950 people who had lost or left their jobs during the last 12 months. The research found nearly 60 per cent of them took company information, such as customer contacts, when they left.

The threat of flexibility
As the downturn rumbles on, there is pressure from business managers to be more flexible and cut costs: get closer to customers, work from home more often, and reduce the overhead on centralised offices. The counterpoint is that data leaves the once fortified confines of a company’s premises.

“My internal customers need to be more mobile and so we have seen an explosion of devices on market like netbooks which help them do this. I have to get the balance between making services accessible and security, and security has to win every time,” Domino’s Kimberlin said.

“But we have to recognise that there is a blurring between our work and personal lives so if our employees want to use social networking for instance, we let them do it as long as it doesn’t compromise our security,” she continued.

Ecotec’s Supple added: “Employees are working at weekends and in the evenings from home, maybe when they were not doing it before and using equipment that is not ours,” adds Supple. “Our perimeter has grown.”

So what can an IT director do when faced with conflicting pressures to make working practices more flexible, yet make access to sensitive corporate data more secure, particularly when there is little money around for investment in anything other than business-as-usual security? The trick is to focus investment on where it makes a difference.
Burton analyst Rodger said: “Over the years, most IT security projects have not had to be qualified by a business case but that is changing. Many businesses are recognising that they need to assess the risk, and find a balance between financial cost and the probability of a breach happening.

“When you understand the risk—and how the economic crisis could increase risks—you stop making short-term cost savings in the IT security budgets in ways that leaves you open to the worst risks.”

http://www.businessweek.com/globalbiz/content/mar2009/gb2009039_621530.htm?chan=top+news_top+news+index+-+temp_global+business

Why choose a Managed service for your small business computer network? A better question is why not?

Traditional IT outsourcing options are limited:
• Network and server maintenance is performed intermittently (once per week/month) or not at all
• Resolution time on staff computer problems is poor, and internal staff resources are often required to assist
• Response time for server and network-related problems is often inadequate
• Time-consuming and tedious-yet critical-tasks like desktop maintenance frequently go undone
• Maintenance tasks that require a system to be off-line or rebooted are difficult and often ignored
• Strategic thinking and guidance is insufficient or nonexistent
• Costs are high and unpredictable

Managing IT internally has other drawbacks:
• Full-time IT employees are very expensive. The average salary for a Network Administrator in northern California is $60,000/year, not including payroll taxes, workers compensation, benefits, and soft costs such as time off, office space and equipment
• Turnover in IT is high and the cost to recruit is significant, not to mention the cost of going without IT support while looking for replacement staff
• Because IT is a rapidly changing field, it is time-consuming and expensive to provide the training necessary to keep IT employees up-to-date
• Many IT management tasks are most efficiently performed when automated with tools and technology. This is the only way to ensure consistency. Yet the tools and technology to do this are outside the financial reach of most small businesses.
• One technician, no matter how good, can’t match the knowledge and experience of a full team of engineers. A company that specializes in IT can maintain experts in areas that may only be needed a few times in a year. A team of IT professionals can share their information and skills, giving each member the benefit of the entire team’s knowledge.
• Dealing with IT is a distraction from an organization’s core business and absorbs time and other resources that can be better allocated elsewhere

A Managed service eliminates these and many other problems commonly associated with traditional IT outsourcing and Internal IT staff. Managed services frees small businesses to concentrate on what they do best, confident that their networks are being managed by trusted experts who are dedicated to helping their business succeed. Managed services combine highly trained IT professionals with sophisticated automation and remote management technology. Managed services ensure your network is always reliable by preventing most technology problems and resolving others quickly. Simply put, there’s not a better IT solution for your small business.