Hi, I am back again with my next post on Remote Infrastructure Management. As promised, today’s post will discuss security practices and its importance in IT infrastructure management outsourcing.
IT infrastructure is at the heart of your enterprise and you will never want a breach. A premium security practice is a prerequisite for any organization considering IT outsourcing. When entrusting all or part of your infrastructure management to a third party you need to have the confidence in your IT partner that their security practice is robust, secure and constantly monitored, after all any breach in their security system can prove fatal for your business.
A Breach in security can cost you dearly
Any breach in security can cost you dearly. It mars your public reputation, loses customer confidence and the actual financial loss is staggering. McAfee recently conducted MSI international survey among 900 companies and reported that an average midsize company has lost $43,000 in 2008 because of security breach. Outsource your IT infrastructure to give away a headache! The right IT partner can secure your infrastructure outsourcing in addition to significant cost reduction.
A balance between security and usability
Organizations generally have a stance on security and typically it comes down to a tradeoff between security and usability. It’s a balancing act on a see-saw – the farther you go towards the security side of the see-saw the less usability you get.
For example, organizations could lock down all USB flash ports to restrict sharing of sensitive information by employees. Use of unprotected USB flash drives is a threat to the security to an organization because users can either accidentally lose the device or purposefully give the information to an unauthorized person.
Another common security practice is the firewall rules. The “most” secure way of approaching the configuration of a firewall would be to block everything and then allow what you know is required. Of course, this isn’t practical in almost every use case.
The result would be a deluge of calls to the helpdesk with users complaining that they can’t access something. To avoid these calls organizations often configure the firewall to allow all traffic and then restrict what they know should be restricted.
But do they really know what should be restricted?
So, the question is where and how should you apply security?
Security applies to every device in your environment, the physical security and security policy. There are many things to consider in the security world and understanding the characteristics and objectives of the organization is key to making appropriate security recommendations. Does “Best Practice” apply to every organization? NO!
Your managed service provider needs to be asking you questions to understand where your organization sits on the security see-saw. If they don’t, then the security measures and management that your Managed Service Provider puts in place could be misaligned and can cause your organization more harm than good. When you are talking security it needs to be right, the risks are too great…
Some of the things (depending upon the level of service) a Managed Service Provider should give your business from a security standpoint include:
- Vulnerability Assessment Services
- Security Review and Recommendations (at a Business Level with IT detail to back it up)
- Managed Firewall Services
- Regular Configuration Reviews
- Regular patches on all your devices
- Regular firmware and other devices updates
- AV/Spyware/SPAM
If you’re not getting the type of service you need look elsewhere, and if you are looking for an IT partner to help you manage your environment make sure you are getting the services and recommendations that are right for your organization.
A few security measures
In addition you should consider certain security measures while deciding on outsourcing:
Compliance Issue: Regulatory compliance mandates change rapidly so make sure you look for ISO certifications in your service providers.
Security and disaster recovery plan: You should also ensure that your service provider has a proper security and disaster recovery plan. Lack of security and disaster recovery plan causes serious security breach and can also result in service discontinuity.
Cultural and communication issues: It is also necessary that you understand the work culture of your service provider’s geographies. If you are working with a partner in a different time zone then at times communication becomes a challenge. Typically your IT partner should be working around the clock to make sure you systems are up.
GSS Infotech’s approach to Secure Infrastructure Management
At GSS Infotech, we follow a stringent security practice that includes:
- Security policies, procedures, and Compliance (PP)
We have a set of documented security policies that are periodically reviewed, updated and enforced. Our client can review these policies and provide specific security policies as a part of the RFP. Moreover, our services are ISO complaint to ensure optimum quality and security. We have regular internal audits and yearly external certification/surveillance audit by TUV to conform to ISMS standards.
Our service has the following ISO certifications:
- ISO 27001: 2005 (formerly known as ISO 17799:2005) specifies the practice of Information Security Management
- ISO 20000 – 1: 2005 specifies the requirements of a service provider to deliver managed services
- ISO 9001: 2008 specifies requirements for a quality management system in an organization
- Contingency planning: security and disaster recovery (DR)
We have an effective business continuity and disaster recovery plan that is periodically reviewed, tested and implemented. We also have a regular schedule of backups for both software and data to avoid loss of valuable time during any emergency.
- Physical security (PS)
At GSS Infotech, we control physical access to information, and IT services. Staff goes through layers of security check and biometric scanning before accessing any information. Moreover, we implement firewalls, anti-virus protection and encryption methodologies to secure clients’ information.
- Seven Safe harbor Principles
GSS Infotech follows Seven Safe Harbor Principles to maintain integrity, privacy of clients’ information and prevent the risk of accidental disclosure or loss of any information.
In the coming weeks, I will further explore the benefits of RIM outsourcing. I will explore all the 10 benefits of RIM outsourcing to show outsourcing managed services does not only mean cost savings but also better efficiency, responsiveness and reliability.
If you have any questions on best practice security options for your organizations please get in touch or comment on this blog.
Ranga
Rangababu Thota
Practice Head: Remote Infrastructure Management
Reach me at:
Rangababu.thota@gssinfotech.com
USA: + 1 312-428-3331
APAC: +91 40 44552006
