Sometimes, in IT Security, it's important to ask the simple questions. Questions like, "Who is checking that your IT Security is working properly?" and "How does your team know that application is really secure?" Our latest service provides a solution for Business-Level IT Security Health-Checks. Apart from providing a great option for additional services revenue, we think it will help your customers answer some of those questions - and much more!!
Business-level IT Security is now here!
IT security is no longer just about technical tools and Firewalls. The real threats today come from attacks on the people inside your organisation. Business-Level IT Security is all about how the company is protecting them from email-borne, Internet and social engineering attacks.
We must all be diligent, every day in our working lives, to minimise threats. Ultimately, we must be sure that our IT systems and our users have the right policies, processes, controls and training, to avoid inadvertently causing a catastrophic incident.
Threats hidden in plain sight
We all know that if you look at something for too long, you start to miss important mistakes. But did you know that the same is true for Security Assessments? Thinking that you’ve found all the major vulnerabilities can obviously create a dangerous and false sense of security.
According to a recent report from Gartner, internal teams often become too familiar with their own applications. Organisations should look to external providers, to avoid duplicating existing security tests; to identify gaps in coverage; and to include security experts in the architectural review, at the very start of the development process.
What triggers a Business-Level IT Security Health-Check?
A few years ago, I might have written a cheat-sheet for your sales team to use, but for now here is just a few examples of when to pitch a Health-Check to your customer:
New Applications or Upgrades: If you find a customer talking about the planned upgrade of an existing application, or the introduction of a newly coded application, it’s a good time to review the integrity of the application and what changes in functionality will it bring to their Security posture.
Mergers and acquisitions: Changes to the structure of the business introduce or remove infrastructure. Anything that brings new applications or network infrastructure into the business, or requires investment to incorporate changes, will require assessment.
Migration: The growing adoption of Cloud offers the opportunity for customers to move applications from one security context to another. However, applications that move should trigger a review, or be included as part of an ongoing assessment service.
External Development: Listen out for who is responsible for development. Third-party applications that have not been previously reviewed, or those developed through outsourcing, need protecting. This applies to applications developed by resellers and should be suggested as an add-on to your overall project.