The Need To Allay Organisations’ IT Security Concerns
Mark Thompson, 20/08/2010, posted in "Analysis"
Mark Thompson is the managing director of COA Solutions, a UK provider of business management and information systems to the UK mid-market service sector. Mark trained as an accountant ...more info
Mark Thompson is the managing director of COA Solutions, a UK provider of business management and information systems to the UK mid-market service sector. Mark trained as an accountant before joining the infant business software industry with Olivetti in 1981. This was followed by a sales roles with Multisoft and Tetra (now part of the Sage Group), two of the early pioneers of branded accounting software for SMEs. In 1996, Mark joined COA Solutions, moving rapidly from sales manager to sales director and then onto managing director in 2002. Mark subsequently oversaw COA Solutions' rapid expansion as turnover grew from £12m to £60m over the next seven years. During this period, COA Solutions completed nine acquisitions as it established itself as the leading UK business software vendor to mid-sized organisations. In early 2010, Mark led COA Solutions into negotiations with Advanced Computer Software Plc (ACS Plc), resulting in the business being acquired for £100m in an all cash transaction. COA Solutions now operates as an Advanced Computer Software Group company. ...less info
Your organisation’s security policies may well be tight with significant time having been spent on creating information management best practice. But what about suppliers, are they just as concerned about the security of your organisation’s data?
A number of leading organisations are certainly not convinced. Take HMRC, for example, which is concerned that all its third party software meets stringent data security requirements. The department recently examined the web sites of 30 software vendors and reported that only seven featured a statement dedicated to security principles (see further reading, below).
Concerns about security are increasing due to the wide-ranging form of technologies that can be used to interact with an organisation. As much as 82% of IT security administrators believe social networking, internet applications and widgets have significantly lowered the security posture of their organisation, according to the Ponemon Institute (see further reading).
And the price of any breach is likely to be high. Additional research from the Ponemon Institute states the cost of UK data breaches increased 7% in the past 12 months and 36% during the past two years (see further reading). The research found that each security incident cost on average £1.68m to manage.
These concerns need to be taken seriously and allayed by IT providers, whilst ensuring that organisations’ fears are kept in perspective so that developments in IT are not held back.
Help comes in the form of software trade body the Business Application Software Developers Association (BASDA), which has recently launched the Software Security Code of Practice (see further reading). The voluntary code helps vendors demonstrate their security credentials, with signatories allowed to use a special logo on their web site.
The code outlines how the secure use of software can be facilitated by good design and focuses on five areas: legislation compliance; data access controls; authorisation; storage and auditing; and data back up.
BASDA’s code is a positive step towards allowing software suppliers to demonstrate their security credentials. Allaying organisations’ fears about security issues is key and so, who will be the next signatory?
Further reading:
http://www.channelweb.co.uk/crn/news/2267912/hmrc-backs-basda-security-drive
http://www.computerweekly.com/Articles/2010/01/28/240101/Cost-of-UK-data-breaches-up-7-in-2009.htm
http://www.basda.org/software-security-code-of-practice-44517.htm
Subscribe via RSS or via email
