Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
2. Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Canada: Reducing the Cost and Complexity of Network Security
Source: itbusiness.ca
Source Date: Thursday, June 09, 2016
Focus: Thematic Website
Country: Canada
Created: Jul 18, 2016

A recent story in the Washington Post said that the Federal Bureau of Investigation (FBI) received 2,453 complaints about ransomware alone last year. The practice has extracted US$24.1 million in ransom from victims. The FBI claims an increasing number of victims are paying to get their files back, despite advice to the contrary, which only encourages the criminals to continue these activities.

In an ironic twist, even Verizon, which produces a well-regarded annual security report, was recently hacked because of a flaw in its enterprise client portal. According to eWeek, an online media outlet, information on an estimated 1.5 million enterprise customers was stolen; the hack was first reported on in March 2016, but Verizon did not provide specifics on the incident.

Bottom line: no one is safe

In this landscape, corporate IT staff frantically struggle to keep their heads above water. Not only do they need to focus on the multitude of technical issues and events that occur in keeping IT infrastructures and systems up and running, they also face the additional challenge of securing the network and systems, and supporting users who are increasingly bombarded by phishing emails and other malware.

The cost of doing nothing is significant. According to research firm Ponemon Institute’s 2015 State of Cyber Crime Report, the average company cost of cybercrime is more than $7 million (US) worldwide, with U.S. companies taking a US$15 million hit on average. And criminals are getting more inventive, often breaching a network and then waiting for months before initiating an attack to ensure that their malware is firmly entrenched, and that it will create a breach in the most valuable targets.

Canadian companies may be throwing money at the problem, but, according to IDC Canada, they are not investing in the right things that would mitigate risk and minimize the impact of breaches. In its 2016 ITC predictions, IDC said, “Security spending will surpass $2 billion in 2016, but Canadian businesses will still not be investing in all the right places. Organizations must take a holistic approach to designing a security strategy, and ensure that end-user security training is prioritized and implemented.” This means examining all facets from the technology to the human factor, not simply concentrating on the tech.

Furthermore, said Lars Goransson, general manager and group vice president at IDC Canada, “CIOs need to recalibrate IT organizations’ fundamental priorities (e.g., critical skills, strategic technologies, insource/outsource decisions) as IT infiltrates more of the enterprises’ products and services, instead of simply supporting the delivery of those offerings.”

Given the shortage of qualified security professionals, one of those critical decisions could be to engage a managed security services provider (MSSP).

“Managed security services continue to gain momentum in Canada and is expected to be the strongest performing security market over the next five years,” writes Kevin Lonergan, research analyst for infrastructure solutions at IDC Canada, and co-author of the IDC MarketScape research report Canadian Managed Security Services 2015 Vendor Assessment.

“The MSSPs operating in Canada can all provide managed security services, but what differentiates them is their value-add services and investments in next-generation technologies such as big data threat analytics and cloud identity management. The diverse MSSP landscape spanning telcos, consulting firms, and pure play providers ensure that Canadian organizations can find a provider that meets their specific needs and budgetary requirements,” Lonergan said.

So what can a MSSP do for you?

One huge benefit comes from the 24×7 monitoring, something many companies can’t afford to do for themselves. But for time-constrained IT departments, passing off day-to-day activities like proper firewall configuration and updating is also worth its weight in gold, as is patch management. It frees IT staff from the mundane, so they can innovate for the business.

MSSPs make sense of the security landscape, helping design, implement, and maintain an architecture that will protect their customers. A good MSSP understands compliance requirements, and can tailor its services to suit. And since the cost of acquiring that knowledge and training its staff can be amortized across many customers, it keeps the price of the service reasonable for all.

When something goes wrong – and it inevitably will – the MSSP has the advantage of both expertise and scale. The solution for, or prevention of, issues affecting one customer will be available for all. And while the MSSP, with its specialized personnel, sorts out the mess, customer IT can focus on other tasks.

IDC’s report validates this, saying its research shows that the number one reason customers engage an MSSP is because they themselves don’t have the in-house skills or resources to effectively manage, or even monitor the security threat environment across their own infrastructure.

That can mean one less headache for the CIO.

(By Lynn Greiner)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
0 ratings
Views: 268

Comments: 0 Bookmarked: 0 Tagged: 0

0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2019 by UNPAN - United Nations Public Administration Network