Information security is rapidly ascending to the top of boardroom agendas, as firms continue to digitise, and as more and more of their value is attributed to their data, writes Paul Jolliffe, DSM expert: security at T-Systems South Africa.
It’s true: data truly is the new currency of the information era.
In the same way that a company’s financial assets are protected by carefully selecting accounting, auditing, banking and investment partners, it’s data assets must be protected by choosing the right information security partners.
At stake are some of your most valuable assets – your data and your reputation.
Because of this, the reputation of your security partner is paramount. Almost every technology shop has latched onto the tagline of ‘trusted’ provider. And trust is, indeed, the name of the game. As an organisation, you need to implicitly trust that your security partner is accurately assessing your vulnerabilities, planning for future threats, implementing the right solutions, and quickly responding to any breaches that may occur.
But the term “trusted” is far more than a marketing tagline. It should, in fact, encompass a broad range of attributes:
* Accountability – look closely at the contract to see who bears the risk burden? Your security partner should have the confidence to shift the risk away from you, to themselves as the service provider.
* Technical skills, capabilities and certifications – your partner should assemble multi-disciplinary security teams to cover every contour of your threat landscape, to provide the broadest breadth of services.
* Continual innovation and consulting – being a ‘trusted partner’ means proactively discussing issues unfolding on the threat horizon, providing consulting services to mitigate these threats, and continually innovating in one’s security approach.
* Strong customer satisfaction levels – security partners should participate in industry surveys, regularly measure feedback from clients, and use this feedback to refine their customers’ experiences.
* Deep relationships – does your security partner invest in developing a long-term strategic relationship, or are they merely seeking profit margin on security solutions?
* Developing your company culture – so that your people become more aware of security and risk management, and make more astute decisions – never revealing sensitive personal or company information.
* Effective ways of contracting and pricing – contracts should certainly not lock you in for years at a time, and pricing should be aligned to clearly-defined business performance and outcomes.
Selecting your security partner shouldn’t necessarily be about finding the most inexpensive, simplest IT firm or solutions. When it comes to something as critical as your data, it’s wise to find a strategic partner that imbues principles like integrity, reliability and transparency into its very DNA. You’ll need the confidence that your partner is acting with a high degree of ethics, and acting in your best interests, at every turn.
Value-added, truly “trusted” professional security companies should be active in the spheres of public debate and policy-making – recognising that data security is likely to emerge as one of the biggest social issues of the 21st century.
While big data holds the promise of improving our lives at every level (think about the safety of self-driving cars or the increasing connectedness of terrorist activity surveillance), it needs to be carefully managed. As devices like the Amazon Echo start entering our homes, potentially recording everything we say, and Google Maps plots a history of our every movement, the notes of an Orwellian dystopia starting ringing eerily in our ears.
The onus is on security professionals to advise individuals, organisations, and governments on how to balance transparency and privacy, when to encrypt data, to anonymize data, to classify data.
It’s certainly not too much to ask of your security provider to have an active voice and play an active role in the broader social issues relating to data privacy.