By Ralph Berndt, Director, Sales and Marketing, Syrex.
South African organisations must assess their security footprints to ensure they are prepared for the worst. And the worst is here – the 2015 IBM Cost of Data Breach Study found that the consolidated total cost of a data breach now sits at $US 3.8 million with the price tag on lost business an expensive average of $US 1.57 million.
Add into this mix the fact that, according to the SANS Institute, many organisations do not have the staff required to perform 24/7 network, systems infrastructure and security monitoring. The result is organisations which are battling to keep up with the threats on the horizon.
This has led to a rise in managed services solutions which support the business in ensuring systems are secure and resilient, however, not all managed services are created equal and many don’t scratch the surface of what security really means. The scale of their solutions do not allow for true visibility, such as the ability to track every person who has logged into the system, what they did while they were in there and what keystrokes they made.
Environments have to be highly visible and audited to ensure they are resilient and have the right levels of data management in place. Analytics must be capable of going into the depths of the system and comprehensive enough to fit in with the compliance requirements of legislation such as POPI (Protection of Personal Information Act) and, in terms of the financial services industry, PCI security standards.
Who watches the watcher?
ISO 27000 compliance is a good place to start. This family of standards helps the organisation to keep information assets secure and solutions which are compliant within this remit are already aiming to provide proper resilience and clear auditing capabilities. The standard assures best practice and assures clients of a high level of security awareness.
The next step is to develop a system which matches specific organisational requirements. No two business models are built the same, so managed services need to provide clients with the ability to pick and choose the elements they need to achieve compliance. This needs to be further driven by POPI and the transformation of data into digital formats.
There has to be richer control over this data and most South African enterprises are not aware of how important this is, and how pervasive the risks are. There is also a large gap between implementation and understanding when it comes to POPI. The right service provider can support the organisation in developing the correct infrastructure to ensure POPI compliance.
The business requires a comprehensive ecosystem which can provide security management and assessment on an ongoing basis and within specific parameters. Penetration testing, management, monitoring and control down to the server level assure the business of peace of mind and compliance on both internal processes and data management.
Syrex is introducing technology which can see every person on the system, stores data in an offsite repository, logs and tracks activity for auditing purposes, analyses data down to the lowest levels and provides comprehensive POPI compliance capabilities. Governance, Compliance and Risk must be evaluated and understood for a client to best manage their business and its data to ensure longevity and best practice. As of yet many of the international standards have not been legislated in South Africa but it is becoming ever more relevant for businesses to ensure that they apply these guidelines to their business practices. They ensure complete corporate responsibility for data and give richer insights into the data usage, management and control.
The system is highly customisable and supports the South African organisation as it navigates the somewhat murky seas of compliance, security and managed services by giving it a state-of-the-art compass. It also answers the question – The watcher is managed by technology which allows for a complete partnership between company and provider and comprehensive visibility across network, infrastructure and security.