NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES

Size: px
Start display at page:

Download "NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES"

Transcription

1 NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES September, 2015 Derek E. Brink, CISSP, Vice President and Research Fellow IT Security and IT GRC Report Highlights p2 p4 p6 p7 SMBs need to adopt a strategy for networking that delivers fast and reliable service, dynamic access, and flexible growth while also addressing security risks and sustaining compliance. SMBs need to have a focused, disciplined approach to network security currently, the consequences of security incidents actually experienced by SMBs don t align well with their reasons for investing in security in the first place. SMBs need to make a build-or-buy decision about network security Aberdeen s study suggests 30% to 60% growth in network security services for SMBs, compared to low or no growth in traditional, in-house deployments. SMBs should develop an appreciation of the costs of securityrelated business disruptions, data breaches and operational expenses of do-ityourself network security which may be higher than many SMBs may think. Like virtually all modern organizations, most small and mid-size businesses (SMBs) today are built on the foundation of one essential technology: a reliable, high-performance network. Aberdeen s research suggests four actions that every SMB should take with respect to network security.

2 2 Once organizations get to even a modest size, they need to adopt a strategy for networking that delivers fast and reliable service, support for a dynamic mix of access and connectivity, and flexibility for future growth while also addressing security risks, and sustaining requirements for regulatory compliance. A security incident refers to any event that attempts to compromise the confidentiality, integrity or availability of an information asset. A data compromise (or data breach) refers to a security incident which results in the confirmed disclosure of an information asset to an unauthorized party. Your Business is the End Your Network is an Essential Means Like virtually all modern organizations, most small and mid-size businesses (SMBs) today are built on the foundation of one essential technology: a reliable, high-performance network. For small and mid-size businesses to stay competitive and achieve their business objectives, SMB networks that may have initially been designed simply to support internal activities now need to adapt, integrate and keep up with the waves of disruptive changes in IT infrastructure that have rolled in over recent years which include mobility, social collaboration, virtualization and cloud computing, among others. Once organizations get to even a modest size, they need to adopt a strategy for networking that delivers fast and reliable service, support for a dynamic mix of access and connectivity, and flexibility for future growth. Networking is the one core information technology that makes all these other services possible, and it demands ongoing focus. Unfortunately, the list of requirements for today s SMB networks doesn t end there. Security risks have become an issue both in the headlines and in executive boardrooms, and smaller organizations would be unwise to believe that they are somehow immune. On the contrary, the 2015 Verizon Data Breach Investigations Report (DBIR) found that of the 694 security incidents investigated in detail that were experienced by smaller organizations, a whopping 573 (83%) resulted in a confirmed data compromise compared to a success rate of just 2% for all other organizations in the study. From the attacker s perspective: if you want to succeed, attack a SMB. Similarly, SMBs would be unwise to assume that they are not worth attacking they are, and if not for their own resources, then as a link in an increasingly interconnected supply chain. For example, SMBs are well known to be the attacker s preferred stepping stone towards compromise of a larger, more lucrative target.

3 3 Compliance brings another set of requirements that many SMBs are now compelled to achieve and sustain, which may include industry regulations (e.g., security standards for payment card data under PCI DSS), government regulations (e.g., HIPAA, HITECH), customer requirements (e.g., recent trends towards larger enterprises being required to validate minimum standards for security throughout their supply chains), or all three. Table 1: Drivers for SMB Investments are Not Aligned with Consequences of Actual Incidents Drivers for SMB Investments in Security Consequences of Actual Security Incidents Avoid negative publicity 47% 23% Damage to reputation or brand to reputation / brand Government regulations 41% Audit / Compliance-related incidents (actual) 21% Industry regulations 19% 8% Fines or penalties from non-compliance Security-related incidents (actual) 34% Vulnerabilities and threats (risk) 22% Business disruptions 24% 31% Compromise of sensitive data 79% Loss of user productivity 64% 11% Unplanned downtime or system outages Long-term loss of business (e.g., lost customers) 10% Material loss of revenue or profit Note: multiple responses accepted; percentages do not add to 100% (N = 121) Source: Aberdeen Group, September 2015 What SMBs Want from Their Investments in Security and What They re Actually Achieving Consistent with dozens of benchmark studies over several years, it comes as no surprise in Aberdeen s most recent analysis of

4 4 The drivers for current investments in security by small and mid-size businesses continue to be dominated by risks and compliance but the consequences of the security incidents actually experienced by SMBs don t necessarily align very well with their reasons for investing in security in the first place. Security and compliance demand that SMBs have a focused, disciplined approach. more than 120 SMBs that the drivers for their current investments in security continue to be dominated by risks and compliance, as shown in Table 1. For the SMBs in Aberdeen s study, risk as a driver for current investments in security has several dimensions, listed here in descending order: Avoid negative publicity (e.g., damage to reputation / brand) nearly half (47%)of all SMBs Respond to security-related incidents that were actually experienced in the last 12 months one-third (34%) of all SMBs Protect against disruptions to the business nearly one-fourth (24%) of all SMBs Protect against vulnerabilities and threats (i.e., the potential for actual security-related incidents) just over one-fifth (22%) of all SMBs As a driver for current investments in security, note that SMBs took compliance with government regulations much more seriously (41%) than compliance with industry regulations (19%), or problems with compliance certifications or audits that were actually experienced in the last 12 months (21%). This finding is most likely proportionate to the current level of enforcement, fines and penalties for non-compliance that SMBs have actually encountered. Nothing is less effective than a strict compliance requirement, weakly enforced. On the other hand, when asked about the most commonly experienced consequences of actual security-related incidents, SMBs reported some curious contrasts between outcomes and intent. Specifically:

5 5 Nearly four-fifths (79%) of SMBs cited loss of user productivity as a result of security incidents in the last 12 months, and nearly two-thirds (64%) experienced unplanned downtime or system outages yet just 24% identified such disruptions as a driver for investment. Just 8% of SMBs indicated that they had experienced fines or penalties for non-compliance yet more than 40% identified at least one form of compliance as a driver for current investments. Nearly a third (31%) of SMBs reported that they had experienced a compromise of sensitive data in the last 12 months which does seem to align with the 34% who cited actual security incidents as a driver for investment. This apparent gap between what SMBs say they are looking for from their investments in security, and what they say they are actually achieving from those investments, underscores the previous point: that the operational context for SMBs has significantly changed, and that SMBs need to develop a deliberate strategy for networking as a foundational, enabling technology. This in turn requires a focused, disciplined approach to network security. An Essential Question All SMBs Need to Address: Are Security and Compliance Merely Important, or Are They Actually Strategic? As Aberdeen has described in Managed Security Services: When It's Time to Stop Going IT Alone (August 2014), an essential issue that all small and mid-size businesses need to reconcile is that security and compliance are unquestionably desirable and important; i.e., they clearly merit serious attention but at the same time, it s also clear that SMBs don t exist merely to manage security and sustain compliance. On the contrary, SMBs exist chiefly to pursue their strategic business objectives of serving Quantifying the Business Impact of Security-Related Incidents Traditionally, security professionals have found it challenging to quantify the business impact of securityrelated incidents such as unplanned downtime or compromised data. In related research, Aberdeen has been applying the proven techniques of Monte Carlo modeling to raise the level of discipline around discussing these topics in terms of risk, as risk is properly defined i.e., in terms of both the likelihood of an incident, as well as the business impact if the incident does occur. Based on these models, Aberdeen has estimated the risk for these two specific areas which are two of the most commonly experienced consequences identified by SMBs as follows: The risk of unplanned downtime Median business impact of about 0.8% of annual revenue Business impact of between 0% and 2.8% of annual revenue, with 80% confidence The risk of a data breach Median business impact of about 2.3% of annual revenue Business impact of between 0.5% and 6% of annual revenue, with 80% confidence

6 6 Even if a given SMB has the resources (e.g., time, staff, budget) and capabilities (technical expertise) needed to implement traditional, on-premise network security solutions, is it really better off doing IT on its own or would it be better off leveraging the expertise, scale and scope of a third-party service provider? This essential question is one part can we, and one part should we. customers, profit, growth, expanding markets, differentiating themselves from competitors, and so on. Many things in IT can be extremely important, but not at all strategic for example, payroll. Another way to frame this essential question: even if a given SMB has the resources (e.g., time, staff, budget) and capabilities (technical expertise) needed to implement traditional, onpremise network security solutions, is it really better off doing IT on its own or would it be better off leveraging the expertise, scale and scope of a third-party service provider to address its network security requirements, freeing up its own resources for its own business? Network security service providers can provide SMBs with the network access, bandwidth, performance, security, compliance and monitoring capabilities they need while relieving them from the need to keep up with the latest technologies, hire the right experts, and make ongoing investments in new generations of networking hardware and software. For the SMB, the essential question is one part can we, and one part should we. Market Trends Show High Growth in Network Security Services Aberdeen s benchmark research helps to show how SMBs have been answering these questions to date, and how they intend to address selected aspects of network security going forward (see Table 2). In the specific network security solution categories of firewalls, intrusion detection, network scanning and continuous security monitoring, SMBs in Aberdeen s study indicate very strong growth in network security services in fact, the majority of new deployments are choosing services over inhouse implementations. Yes, these activities are important literally all SMBs have implemented firewalls, and a supermajority of SMBs has implemented solutions in the other three areas. But no, these activities are no longer being viewed

7 7 as strategic the clear majority of new implementations are opting for network security services, as opposed to doing it inhouse. Table 2: Aberdeen s Research Indicates High Growth for Network Security Services, as SMBs Increasingly Realize They re Better Off Not Going IT Alone Network Security Solution Category Overall Traditional / In-House Security Services Current Adoption Planned Growth Current Adoption Planned Growth Current Adoption Planned Growth Network firewalls 100% 2% 83% -7% 17% 50% Intrusion detection 83% 6% 63% -7% 20% 44% Network scanning 74% 20% 52% 14% 22% 35% Network security monitoring 24x7x365 More than one network security technology is typically deployed, so responses for current adoption do not add to 100%; current adoption refers to percentage of all SMB respondents (N=121); planned growth refers to planned deployments over the next 12 months. Source: Aberdeen Group, September 2015 Downtime, Data Breaches and Do-It-Yourself Network Security Costs SMBs More Than They May Think A final consideration for network security for small and mid-size businesses is to appreciate the costs of security-related business disruptions, data breaches and operational expenses of a do-ityourself approach which may be higher than many SMBs may think. As noted previously (see the sidebar on page 5): 70% 21% 52% 8% 18% 59% Aberdeen s estimate for the risk of unplanned downtime is between 0% and 2.8% of annual revenue (80% confidence interval), with a median annual cost of 0.8% or about $400,000 for every $50M in annual revenue.

8 8 Solution Selection Criteria In additional to quantitative comparisons of total annual cost, qualitative attributes to consider when selecting a network security services provider may include: Portfolio of managed services, professional services, and threat intelligence services Dedicated security expertise Global threat research and visibility Established customer base Industry thought leadership For the risk of a data breach, Aberdeen s estimate is between 0.5% and 6% of annual revenue (80% confidence interval), with a median annual cost of 2.3% which is more than $1.1M for every $50M in annual revenue. With respect to the operational expenses of network security, Aberdeen s analysis of SMB survey responses supports a simple estimate of the relative advantage of using selected network security services, compared to a traditional, in-house approach: Network firewalls 57% lower operational costs, on average Intrusion detection 3% lower operational costs, on average Network security monitoring 45% lower operational costs, on average Summary and Key Takeaways Most small and mid-size businesses (SMBs) today are built on the foundation of one essential technology: a reliable, high-performance network. Once they get to even a modest size, SMBs need to adopt a strategy for networking that delivers fast and reliable service, support for a dynamic mix of access and connectivity, and flexibility for future growth while also addressing security risks, and sustaining requirements for regulatory compliance. The drivers for current investments in security by small and mid-size businesses are dominated by risks and compliance but the consequences of the security incidents actually experienced by SMBs don t necessarily

9 9 align very well with their reasons for investing in security in the first place. Security and compliance demand that SMBs establish a focused, disciplined approach. SMBs need to make a build-or-buy decision about network security. Even if a given SMB has the resources (e.g., time, staff, budget) and capabilities (technical expertise) needed to implement traditional, on-premise network security solutions, is it really better off doing IT on its own or would it be better off leveraging the expertise, scale and scope of a third-party service provider? This essential question is one part can we, and one part should we. Aberdeen s benchmark research helps to show how SMBs have been answering these questions to date, and how they intend to address selected aspects of network security going forward. The research suggests 30% to 60% growth in network security services for SMBs, compared to low or no growth in traditional, in-house deployments. A final consideration for network security for small and mid-size businesses is to appreciate the costs of security-related business disruptions, data breaches and operational expenses of a do-it-yourself approach which may be higher than many SMBs may think: a median cost of 2.3% of annual revenue for a data breach, and a median annual cost of 0.8% of annual revenue for unplanned downtime as a result of security-related incidents, based on Aberdeen estimates.

10 10 For more information on this or other research topics, please visit. Understanding Your Risk (for Real) from Distributed Denial of Service Attacks; June 2015 Reconciling Enterprise Mobility and Employee Privacy: No Longer the Impossible Dream; April 2015 Flash Forward: Network Security in the Financial Services Sector; February 2015 Flash Forward: Putting Threat Intelligence in Perspective; December 2014 When Your IT Hits the Fan: Why Your Organization Needs an Incident Response Capability; Oct Related Research Flash Forward: Networks Designed for Growth, Not for Obsolescence; September 2014 Managed Security Services: When It's Time to Stop Going IT Alone; August 2014 Three Ways to Harden the Security of Your Campus Network; May 2014 The Most Popular Public Cloud Services, and the Technology that Makes Them Possible; February 2014 Author: Derek E. Brink, CISSP, Vice President and Research Fellow, IT Security and IT GRC About Aberdeen Group Since 1988, Aberdeen Group has published research that helps businesses worldwide improve their performance. Our analysts derive fact-based, vendor-neutral insights from a proprietary analytical framework, which identifies Best-in-Class organizations from primary research conducted with industry practitioners. The resulting research content is used by hundreds of thousands of business professionals to drive smarter decision-making and improve business strategies. Aberdeen Group is headquartered in Boston, Massachusetts, USA. This document is the result of primary research performed by Aberdeen Group and represents the best analysis available at the time of publication. Unless otherwise noted, the entire contents of this publication are copyrighted by Aberdeen Group and may not be reproduced, distributed, archived or transmitted in any form or by any means without prior written consent by Aberdeen Group

MANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE

MANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING IT ALONE MANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE August 2014 Derek E. Brink, CISSP, Vice President and Research Fellow, IT Security and IT GRC Report Highlights p2 p3 p6 p7 Security is

More information

WHY ARE SMALL BUSINESSES MOVING TO CLOUD BACKUP AND RECOVERY?

WHY ARE SMALL BUSINESSES MOVING TO CLOUD BACKUP AND RECOVERY? WHY ARE SMALL BUSINESSES MOVING TO CLOUD BACKUP AND RECOVERY? May 2014 Derek E. Brink, Vice President and Research Fellow, IT Security and IT GRC Report Highlights p2 p3 p4 p5 Aberdeen s research has noted

More information

74% 2014 SIEM Efficiency Survey Report. Hunting out IT changes with SIEM

74% 2014 SIEM Efficiency Survey Report. Hunting out IT changes with SIEM 2014 SIEM Efficiency Survey Report Hunting out IT changes with SIEM 74% OF USERS ADMITTED THAT DEPLOYING A SIEM SOLUTION DIDN T PREVENT SECURITY BREACHES FROM HAPPENING Contents Introduction 4 Survey Highlights

More information

SaaS and Cloud ERP Trends, Observations, and Performance 2011

SaaS and Cloud ERP Trends, Observations, and Performance 2011 December, 2011 SaaS and Cloud ERP Trends, Observations, and Performance 2011 Over the past five years, Aberdeen has been measuring the willingness of organizations to consider Software as a Service (SaaS)

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

CloudCheck Compliance Certification Program

CloudCheck Compliance Certification Program CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or

More information

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Cloud Assurance: Ensuring Security and Compliance for your IT Environment Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware

More information

Compliance Management, made easy

Compliance Management, made easy Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue. Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues

More information

WHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING.

WHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING. WHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING. INTRODUCTION A vast majority of information today is being exchanged via email. In 2011, the average corporate user will send and receive about 112

More information

Are SMBs Taking Disaster Recovery Seriously Enough?

Are SMBs Taking Disaster Recovery Seriously Enough? A Custom Technology Adoption Profile Commissioned By Colt September 2014 Are SMBs Taking Disaster Recovery Seriously Enough? Introduction Small and medium-size businesses (SMBs) have the same challenges

More information

Securing Critical Information Assets: A Business Case for Managed Security Services

Securing Critical Information Assets: A Business Case for Managed Security Services White Paper Securing Critical Information Assets: A Business Case for Managed Security Services Business solutions through information technology Entire contents 2004 by CGI Group Inc. All rights reserved.

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant. www.isg-one.com

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant. www.isg-one.com SAFETY FIRST Emerging Trends in IT Disaster Recovery By Cindy LaChapelle, Principal Consultant www.isg-one.com INTRODUCTION Against a backdrop of increasingly integrated and interdependent global service

More information

ENSURING TIMELY AND ACCURATE FINANCIAL PLANS, BUDGETS, AND FORECASTS THROUGH AUTOMATION

ENSURING TIMELY AND ACCURATE FINANCIAL PLANS, BUDGETS, AND FORECASTS THROUGH AUTOMATION ENSURING TIMELY AND ACCURATE FINANCIAL PLANS, BUDGETS, AND FORECASTS THROUGH AUTOMATION April, 2015 Nick Castellina, Research Director, Business Planning and Execution Report Highlights p3 p5 p7 p8 Best-in-Class

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

BIG SHIFT TO CLOUD-BASED SECURITY

BIG SHIFT TO CLOUD-BASED SECURITY GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5 KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform

More information

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million. Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

State of Information Security

State of Information Security State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page

More information

DNS Server Security Survey

DNS Server Security Survey EXECUTIVE BRIEF DNS Server Security Survey Sponsored by: EfficientIP Romain Fouchereau June 2014 INTRODUCTION With most organizations having some business linked to and more importantly relying on an online

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Boosting Enterprise Application Performance in Distributed Environments

Boosting Enterprise Application Performance in Distributed Environments Boosting Enterprise Application Performance in Distributed Environments April 2012 Jim Rapoza ~ Underwritten, in Part, by ~ Boosting Enterprise Application Performance in Distributed Environments Modern

More information

PCI DSS READINESS AND RESPONSE

PCI DSS READINESS AND RESPONSE PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

2012 North American Managed Security Service Providers Growth Leadership Award

2012 North American Managed Security Service Providers Growth Leadership Award 2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate

More information

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA White Paper Achieving HIPAA Compliance through Security Information Management White Paper / HIPAA Contents Executive Summary... 1 Introduction: Brief Overview of HIPAA... 1 The HIPAA Challenge: Protecting

More information

Employee Engagement Drives Client Satisfaction and Employee Success in Professional Services

Employee Engagement Drives Client Satisfaction and Employee Success in Professional Services Employee Engagement Drives Client Satisfaction and Employee Success in In professional services, business success is achieved through employee success. Organizations that prioritize top talent gain competitive

More information

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...

More information

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices A Forrester Consulting Thought Leadership Paper Commissioned By Xively By LogMeIn August 2015 Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices Table

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

MEASURING SMB CUSTOMER OUTCOMES: THE DELL MANAGED SERVICES ADVANTAGE

MEASURING SMB CUSTOMER OUTCOMES: THE DELL MANAGED SERVICES ADVANTAGE MEASURING SMB CUSTOMER OUTCOMES: THE DELL MANAGED SERVICES ADVANTAGE Sanjeev Aggarwal, Partner Laurie McCabe, Partner Sponsored by Dell CONTENTS Introduction...3 Section 1: SMB Business and IT Challenges...3

More information

STAYING AHEAD OF THE CURVE WITH AGILE FINANCIAL PLANNING, BUDGETING, AND FORECASTING

STAYING AHEAD OF THE CURVE WITH AGILE FINANCIAL PLANNING, BUDGETING, AND FORECASTING STAYING AHEAD OF THE CURVE WITH AGILE FINANCIAL PLANNING, BUDGETING, AND FORECASTING September, 2014 Nick Castellina, Research Director, Business Planning and Execution Report Highlights p3 p4 p5 p6 43%

More information

Cisco SAFE: A Security Reference Architecture

Cisco SAFE: A Security Reference Architecture Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed

More information

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows

More information

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster WHITE PAPER: DON'T WAIT UNTIL IT'S TOO LATE: CHOOSE NEXT-GENERATION................. BACKUP........ TO... PROTECT............ Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Five reasons SecureData should manage your web application security

Five reasons SecureData should manage your web application security Five reasons SecureData should manage your web application security Introduction: The business critical web From online sales to customer self-service portals, web applications are now crucial to doing

More information

W H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o u d

W H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o u d Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o

More information

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:

More information

Cyber Security and the Board of Directors

Cyber Security and the Board of Directors Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

Are You Ready for PCI 3.1?

Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? If your hotel is not PCI compliant, it should be. Every time a customer hands over their credit card, they trust your hotel to keep their information

More information

BUILDING AGILE OPS WITH A PROACTIVE AND UNIFIED INFRASTRUCTURE MANAGEMENT APPROACH

BUILDING AGILE OPS WITH A PROACTIVE AND UNIFIED INFRASTRUCTURE MANAGEMENT APPROACH BUILDING AGILE OPS WITH A PROACTIVE AND UNIFIED INFRASTRUCTURE MANAGEMENT APPROACH March, 2015 Jim Rapoza, Senior Research Analyst & Editorial Director, Information Technology Report Highlights p3 p4 p8

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

Financial Planning, Budgeting, and Forecasting

Financial Planning, Budgeting, and Forecasting Financial Planning, Budgeting, and Forecasting Removing the Hurdles March 2013 Nick Castellina Financial Planning, Budgeting, and Forecasting: Removing the Hurdles Financial planning is the process by

More information

Cloud security with Sage Construction Anywhere

Cloud security with Sage Construction Anywhere Cloud security with Sage Construction Anywhere Table of Contents Cloud computing s advantage for construction companies... 3 Security concerns... 3 The Sage commitment to security... 4 Sage application

More information

Why You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.

Why You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc. . The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Benchmarking VoIP Performance Management

Benchmarking VoIP Performance Management Benchmarking VoIP Performance Management March 2008 Page 2 Executive Summary Aberdeen surveyed 159 organizations to identify best practices for managing Voice over Internet Protocol (VoIP). This report

More information

2015 Global Identity and Access Management (IAM) Market Leadership Award

2015 Global Identity and Access Management (IAM) Market Leadership Award 2015 Global Identity and Access Management (IAM) Market Leadership Award 2015 Contents Background and Company Performance... 3 Industry Challenges... 3 Market Leadership of IBM... 3 Conclusion... 6 Significance

More information

WhiteHat Security White Paper. Evaluating the Total Cost of Ownership for Protecting Web Applications

WhiteHat Security White Paper. Evaluating the Total Cost of Ownership for Protecting Web Applications WhiteHat Security White Paper Evaluating the Total Cost of Ownership for Protecting Web Applications WhiteHat Security October 2013 Introduction Over the past few years, both the sophistication of IT security

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments. Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?

More information

Increase insight. Reduce risk. Feel confident.

Increase insight. Reduce risk. Feel confident. Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING

More information

HOW TO BUILD A STRATEGIC SOURCING ORGANIZATION

HOW TO BUILD A STRATEGIC SOURCING ORGANIZATION HOW TO BUILD A STRATEGIC SOURCING ORGANIZATION November, 2014 Louis Berard, Senior Research Analyst Global Supply Chain, Complex Spend, HCM Report Highlights p3 p4 p6 p8 78% of respondents find strategic

More information

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD CONTINUOUS MONITORING A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD Healthcare companies utilizing cloud infrastructure require continuous security monitoring. Learn how to prevent

More information

Big Data Integration. Research Report Executive Summary. Challenges and Opportunities in Accessing and Using Today s Information.

Big Data Integration. Research Report Executive Summary. Challenges and Opportunities in Accessing and Using Today s Information. Big Data Integration Challenges and Opportunities in Accessing and Using Today s Information Research Report Executive Summary Sponsored by Copyright Ventana Research 2013 Do Not Redistribute Without Permission

More information

Leveraging a Maturity Model to Achieve Proactive Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................

More information

Are SMBs Taking Disaster Recovery Seriously Enough?

Are SMBs Taking Disaster Recovery Seriously Enough? A Custom Technology Adoption Profile Commissioned By Cisco March 2015 Are SMBs Taking Disaster Recovery Seriously Enough? Introduction Small and medium-size businesses (SMBs) have the same challenges as

More information

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing

More information

Organizations See PCI as a Benefit, Not a Burden

Organizations See PCI as a Benefit, Not a Burden Organizations See PCI as a Benefit, Not a Burden White Paper Top 10 Takeaways from the Cisco PCI Survey 1. Most organizations have taken significant steps to achieve PCI compliance and believe their current

More information

Mitigating Costly New Technology Risks For Continued Stability and Profitability

Mitigating Costly New Technology Risks For Continued Stability and Profitability Created for Steve Van Tol Mitigating Costly New Technology Risks For Continued Stability and Profitability sized businesses choose to pay for on-site support on an as- needed basis as opposed to having

More information

EMPLOYEE ENGAGEMENT: PAVING THE WAY TO HAPPY CUSTOMERS

EMPLOYEE ENGAGEMENT: PAVING THE WAY TO HAPPY CUSTOMERS EMPLOYEE ENGAGEMENT: PAVING THE WAY TO HAPPY CUSTOMERS September, 2015 Omer Minkara, Research Director, Contact Center & Customer Experience Management Michael M. Moon, Research Director, Human Capital

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate

More information

Protecting Customer Experience Against Distributed Denial Of Service (DDoS)

Protecting Customer Experience Against Distributed Denial Of Service (DDoS) A Custom Technology Adoption Profile Commissioned By Bell Canada June 2014 Protecting Customer Experience Against Distributed Denial Of Service (DDoS) Introduction In today s age of the customer, a company

More information

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012 2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August 2012 1 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit

More information

WHITE PAPER Leveraging GRC for PCI DSS Compliance. By: Chris Goodwin, Co-founder and CTO, LockPath

WHITE PAPER Leveraging GRC for PCI DSS Compliance. By: Chris Goodwin, Co-founder and CTO, LockPath WHITE PAPER Leveraging GRC for PCI DSS Compliance By: Chris Goodwin, Co-founder and CTO, LockPath The Payment Card Industry Data Security Standard ( PCI DSS ) is set forth by a consortium of payment card

More information

An article on PCI Compliance for the Not-For-Profit Sector

An article on PCI Compliance for the Not-For-Profit Sector Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector

More information

Real-Time Security for Active Directory

Real-Time Security for Active Directory Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The

More information

Reining in the Effects of Uncontrolled Change

Reining in the Effects of Uncontrolled Change WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,

More information

Business Opportunity Enablement through Information Security Compliance

Business Opportunity Enablement through Information Security Compliance Level 3, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 Business Opportunity Enablement through Information Security Compliance Page No.1 Business Opportunity Enablement

More information

Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved.

Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved. Security for a Smarter Planet The Smarter Planet Our world is getting Instrumented Our world is getting Interconnected Our world is getting Intelligent Growing Security Challenges on the Smarter Planet

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

AcroWiFi. Professional WiFi Connectivity Service. Detailed Service Catalog

AcroWiFi. Professional WiFi Connectivity Service. Detailed Service Catalog AcroWiFi. Professional WiFi Connectivity Service. Detailed Service Catalog Service Overview We live in an era of technology and connectivity. With the explosion of mobile devices such as laptops, smart

More information

Strategies for assessing cloud security

Strategies for assessing cloud security IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

TOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information

More information

A Simple Guide to Successful. Penetration Testing

A Simple Guide to Successful. Penetration Testing A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few

More information

Verizon 2014 PCI Compliance Report

Verizon 2014 PCI Compliance Report Executive Summary Verizon 2014 PCI Compliance Report Highlights from our in-depth research into the current state of PCI Security compliance. In 2013, 64.4% of organizations failed to restrict each account

More information

Workforce Management in the Cloud. White Paper. Case Studies Reveal Benefits of Cloud Deployment. Sponsored by

Workforce Management in the Cloud. White Paper. Case Studies Reveal Benefits of Cloud Deployment. Sponsored by Workforce Management in the Cloud Case Studies Reveal Benefits of Cloud Deployment White Paper Sponsored by Table of Contents The Rationale for Cloud Computing 3 Adoption in the Enterprise 4 Human Capital

More information

Healthcare and IT Working Together. 2013 KY HFMA Spring Institute

Healthcare and IT Working Together. 2013 KY HFMA Spring Institute Healthcare and IT Working Together 2013 KY HFMA Spring Institute Introduction Michael R Gilliam Over 7 Years Experience in Cyber Security BA Telecommunications Network Security CISSP, GHIC, CCFE, SnortCP,

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

McAfee Database Security. Dan Sarel, VP Database Security Products

McAfee Database Security. Dan Sarel, VP Database Security Products McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing

More information

Managing data security and privacy risk of third-party vendors

Managing data security and privacy risk of third-party vendors Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected

More information