RSS Alerts

Related Links

  • NCC Group
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Information security goes green
    Green IT has gone mainstream. The last year has seen corporations such as Citigroup establishing their environmental credentials by opening green data centres. But how do the separate disciplines of green IT and information security come together? Robin Arnfield reports
  • RSA Europe: We need revocable personal data says ISF president
    Speaking at the RSA Europe conference in London this week, ISF president Professor Howard Schmidt said that there is now a need for people to be able to revoke the personal data they present for identification and credit-worthiness to financial institutions.
  • Comment: Security doubts about the cloud
    According to VASCO Data Security’s Jan Valcke, strong authentication can surmount end-users’ security concerns and prevents revenue loss for SaaS providers
  • Comment: Security doubts about the cloud
    According to VASCO Data Security’s Jan Valcke, strong authentication can surmount end-users’ security concerns and prevents revenue loss for SaaS providers
  • Cloud computing in the spotlight
    Cloud computing promises cost savings and productivity benefits, but how secure is the technology? Neil Stinchcombe investigates

News

Outsourcing providers should prove IT security credentials

28 October 2009

Outsourcing providers should prove their IT security credentials, said NCC Group, as research commissioned by the IT assurance specialist has found that 89% of large companies in the UK outsource at least one IT system or business process.

The YouGov survey found that 20% of IT managers working in large businesses believe that their outsourced systems and processes have less IT security than those based in-house, indicating a lack of confidence in the IT security of outsourcing providers, NCC Group said.

Only 64% of the IT managers at medium-sized businesses surveyed expect their organisations’ suppliers to have formal IT security procedures and policies in place, compared to 78% in large companies.

Despite these growing concerns, the separate PA International Outsourcing Survey 2009 said that 31% of companies plan to outsource more IT over the next year, suggesting that companies are more concerned with cutting costs than IT security.

Although a large percentage of IT managers are concerned about their suppliers' IT security, companies are opting for low-cost providers that cannot prove their IT security credentials.

John Redeyoff, head of 365 assured at NCC Group, said, “The security industry and IT managers are calling for suppliers to prove they are secure, yet companies choosing to outsource business critical systems simply aren’t asking the right questions, and are putting business critical functions at risk as a result.

“Businesses that fail to check their suppliers’ credentials, choosing cost and convenience over security, are investing in false economy.

“Suppliers, particularly to highly regulated industries such as banking or the public sector, need to demonstrate their commitment to security, giving reassurance to existing or potential customers that they take these issues seriously. As fast as technology develops, so does the potential for data compromises, and businesses need to be prepared to answer serious questions about their IT systems. Proving you are secure is simply good business.”

The NCC Group commissioned report surveyed 549 IT managers and directors.

 

This article is featured in:
Compliance and Policy Data Loss Internet and Network Security Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water