Log in

Sign Up 

 
Founding Member of FormIGA – the global Industry for Good Alliance

Security scanning: the case for outsourcing

14 May 2012 12:00 AM | Anonymous

Hacking and the issues that surround it are rarely out of the news at the moment – it’s a very current and pressing problem. Cyber crime has never been more of a threat, with websites and organisations great and small all at risk.

Having a high standard of information security is something that all businesses should strive to achieve, and for some companies, there are specific standards that must be hit.

The Payment Card Industry Data Security Standard (PCI DSS) was created by the five main card brands, and is a set of technical and operational requirements that protect cardholder data. All companies that store, process or transmit payments from these card brands must comply with these strict standards. They essentially ensure that cardholder data is processed securely, and that a system is in place to respond and react to any perceived threat.

PCI DSS also requires companies to regularly monitor and test their security systems and processes. These businesses therefore must find a cost-effective, yet comprehensive method of carrying out investigative security scans of their own systems.

Although adhering to PCI DSS is not a legal requirement, it’s in the best interests of organisations to make sure all confidential data is secure anyway – breaches of personal customer information can have devastating short-term consequences, and long-lasting effects.

There are two main options with regards to security scanning – buy in a technology solution and conduct scanning in-house, or employ an external firm to carry out the work for you.

Scanning and monitoring in-house gives companies complete control of the process. There are obvious benefits to this that come with a hands-on approach, but it also means having to invest staff and internal resources that could be better served contributing to core activities – security scanning is a time consuming, expensive and repetitive task.

Outsourcing the scanning process to specialist organisations can be a more economical solution, while making sure the process is as exhaustive and as thorough as possible. It can also avoid the bias, unintentional or not, of the staff who maintain systems effectively marking their own work.

Some security scanning firms can provide a managed service, handling all aspects of the scanning procedure. Scans can take place as often as is requested, depending on a companies specific requirements; from in-depth monthly scans to daily security checks.

An effective managed service offering would also regularly reassess the scope of the project, and react to changes, pinpointing vulnerabilities and suggesting improvements.

But most importantly, it’s a cost-effective solution for businesses that have to meet these stringent standards. Having a dedicated, efficient security team carry out the process will almost certainly reduce outlay.

Managed security services can also leverage additional benefits – rather like fitting a new door to keep out in intruders can also reduce a draft. Carrying out comprehensive reviews of business security will most likely highlight other flaws that can be corrected, and weaknesses that can be strengthened before they become a serious threat.

The introduction of PCI DSS was a step in the right direction for improved information security – but it’s up to businesses to use those standards as a platform from which to tighten their perimeters and ensure the safety of customer details.

Powered by Wild Apricot Membership Software