October 23, 2009
Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance.
Some 47% of firms in the UK said they were compliant with the standard. But 41% of these said that they were using various non-compliant practices.
- Included use of
- Default user names and passwords,
- The granting of wider access than is necessary,
- Failure to monitor the users, and
- An ignorance around the existence of privileged users in the first place.
Who all were surveyed?
270 – European IT managers (including 45 in the UK)
Survey Conducted by – Quocirca
29% of firms in the UK rely on manual control of privileged users, who include system administrators, application service users, and privileged personal users.
Only a quarter have implemented privileged user management software, which aims to help businesses enforce and track policy. Around 20 percent plan to implement the software.
UK firms saw privileged users as a medium threat, rating them on average at 2.5 on a scale of one to five, where one meant no threat and five represented a very serious threat.
October 23, 2009
Now the question comes why firms outsource ?
Client firms outsource their information technology (IT) needs in order to capture a variety of benefits.
Businesses of all sizes and in all sectors now have an online presence and at minimum use databases for human resources and sales. Firms increasingly contract with outside providers to acquire needed skills in areas such as:
- software development;
- network audits to determine vulnerabilities; and
- encryption services and access controls.
Many IT functions must be maintained on a constant basis. A number of timely functions are commonly outsourced to vendors in different time zones, including:
- intrusion detection services;
- firewall upkeep and management; and
- remote network management.
Offshoring of IT services is projected to experience a 40% compound annual growth rate over the next decade. The leading destinations for such investment can be divided into three tiers:
- Tier one consists of industry-leader India, with over 150,000 IT professionals.
- Tier two features Canada, Ireland, China, and the Philippines. Each of these countries claims 20,000 to 50,000 IT professionals.
- Tier three consists of Israel, Russia, Mexico, and South Africa, with less than 20,000 IT workers each.
Recent studies suggest too much enthusiasm and too little caution in mainstream depictions of the industry:
- A survey of Fortune 500 companies found that 50% of companies reported that they regularly encountered multiple problems per month.
- A different survey found that 25% of all offshore outsourcing ventures failed to generate expected costs savings; another 25% actually led to increased costs relative to comparable in-house performance. Fully 30% of ventures were eventually judged failures and the contracts either cancelled or not renewed.
Risks factors IT offshoring risks fall into three broad areas:
1. Operations -: As in any contractual relationship, there is quality-of-service risk. Many offshore sites are characterised by high rates of employee turnover. Vendors may also take advantage of poorly worded contracts or lack of technical knowledge at the client firm.
2. Cost– : IT offshoring may entail hidden costs, including international travel expenses, monitoring and investigation, and developing infrastructure to support off-site operations.
3. Security-: Intellectual property theft and data security constitute serious risks. In surveys of clients, these are ranked as top factors when selecting an outsourcing vendor, higher even than terrorism and cost overruns.
International laws: The bulwark of international protections is proving inadequate:
- WIPO: The World Intellectual Property Organization (WIPO) was created in 1970 to enforce international property rights relating to inventions, patents, trademarks, and designs. It became a specialised UN agency in 1974 and currently has 181 signatory nations.
- TRIPS: Further regulation is provided through the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), negotiated during the Uruguay Round of trade talks (1986-94).
Click here to read more – Oxford Analytica