Bug Watch: Disaster is just around the corner

All year long, you're the brightest star in the business galaxy. Your employees have never worked harder, or more efficiently. Employee morale and retention has never been higher. Sales are up significantly, both year-on-year and quarter-on-quarter. You exceed City analysts' expectations. The results conference goes brilliantly. Next day, your shares lose 20 per cent of their value. At the end of the day, they're still falling.

Sound far fetched? It could easily happen if your critical systems are successfully attacked. And it could happen in spite of what seems like a reasonable, in-house information security programme. The result: key information - about your products, your finances, your employees and, most importantly, your customers - is compromised.

Even if you've enjoyed outstanding customer relationships for years, a major security breach could cause you to lose that trust instantly. Your excellent media relationships won't stop the press telling the world how a company that ought to be infallible can lose it all. Employee morale falls. Your shareholders watch their investment lose value. And no one hesitates to show exactly how they feel about it.

The scenario isn't hypothetical. It has happened. It continues to happen. It will happen again. The question is: how can you make sure it doesn't happen to you? Chances are, you already do many of the right things.

You select the right people to implement your strategies. You insist that they lower expenses to improve efficiency, productivity and profitability. You give them the information and autonomy they need to make good decisions. You define strategic differentiators - those key products, services and qualities that make the difference between you and your competition. And that's where you concentrate your resources.

Think about it from the perspective of your key team members. They take your directive to be efficient very seriously. So they devote existing in-house staff to core business issues, not 'low-priority' functions like security.

And yet your share price is 20 per cent down and still falling.

The right outsourced information security provider can help you to focus staff and resources on your key strategic differentiators, manage costs and save money, improve information protection, attract and retain excellent personnel and protect your organisation's stakeholders.

The fact is, like your physical security systems - alarms, guards, etc. - information security management is neither a key skill nor a key strategic differentiator in your organisation. It's unlikely that your customers, the press or your investors will like you any better because you have a good information protection program. People don't notice security, except in its absence.

That is one reason why analysts like Forrester Research recommend that organisations of all types and sizes consider outsourcing the management of their security infrastructure. Your IT staff are most effectively deployed on tasks you know best - information management, systems support and the development of tools that use information to anticipate customer needs.

In other words, information security, like physical security, is more efficiently applied as an outsourced function than an insourced one. You free up both staff and money to focus on your core business issues. Your systems are better protected. You attract and retain technology professionals whose focus is your business. And you protect the trust of your employees, customers and shareholders.

Many organisations have come to realise that security management in a networked systems environment is a business necessity, especially given the connected and public nature of today's global business environment. A scenario like the one in the opening paragraph is a very real possibility, even for companies with seemingly well-planned, in-house security practices.

It bears repeating. Yesterday's reasonable due diligence could be today's negligence, and tomorrow's disaster. Fortunately, the decision to select a managed services provider and outsource information security management can create a much more attractive scenario.

You attract and retain technology professionals whose focus is your business. You free up both staff and money to focus on core business issues. Productivity gets better than ever. Your systems and information are well protected. You regain and protect the trust of your employees, customers and shareholders.

Next edition: 6 April