How to outsource your mission critical services in a secure way

Today more than 30 000 sites are hacked everyday*. It means that they get hacked, modified or alerted by someone placing hidden viruses, which are then transferred to the computer or device who visits the site. The numbers are breathtaking and the trend suggests that the numbers will increase to 40,000 per day by years end. With this in mind, let us simply conclude: most companies today are like a swiss cheese with hole in it. Therefore it is a good idea to outsource your mission critical services to a hosting provider that has the best defenses in place.

As Dante already said in the 1200th century; “there are circles of hell”. That is why the first question we ask to those who want to outsource their mission critical services: “What are your security needs – really?” Are you a hot dog stand or a Fort Knox? Security officers often want to turn a hot dog stand into a fortress if given the chance. While developers can turn Fort Knox to an open hot dog stand, without knowing it. So, how do you outsource your mission critical services in a secure way?

We recommend that it is best to describe the requirements at the component level and get help to see how components interact without compromise, both technically and socially. The latter is just as important because our own employees are often an organization’s biggest threat. Policies and procedures must be implemented internally and you have to create a culture with safety thinking, that understands how important this is. Our customers have a good safety mindset because they appear in sensitive industries with mission critical services, but all companies, organizations and authorities should consider and incorporate safety in their operations. To help you out a get started our VP Global Sales, Stefan Månsby, has created a small checklist with 8 tips for secure IT outsourcing for IT managers to consider:

8 tips for secure IT outsourcing

  1. Define the area/delimit – which systems etc should be included by this? For instance, is your payment platform process flow really separated from your internal systems, like e-mail?
  2. Calculate the cost to do this by yourself: X/users/month – do this to create an image for yourself, do your homework and do not lie to yourself. Also, the quotes you receive from your potential partners becomes easier to compare.
  3. Investigate possible legal challenges – are we allowed to outsource the environment, are there any legal restrictions like geographical limitation requirements that needs to be taken into consideration?
  4. What “evidence” of security experience can the hosting supplier provide you with? – you want a supplier who is just as beautiful the day after the party, someone who can keep your high standard day one as well as day 900. Look for evidence for example track record and if the hosting provider can hold the certifications not only today but after year and year.
  5. What are my compliance requirements (today/tomorrow)? – day one of our outsourcing strategy may not include security or compliance requirements, but please do assume that you one day will have to include compliance and therefore should avoid having the cost of changing outsourcing partner as your security requirements advances.
  6. How do the hosting provider handle Multi-tenancy? – how would the hosting partner isolating its different clients environments?
  7. Does the provider has its own 24/7 security organization? – secure 24/7 to handle all kind of attacks
  8. References – references are king. Look for references and compare hosting providers!

*Source: Trustwave