Five Key Elements to Successful Legacy IT Migration
CIOs of large enterprise organizations are relentlessly challenged to keep costs down, security postures tight, and provision the latest and the greatest apps to user...
Yes, we’ve all seen it on the news. Software vendors are being attacked by ransomware or malware. Now that’s a problem for customers! Didn’t we use to call this being hacked? Still, so many of us remember the old maxim, “your security is only as good as the weakest link.” So now the weakest link (or at least, a weak link) can be your very own software vendor. Let’s look at what we might ask or require of our vendors. If nothing else, they should at least be doing as much as we do in our internal systems.
Someone making a large software investment recently asked me what should be included in a contract for ransomware prevention and/or afford protection from a ransomware attack from a vendor? Well, among the litany of security best practices – which I hope this organization already has in place – one additional item would be to require similar protections in all vendors serving this organization.
If you find yourself in this boat, read on. And who knows, maybe one or more of these will turn into another article! If you are reading this and find some information daunting, please engage and partner with your IT people.
You might as well require the same of your vendors. A comprehensive security program is a vital component of your digital success and business success. Loss or corruption of data would most likely lead to loss of reputation and eroded customer confidence.
Cyber insurance covers tangible loss of data, loss of revenue, and more. So many insurance carriers will require much or all the above items to be in place as a condition of coverage. Make sure your cyber insurance policy (and your vendors’):
But yet, cyber insurance alone is not sufficient. Cyber insurance needs to be part of a more comprehensive security program. Some of the more important elements are highlighted below. You should already have this program in place, and require the same of your vendors, whether those are vendors of software you run internally or systems you use that are “in the cloud.”
Let’s recap briefly, at a high level. They (the organization and their vendor) should already have:
Consider hiring a chief information security officer (CISO) and capable staff. Or consider adding outsourcing to a managed services provider that runs a security operations center. Either the CISO or SOC can stay abreast of and fluent in the rapid pace of development and evolution and cyber issues, events, and practices. And they can and need to stay abreast of the constantly evolving regulatory environment pertinent to the organization.
SDI provides comprehensive cybersecurity services – from initial vulnerability assessments through 24X7 cyber incident monitoring and response programs – too many reputed clients in the US. Whether you need comprehensive IT services across the security spectrum or need assistance to drive vigilance and resilience across your enterprise, SDI stands ready to serve you with executive-level experience and government expertise to help leverage your technology investment now and into the future.
If you have any questions or want more information about our cybersecurity services, please give us a call at 888-YOUR-SDI (888-968-7734) to explore how the SDI Cyber Team can protect your organization’s IT asset.
SDI’s IT Consultant Tim Williamsen is an experienced IT leader, a licensed and degreed electrical engineer, specializing in IT management, control systems (SCADA), cybersecurity, service delivery, and business solutions.
Mr. Williamsen has more than 35 years of experience, with more than 20 years in public sector IT leadership, and is widely regarded throughout the industry in all levels of IT management, system troubleshooting, design, installation, and administration. His skills range from project accounting, management, estimating, and scheduling to fiber optics, to software development, systems integration, and maintenance.