IBM is bringing its security mantra to small to medium-sized enterprise customers with the launch of its Secure24 set of services, but warns companies that security isn't a technology problem — it's a business problem.
IBM vice president and global leader of security and privacy services, Cal Slemp, says company dependence on networks is increasing faster than their ability to manage security while at the same time the number of security experts working in the business in New Zealand is declining.
"There simply aren't enough resources worldwide in security and the high turnover of security staff is down to one thing: better offers overseas."
IBM's solution is to leverage off its worldwide capability to offer local SMEs access to over 3,500 security professionals around the globe. IBM's local security practices leader, John Martin — himself an import from the UK — says IBM's Secure24 is designed to offer the full range of security-based services from consultation and design work, to "out-tasking" aspects of network security such as after-hours monitoring, all the way through to full outsourcing of security to IBM.
"It can be as simple as noting performance issues on the network and letting you, the customer, know what's happening right through to a full risk-assessment based on the new compliance environments we're seeing in places like the US and Europe."
Slemp says the newly introduced Sarbanes-Oxley Act in the US, which is designed to head off any future corporate fraud on the scale of that perpetrated by Global Crossing or Enron and which includes criminal charges for business managers who don't disclose issues in a timely manner, is driving businesses to reassess their security issues.
"I've been in many meetings here in New Zealand and met with a number of customers and potential customers and the awareness of New Zealand business about the issue is very high."
Slemp says even smaller companies wanting to do business in the US, or Europe where similar legislation is being introduced, will need to comply with the regulations. "And they'll need to be seen to be complying 24x7."
Slemp says companies need to address security issues from an ID management point of view rather than a firewall or virus or hacker point of view.
"You need to be taking a proactive approach because you want to share data with customers or suppliers or partners but you also want the system to be smart enough to cope if something happens and an ID is stolen or whatever."