Can Someone Do That For Me?

Why managed IT security services should be top of the small businesses wish list.

By Ron Culler, CTO, Secure Designs Inc.

In the film ‘Three Men and a Baby, there’s a moment where Tom Selleck’s character views the baby’s diaper with horror and exclaims to his friends, “I’ll give you a thousand dollars if you’ll change this for me.” In responding to this emergency by throwing money at it, Selleck not only gave us the best laugh of the film, but also provided a perfect example of the ‘break-fix’ model (‘I’ll pay you anything you want as long as you make it better’) when a ‘managed service’ (in this case let’s call it a home help) would have done the job hundreds of times over for the same amount of money, and moreover would not have treated it as a crisis.


 While running a small business may not necessarily throw used diapers your way, it’s a sure bet that sooner or later you will be confronted with something that’s too complex or time consuming to tackle yourself. This is particularly true of computer security because no matter what size your business, your data is valuable, and must be protected.


Business technology is becoming more complex by the hour, and so are computer scams. Without email filtering, businesses would find it almost impossible to handle everyday communications: over 99% of all email traffic is spam, and spam is the principal method of delivering malware. This can range from botnets ‘borrowing’ your network bandwidth to phishing emails that pretend to be from trusted sources but in reality send you to sites infected with malware.


Internet crime is multi-layered, inventive and persistent, blending multiple methods to get past your defenses and stealing your assets. Viruses and other malware spread across networks through a variety of agents— laptops, desktops, e-mail, Web applications, instant messaging mobile phones and PDAs. The US Army in Afghanistan recently banned the use of USB and other removable devices, having discovered that a virus outbreak affecting 75% of all systems at a base in that country had been delivered via this method. Europe is investing in a central cybercrime alert center. Web application exploits have become so prevalent worldwide that, for the first time, Apple has recommended that all users install anti-virus software.


Managed security services help navigate this minefield. Most importantly, it frees up time for core business activities, reduces costs and improves the bottom line. What small business owner has the time to manage spam updates, keep track of phishing scams, install security patches and make sure that none of their employees has accidentally downloaded a virus that is skimming funds from the corporate bank account? The fact is, if you’re not an expert, it’s hard to tell whether your IT system is secure or not. Most people whose computers have been turned into bots and linked to a botnet have no idea that their machines have been commandeered by cybercriminals. Their PCs send spam, steal information, and participate in denial-of-service attacks without any obvious sign. It takes time, skill and dedicated resources to understand where Internet dangers lurk.


Another major driver for using managed security services is regulatory compliance. The regulatory environment is increasingly stringent, especially in the area of securing customer data. Bringing in expert managed services will help with many of your compliance headaches. Retail, medical and professional data protection regulations such as PCI and HIPAA all insist on adequate IT defenses and enforcement is strict. Businesses need to protect their clients’ data with a multi-layered, complex IT security system that’s constantly updated and monitored.


Professional hackers keep a low profile – and keep coming back for more

Outsourcing Internet security is a sound strategic decision because almost every business is dependent on some kind of computer capabilities, from simple to complex. Cybercriminals don’t discriminate between large and small business, recognizing that even the simplest IT system can provide a fruitful source of revenues. There is no such thing as a small business virus! Computer crime today generates more income than the estimated total for physical drug trafficking, according to a recent Reuters report, and it continues to proliferate.


Wireless woes

Another aspect of IT security, often overlooked is remote or mobile working. Without adequate defenses, your laptop can not only pick up a virus at a coffee shop, but share it with all your co-workers when you plug back into the network. Wireless computer use is particularly vulnerable. So-called ‘war drivers’ make it their business to look for unsecured wireless networks. At best, they drain your bandwidth. At worst, they steal hard cash in a way that’s hard to detect. A small chain of hardware outlets in California found it was losing money despite excellent sales. After signing up with a specialist security provider, they discovered that a hacker had entered the network via one of their wireless units. He had programmed their invoicing system so that a percentage of payments were directed to his PO box rather than the hardware store.


It’s not surprising that managed IT security services are increasingly popular, both with business owners and with their providers. Instead of paying dearly for emergency services to cope with identity theft, a hacked computer, or email systems that don’t weed out malware-laden messages, managed security services put protection and predictability back into the equation. For an affordable monthly outgoing, business owners can avoid computer downtime, as well as maintain a relationship with a trusted IT provider. The cost of managed security services frequently pays for itself in terms of improved productivity. As for peace of mind – it’s priceless.


Managed security services provide a noninvasive approach to outsourcing certain parts of your business systems, providing skills and expertise, with support tailored to your business needs. As opposed to full-blown outsourcing, where the entire system is controlled by the supplier, managed services enable you to control key parts of the IT network. For the most part, these services are delivered remotely, with dedicated support available 8 x 5 or in some cases 24 x 7. This offers the best of both worlds - control and flexibility of your core information systems without either the pain or cost of developing specialist security skills .


This is not to suggest that managed services are open-ended resources or that providers are gifted with telepathic powers. Expectation and communication are key elements of managed services. Setting expectations, dispelling misperceptions and enforcing reality help create a successful partnership between client and supplier.


Managed services allow organizations to focus on their core business. They save costs, time and resources. They provide help in times of crisis and help you avoid the temptation to pay far too much for a quick fix in an emergency. The case for managed services is clear.