Your organisation’s security policies may well be tight with significant time having been spent on creating information management best practice. But what about suppliers, are they just as concerned about the security of your organisation’s data?
A number of leading organisations are certainly not convinced. Take HMRC, for example, which is concerned that all its third party software meets stringent data security requirements. The department recently examined the web sites of 30 software vendors and reported that only seven featured a statement dedicated to security principles (see further reading, below).
Concerns about security are increasing due to the wide-ranging form of technologies that can be used to interact with an organisation. As much as 82% of IT security administrators believe social networking, internet applications and widgets have significantly lowered the security posture of their organisation, according to the Ponemon Institute (see further reading).
And the price of any breach is likely to be high. Additional research from the Ponemon Institute states the cost of UK data breaches increased 7% in the past 12 months and 36% during the past two years (see further reading). The research found that each security incident cost on average £1.68m to manage.
These concerns need to be taken seriously and allayed by IT providers, whilst ensuring that organisations’ fears are kept in perspective so that developments in IT are not held back.
Help comes in the form of software trade body the Business Application Software Developers Association (BASDA), which has recently launched the Software Security Code of Practice (see further reading). The voluntary code helps vendors demonstrate their security credentials, with signatories allowed to use a special logo on their web site.
The code outlines how the secure use of software can be facilitated by good design and focuses on five areas: legislation compliance; data access controls; authorisation; storage and auditing; and data back up.
BASDA’s code is a positive step towards allowing software suppliers to demonstrate their security credentials. Allaying organisations’ fears about security issues is key and so, who will be the next signatory?