By Greg Wilson
Local businesses without the technical or manpower resources to protect themselves in the online world are going to be forced to increasingly embrace outsourcing. Historically, the region has always displayed an ingrained distrust of any form of outsourcing.
ISS plans three SOCs by the end of 2001 |~||~||~|Local businesses without the technical or manpower resources to protect themselves in the online world are going to be forced to increasingly embrace outsourcing. Historically, the region has always displayed an ingrained distrust of any form of outsourcing. However, says Internet Security Systems (ISS) president, Moustapha Sarhank the combination of low awareness, limited resources and a growing cyber threat leaves organisations with little choice if they are to preserve company integrity.In an effort to fill the security void, ISS has begun work on its initial secure operations centre (SOC), due to go live in six months time. The centre — likely to be set up in the UAE — will monitor networks through a number of remote devices placed within a client’s network. The reports generated by the remote devices, which run intrusion detection software, are monitored on a 24x7 basis back at the SOC. “If there is any unusual activity on the network it can be investigated and the necessary action taken,” explains Sarhank. “SOCs tackle the requirements of the region — they offer a service that many of the companies in the region are going to need,” he adds.However, the big question remains whether businesses in the region are willing to hand over such a sensitive responsibility as security. With the security issue rapidly escalating the natural response for many companies will be to throw money at the situation in an attempt to shore up the network security. But approaching the security question from a strictly preventative angle is no longer sufficient. Organisations must adopt a risk management approach to the problematic issue of securing their IT environment. According to Sarhank, that change in thinking will make it easier for organisations to accept outsourcing to a trusted partner. “The growth of B2B and B2C is generating a new paradigm, where outsourcing is more accepted… security is going to follow the same rules,” predicts Sarhank. “According to analysts, B2B is going to be worth $7.3 trillion in just a few years and we as the Arab world need to be a part of this — we need to sit near the driver and not in the back seat. To be a part of this companies are going to have to tackle the security lifecycle issues,” he adds.The need of the region to tackle security issues head on has meant ISS bringing its plans for SOCs forward by 12 months. “We hadn’t planned on doing this until next year, but the need is so apparent in the market that we brought this forward,” comments Sarhank.ISS plans to rapidly rollout three SOCs in quick succession offering a collection of remotely managed security services. The security vendor also plans to support the SOCs with other ‘physical,’ security outsourcing services. In the eyes of ISS’ local president it’s not the anti-outsourcing mindset of many local companies that presents the biggest hurdle to the three planned SOCs, but the speed at which the vendor can find and train local security consultants. “Each member of staff is going to need six months training, much of which is going to have to be done in Europe,” explains Sarhank. “We have already trained 25 security consultants since we began operation in the region eight months ago.”||**||