Integrated security: the key to data protection and information security in IT systems
Almost on a daily basis, the media report on successful hacker attacks on companies. The cyber criminals paralyze websites and other IT systems, steal customer data and business-critical documents or demand ransoms. Well-known providers of anti-virus software and firewalls constantly bombard users with new statistics designed to emphasize the constant increase in cyber attacks.
Serious cyber attacks only a matter of time
And what about those who are attacked? As a study carried out by the Economist Intelligence Unit (EIU) revealed, more and more managers are recognizing the cyber risks to their IT architecture. At the beginning of 2016, the analyst firm, a subsidiary of the British weekly magazine “The Economist”, questioned top IT managers of big companies regarding their IT security. Almost 40 percent of the roughly 300 IT managers questioned in more than 15 countries believe that their company will be the victim of a severe, effective cyber attack within the next three years. Around a third of the CIOs believe that obsolete IT security concepts leave them open to new methods of attack.
Security experts still in short supply
What can companies do? First of all, they need to increase the number of IT security experts. But these are in short supply. Companies are in desperate need of skilled personnel for IT security. At Hays, the world’s leading recruitment company, 60 percent of inquiries relate to security experts. The majority of these are sought by the IT industry itself, i.e. the software manufacturers, IT service providers or system integrators.
System integrators for greater security of the IT architecture
System integrators in particular play a key role in the security of an IT architecture. After all, poorly programmed, obscure and complex IT systems and landscapes often provide weak spots which are targeted by the attackers. Proprietary IT solutions which may be decades old are particularly vulnerable. Hackers constantly discover weak spots – even in standard software. To address the problem, the manufacturers offer security patches. According to the German Federal Office for Information Security, however, inadequate patching and obsolete software remain some of the most serious threats to IT security in companies.
Security can be integrated into the IT architecture
System integrators must therefore comply with all security standards and processes, document and verify them. This is the only way to ensure secure operations in accordance with the relevant standards. At T-Systems, more than 1,000 security and testing experts specialized in system integration use a standardized procedure (Software Engineering Book) to ensure that software is developed and enhanced in a secure manner for our external customers. Internally, Deutsche Telekom uses among other things a privacy and security assessment process. This process for technical security and data protection is an established part of product and system development processes. It leads to a standardized level of data protection and security of the entire IT architecture in all products, systems and platforms.