This page contains a Flash digital edition of a book.
26 technology: hosting & cloud


CMaaS – not just another industry acronym


Russell Cook, MD of SIRE Technology continues his series of articles looking at the changes taking place in the IT industry and how they can benefit organisations. In this month's piece Cook provides an introduction to Compliance Management as a Service (CMaaS) and looks at how this vital component in ensuring your business is robust and viable can be integrated into an organisation's business continuity planning


One reality facing businesses, organisations or even individuals is that they are at risk from some form of cyber crime. This is most likely to occur in the form of data loss but the repercussions in terms of associated financial losses, reputational damage, fines or judgements or even loss or reduction of production capability cannot be underestimated. Alongside cyber crime there is also the ever prevalent physical risk from flood, fire etc.


Many organisations will have turned to managed service providers to manage and develop their IT solutions and over recent years we have all become familiar with the terms IaaS and SaaS (Internet as a Service and Software as a Service), With that familiarity comes the implication that these elements of your business can be purchased and utilised in much the same way as the electricity and water consumed by your business. Whilst you may have appointed a managed service provider to act as your IT department and handle the day-to-day running you still have a responsibility to be aware of what they are doing and how changes in technology and legislation may impact on your business and how it operates. Should something go wrong and data be lost or compromised due to a breach of security your ignorance will not be a defence.


At the same time nearly every business sector is becoming subject to increasing levels of regulation and legislation and whilst these may appear onerous, and to some unnecessary, the ultimate goal of these new measures is to ensure greater security, reliability and responsibility with organisations that are dealing with such valuable assets ie business or personal data. This is where CMaaS can help.


Organisations such as Blackfoot, who have recently partnered with SIRE, offer a three- stage process to any organisations seeking to improve their security and compliance performance. Shaab Al-Bagdadi, head of channel development with Blackfoot explains how this works.


"The three As of


ensuring your organisation's compliance start with the organisation advising us


www.businessmag.co.uk THE BUSINESS MAGAZINE – THAMES VALLEY – MARCH 2015


of where it needs to be, for example it may need to meet the PCI requirements for handling credit card transactions. We can then advise and help it plan its next step. This is followed by a technical assessment including an analysis of the current environment and suggestions for any remedial actions that may need to be implemented. Finally we can offer assurances and audit certificates."


He continued: "One area where we have particular expertise is with the recently introduced new standards for PCI DSS credit card handling standards. The latest standard has 256 individual questions that organisations need to be sure their managed service provider can answer. Without the MSP compliance then the company taking the payments will not be compliant. This could have calamitous repercussions should an issue arise in the future."


It could be excluding you from opportunities


A far wider accreditation scheme is Cyber Essentials that was introduced by the Government last year and which aims to help businesses protect themselves from cyber attacks. From October 1, 2014, the Government has required that all suppliers bidding for certain sensitive and personal information handling contracts should be certified against the Cyber Essentials scheme. Without it you could be ruling yourself out of work at the first hurdle. There are two levels, Cyber Essentials and Cyber Essentials Plus which can be awarded to organisations that are deemed to have implemented basic controls to mitigate the risk from common Internet-based threats.


The problem of risk is not going to go


away, and there is now another acronym entering the IT language, CaaS or Crime as a Service and this is becoming a fundamental component of the underground economy. By recognising the value of your business data but also recognising your own limitations and turning to a reliable MSP working with an experienced compliance management organisation, you are bringing together the best expertise and knowledge to provide your customers and staff with the strongest and most robust solution for your business.


Business, like life, always contains an element of risk and it is this that makes both exciting. However do you really want to be the adrenalin junkie of the business world who metaphorically throws themselves of the cliff top on a piece of rope or would you rather have a slightly more managed level of excitement?


Details: Russell Cook 01344-758700 rcook@sire.co.uk www.sire.co.uk


For more information about the Government's Cyber Essentials scheme visit: www.gov.uk/government/publications/ cyber-essentials-scheme-overview


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36