• May 12, 2022
  • Catagory remote work

Disruption is an opportunity for improving security

By : Justin Folkerts

The pandemic has been a challenge from security perspective, but it can also be viewed as an opportunity to review your best practices, your cybersecurity tools, and the role of a managed service provider.

The move to remote work two years ago was quite sudden, and left many organizations caught off-guard. If they were in the process to moving to more cloud-based services, the pandemic accelerated that migration. It also brough to light security challenges that could not be ignored because the number of endpoints suddenly grew exponentially with the bulk of their employees working from home.

As Dell’Oro Group Mauricio Sanchez recently pointed out in a blog post about the top five demands and challenges faced by CISOs, the massive disruption of pandemic compounded the rate of technology and threat change, and provided an impetus for looking at security problems in new ways and drove investment that would not have been possible in a non-pandemic environment.

While small and medium-sized businesses rarely have a C-level executive in charge of security or even a CIO, there are lessons they can take from observing the cybersecurity trends affecting large enterprises.

Relationships matter

Sanchez notes that the security vendor landscape is highly fragmented, so if a CISO is trying to sort through many options, don’t feel bad as an SMB if you’re feeling a little lost about what to implement and who to work with.

It’s important not to be tempted by new and shiny security products simply because they are new and shiny. The products and services you choose should be guided by an understanding of what needs to be protected in your organization, both on-premises and through your distributed workforce. Vendors do have a role in helping you secure your organization by developing security controls and technologies that will benefit you, but bi-directional communication essential.

For smaller organizations, it’s often best to engage with a managed service provider who can keep abreast of the rapidly evolving landscape of threats and available cybersecurity products. They can help navigate the options, evaluate your current security posture, and implement and manage what works best depending on the nature of your business.

Consider Zero Trust, but remember it’s a strategy, not a product

The shift to remote work has given Zero Trust increased traction, but whether you’re a big enterprise with a CISO or a smaller organization with limited IT resources, don’t confuse tactics and strategy.

As Dell’Oro’s Sanchez notes, Zero Trust is a valuable strategy but it’s not a product you can buy. Having a coherent strategy and understanding what needs protected will help you avoid wasting your IT budget on products do very little to improve security. Simply buying “zero trust” product could create a false sense of security, he says, and ultimately lead to your business being compromised.

Even if you’re confident that they are the right fit for your organization, buying the latest and greatest security solutions only go so far if you don’t have a firm handle on the fundamentals. A managed service provider with security expertise can help you best understand how a Zero Trust strategy can be implemented, and what tools you need to support it.

  • October 3, 2019
  • Catagory Business Process Services

Choosing a Business Process Services Provider Demands Forward-Thinking Risk Management

By : Terry Holland

Choosing a business process services provider is like any vendor selection scenario—there’s an element of risk management.

If you’re to get the benefits of handing over tasks to a third party, then you must put careful thought into what you need from a partner. By infusing your criteria into a detailed selection process, you can reap the rewards of handing over repetitive tasks while reducing the risk.

Having a stringent selection process in place will lead you to an experienced business processes services provider with a track record of anticipating any potential pitfalls who sees your success as their success.

What to consider when choosing a business process services provider

Even If you’re only looking to hand over a single, simple process, choosing a business process services provider requires a lot of forward thinking.

You should start by being certain that it makes sense to offload these processes—there should be a solid business case for doing so that defines the scope of the arrangement, which is essential for risk management. Choosing a business process services provider means not only considering your immediate needs but having an operating model that can scale up and down with the ebb and flow of your business.

Be prepared to do a lot of work upfront to define the business relationship and evaluate potential candidates. Choosing a business process services provider should be a comprehensive and formal exercise. Consulting all stakeholders touched by the processes you want to hand off should be part of your risk management process, as their understanding will paint a clear picture as to how these processes are threaded through your organization.

Your approach to choosing a business process services provider should lay out your key objectives, anticipate any risks, and outline exactly what you wish to hand over to a business process services provider, all of which needs to be articulated in a request for proposal (RFP) that’s shared with a short list of qualified vendors.

Risk management reduces bumps

You can’t avoid risk when partnering with another business. Engaging in a well-thought out risk management exercise when choosing a business process services provider will minimize headaches down the road.

The risks involved when outsourcing processes and workflows vary depending your industry and how your organization is structured. For bigger companies with multiple business units, handing over a single process such as data entry to a third party won’t likely expose it to a great deal of risk. For smaller organizations, however, the process under consideration may be more integral to overall operations and product and service delivery.

No matter what, the most common risks are data breaches, either through employee error or hacking, non-local employees, quality control, maintaining strategic alignment, political instability when processes are moved offshore, and changes in technology.

Because many business process services providers have operations offshore, many risks will also involve geography, political climate, and cultural climate. Your risk management strategy should focus on four key areas:

  • Security: Choosing a business process service provider also means new connections between your information systems and theirs via Internet communications. This introduces security and privacy risks.
  • Communication: You will get the most value cost-wise when you work with a provider with offshore operations, so be prepared for language barriers that might affect your transition of processes, feedback and customer service.
  • Underestimating costs: Remember there are other costs involved beyond those related to the workflows you’re handing. Be ready to pay for upgrades costs, renegotiated contracts, as well as the time and money you need to select a provider. Layoffs, internal changes with your organization, and upgrades to software and hardware that support the processes on your side are all things that can affect the overall cost, among others.
  • Becoming too dependent: Your business process services provider can quickly become integral to your workflows, which means your delivery of products and services can be affected by their internal challenges, such as staff shortages.

Just because you’re handing over business processes to a partner doesn’t mean there’s no work for you to do related to these operations. You must commit time and resources to manage the relationship.

As a managed IT services provider, proactive risk management is table stakes for Supra ITS, and we bring the same rigorous approach to our business process services practice. As a vendor of record with the Government of Ontario and thoroughly vetted for the government’s security requirements, Supra ITS has developed a comprehensive set of information security policies and procedures which meet or exceed the government’s IT standards.  These standards have been audited to comply with ISO: 27001 standards.

Our business process services practice comprises a North American team with deep business knowledge, analysts, supervisors, data entry operators, managers and IT support teams, all of whom are Supra ITS employees. By have a single point of contact to steer governance, we’re able to keep lines of communication clear avoid any surprises such as unexpected costs or sudden staff shortages.

Pick a provider who can grow with you

A good business process services provider will stay away from your core business processes and help you decide which workflows make the most sense to for them to take on in alignment with your business cases. They will see you as a partner, not just a customer.

Supra ITS has expanded its business process services offerings through its FleetGain brand because we saw a desire from existing customers to offload back office processes to a partner with a team that understands its role in improving productivity and the bottom line. We see business process services as just the beginning of broader, long-term relationship with organizations looking to improve their agility as part of their digital transformation.

Terry Holland is Director, Logistics and Supply Chain Services for Supra ITS.