Category Archives: IT Security

Best Practice: Assess the Capabilities & Performance of Your Information Technology

Professional organizations often hire third-party experts to analyze business operations and make recommendations for improvement. For example, financial audits, quality audits, and process audits are common best practices for most businesses.

Beyond ensuring that processes are followed, third-party audits can help an organization step back from day-to-day activities, take stock of overall performance, and make the best decisions regarding resource allocation, budgets and priorities.

Yet, few organizations examine their IT operations in a similar fashion.

The Importance of IT Audits

IT is owned and operated to underpin both day-to-day business operations and long-term planning. The IT organization also provides the leadership and organizational structures, systems and processes that sustain and support business objectives. Today’s IT departments play such an integral role within corporate operations and governance that they should be subject to the same scrutiny as other groups.

An IT audit, conducted as part of an annual review or prior to a major project, can report critical information to the organization and its stakeholders on the following topics:

  • Overall performance: How is the IT organization doing? It is meeting best practices? Are there redundancies that can be eliminated? What efficiencies can the group take advantage of? What silos need to be broken down with other departments? Are there areas of risk that need to be addressed?
  • Compliance with regulatory requirements.
  • Budget constraints and staffing considerations.
  • Recommendations for new corporate projects, such as a new enterprise or line of business solution, a new collaboration solution, or an infrastructure migration.
  • Business activity gaps that should be addressed before documenting business activities in preparation for a workflow, collaboration or records management project.

Audit Areas

To be effective, an IT audit should examine three main aspects of the IT organization. These are:

  1. IT Governance: Organizations planning major IT projects – such as a new business system, migration to the cloud, collaboration or other significant investment – need to ensure that the IT Department and technical teams within other business units are able to deliver. An IT audit should examine all governance aspects of the IT organization and evaluate factors such as the IT department’s corporate structure, existing systems and processes, capacity, track record on recent projects, etc.

 

  1. Information Management: IT organizations must be able to develop (and manage) policies and procedures that promote efficient operations and support the rollout of new business initiatives.  IT audits should therefore include an evaluation of the organization’s records management and account management practices, access privileges, policies, procedures, and standards.

 

  1. Information Technology Security:  IT risk is always present in a modern organization and companies should understand their external and internal IT vulnerabilities. An IT audit should contain a security component that examines potential infiltration points, flaws in line-of-business systems, fraud risks, device weaknesses, and security of email, web hosting, publishing environments and social media channels.

Actionable Results

By analyzing the above areas, a third-party expert can perform a comprehensive IT risk assessment of your organization. This assessment will provide you with the information you need to improve IT governance and effectively safeguard your organization against attacks that can damage your brand reputation or financial viability.

At Tango, we regularly conduct IT audits for our clients. Learn more about our IT auditing services or contact us to talk about your specific auditing needs.

Don’t Let Your Business Become a Statistic in the Year of the Data Breach

– Dean Tremblay, Partner

Online security threats to organizations reached an all-time high in 2011, according to software security firm, Internet Identity (IID). In fact, IID has named 2011 “the year of the data breach” and cites these market shifts as drivers behind the increased threat:

  • A new black market makes it easy to obtain software whose sole purpose is to steal data
  • Increased sophistication of cybercrime
  • Malware proliferating due to increased smartphone use

When companies as well capitalized as Sony suffer major data breaches, it’s common for small- and mid-sized organizations to contemplate their own potential security risks. While most organizations in the 50-250 employee range have implemented security measures through enterprise firewalls and secure data backup, many have no idea if the protection they are relying on (and paying for) is airtight.

When you implement organizational security, backup and disaster recovery systems, you should also implement a system of accountability for those mission-critical operations. Too often, organizations seek out our help only after a major failure – such as a security breach or data loss – has occurred. To be fully protected, an organization must have a reporting procedure in place, as well as a proactive alert mechanism, to remain ahead of any potential risks to data security.

Another frequently overlooked aspect of IT security is alignment between the technology in place and the business. You may wonder what one thing has to do with the other, but it’s really quite simple:

  • If your business strategy is outgrowing your security infrastructure, you’ll be at risk
  • If your business model is shifting but your security infrastructure remains static, you may be at risk
  • If the way your employees, partners, suppliers and customers communicate with one another is shifting but your security infrastructure was architected in 2008, you’ll be at risk

At Tango Technology Group, our Managed IT services offering – which can include network and data security measures – includes proactive alerts and informative reports. Most importantly, we also work with our clients to review their business strategies and changes, ensuring alignment between the business and its enabling infrastructure – including online and data security.

I’d welcome the opportunity to talk to you about ensuring the integrity, security and alignment of your business data. Contact me at: dtrembla(at)tangotechnologygroup.com.

More information: