February News Release for 2010

Don't assume compliance equals security
Electronic crime in the area of wireless networks and the Internet
is expanding geometrically

Singapore, 4 February 2009 - IT security breaches in recent years have highlighted the fact that compliance with certain legislation and regulations does not necessarily equate to being secure.

So says Datacraft's general manager for security solutions, Matthew Gyde. The scale of electronic crime in the area of wireless networks and the Internet is expanding geometrically. An American retailer lost 45 million credit card details as a result of electronic crime. The hacker was charged with two further hacking offences bringing to over 130 million, the total number of card details stolen. One of the victims - a payment card processing company - passed a PCI-DSS audit the month before card details were stolen from its systems.

Today, e-crime is big business, and incidents like these underscore the findings in research we commissioned IDC to carry out in 2009 which shows a prevalent attitude among organisations. Most begrudge investment in compliance and will do the absolute minimum required by law or industry regulatory bodies. They also believe that being compliant is being secure.

In fact, compliance is very narrowly focused, whereas good security encompasses compliance - and extends beyond it, ensuring that organisations are best placed to deal with both known and unknown threats, Gyde explains.

The primary research into IT security carried out by IDC covered 407 companies in 18 countries in Asia Pacific, Western Europe, the Americas, and the Middle East and Africa - reveals that very large organisations (1,000+ employees) are more compliant than large organisations (500 -1,000 employees).

Eric Domage, IDC EMEA program manager, European security products and strategies, says, Interestingly, very large organisations (1,000+), the Americas, and the public sector are more concerned about security regulations than other sizes of organisations, regions, or market sectors.

The research also shows that the regulations which most concern organisations are those related to general privacy (often local in origin), followed by healthcare privacy laws - because of specific requirements for personal confidentiality, and Personally Identifiable Information (PII) protection.

Gyde concurs, This leaves an enormous range and number of organisations that simply aren't doing enough to be compliant or secure. What they don't realise is that being compliant is not simply a matter of preventing theft of organisational and customer data. Indeed, it has a direct impact on an organisation's reputation.

The nature of the information that's compromised during a security breach dictates the nature and the level of impact on the business. However, according to the IDC research, organisations that do aim for optimised compliance are most concerned about the negative impact that a security breach will have on their brand. That's because an organisation's brand drives its revenues.

As Gyde says, If customers can't trust you with their personal information, they're certainly not going to remain your customers. Also, identity theft has very serious implications for those whose identity is stolen. They can lose control of their entire lives. In fact, organisations stand between their customers and criminals.

According to Gyde, at a commercial level, compliance is about proving and maintaining credibility in the marketplace. Don't begrudge what you spend on being compliant. You're protecting your customers and your brand. It's important to understand that organisations don't need to comply with every requirement out there, but must understand the requirements in specific geography and industry sectors.

Gyde warns organisations to not tackle compliance on their own. Involve experts on overall business governance and compliance in your IT security compliance projects. They'll help you ensure that your initiatives don't take the place of a pro-active security strategy - which means you stay focussed on the strategic rather than the urgent.

###

About Datacraft
Datacraft is a wholly owned subsidiary of Dimension Data plc (LSE:DDT), a US$4 billion leading global IT solutions and services provider. Datacraft operates in over 50 offices across 13 Asia Pacific countries. We help clients plan, build, support, manage, improve and innovate their IT infrastructures. Datacraft combines an expertise in networking, security, data centre, storage, Microsoft solutions and converged communications & contact centre technologies, with advanced skills in consulting, integration, training and managed services to craft IT solutions for businesses. For more information, please visit www.datacraft-asia.com.

About the Security research commissioned by Dimension Data
This research on the status of IT security across multiple geographies globally was commissioned by Dimension Data. The research was carried out by IDC, and represents the accumulated results from interviews conducted with representatives from 407 companies (employing more than 500 employees) across 18 countries worldwide covering the Asia Pacific, Americas, Western Europe, and the Middle East and Africa. www.datacraft-asia.com/securityresearch.