SecureData slams industry's "trust me, I'm a doctor" culture
Integrator argues IT security industry is under-regulated as it gets its own house in order
SecureData has launched a stinging attack on the lack of regulation in the IT security industry after becoming one of the first in its field to bag the ISO 27001 accreditation.
SecureData director Etienne Greeff said the "trust me, I'm a doctor" culture prevalent in the security supplier space is no longer good enough for customers worried about handing over their data.
The ISO 27001 accreditation rubber-stamps a firm's internal security standards, policies and procedures, but Greeff said few in the security channel had implemented it across their organisation.
"Our industry is totally under-regulated," he said.
"Even in the physical security industry, you have a trade body that provides independent validation of an organisation's strengths and weaknesses. That does not exist in our industry and the only alternative we have is an industry standard such as ISO 27001."
However, Greeff claimed the vast majority of his competitors do not adhere to the standard, with Integralis being a notable exception.
"It is a security standard, so you would think more MSPs would have it," he said. "As our industry grows up, we will all have to comply to standards more and more. Security management companies work with extremely confidential data. Without standards, how do you know the level of policies and procedures that are employed internally?"
Greeff said the accreditation would allow SecureData – which recently rebranded from MIS – to gain more traction among security-conscious government bodies. "We are in a very crowded space and this will make us stand out from the pack," he said.
Steve Smith, managing director of security consultancy Pentura, confirmed his company is also working towards gaining ISO 27001.
"A lot of the cloud providers are trying to get it to give their clients a level of comfort that someone external has rated them," he said. "It is a lot of effort and can affect the way you do things, for instance in terms of having a clear-desk policy."