Hito provides its premier collections platform, Hito Edge, as Software as a Service (SaaS) from the public cloud. We are often asked, “Is that safe?” and “How do you secure that?”. This post explains why our approach for deploying Edge as SaaS, which includes managed security, will typically be safer than relying on in house security.
Within this context of growing threats targeting business applications, many companies find it immensely challenging to protect their core business applications from unauthorised intrusion. Added to this is the difficulty of recruiting, training and retaining the right security operations staff. Cyber security requires a rare set of skills that are highly valued in the marketplace and many companies find it hard to recruit and even harder to retain the right calibre of professionals. Finally, the challenge of responding to security threats 24×7 can be impossible for all but the largest enterprises, with staff only working the most urgent issues out of hours.
For Hito, security was one of our top concerns. How could we best safeguard our customer’s data in a responsible manner? A key element of Hito’s answer to this challenge is managed security. The era of cloud has completely changed the economics of providing security. It is no longer necessary to pay for expensive security software, embark on lengthy integration project and to employ your own security team. Security is much more effectively managed as a service, where a specialist provider can achieve enormous economies of scale operating of hundreds of clients. Any effective solution relies ensuring that a combination of people, process, and technology work together. Managed security providers can attract and retain security professionals because they offer the interest, status, and career development of working for a dedicated security company operating at the front line – opportunities that most businesses just cannot match. In addition, processes are honed and refined to ensure that the efficiencies are delivered. The volume of work support a sustainable three shift 24×7 security operations centre, meaning that issues get worked when then need to be worked, not just in office hours.
Microsoft research [1] finds that that over 44% of all disclosed vulnerabilities are found in applications other than web browsers and operating system applications. As security of browsers and operating systems have improved, hackers have moved their attention to the lowest point in the dam – business applications. These are often developed in house, have only rarely had any serious attention to detail around security and lack the battle hardening experience that browsers and operating systems have been subjected to. The response to security threats has typically been addressed by overstretched in-house IT departments. Some larger organisations deploy top of the range SIEM products that take many man years to configure correctly and require constant fettling to remain up to date. Smaller organisations will typically devote as much time as possible to security, but acknowledge that it is just one of many competing priorities at the board table.
It is for this reason Hito has bundled, within its subscription for Hito Edge, managed security from a leading UK provider. This ensures that we can talk to our customers with confidence about how their collections operations have been secured.
[1] https://info.microsoft.com/rs/157-GQE-382/images/EN-MSFT-SCRTY-CNTNT-eBook-cybersecurity.pdf