Recently we were involved in a competition for VMS business where the client was very concerned about security – and rightfully so – since they had a breach about a year ago that has cost them tens of millions of dollars – and counting. They told us that of the top enterprise companies they invited to their competition that on their security assessment we had scored in the 90s of a possible score of just above a hundred. We figured we had done well but what was surprising was that the next best score was in the 70s. Why so much VMS security disparity?
Today’s board level executives feel the heat rising on almost everything related to securing data – especially data that affects financial transactions and people – the two things at the heart of VMS usage. VMS also performs in cybersecurity’s ground-zero, crossing the corporation’s firewalled edge – with it all made more complicated by the rise of mobility security concerns.
Since a VMS’s core function is collaboration between many requesting services from many more performing contracted work, it’s even more difficult to secure. That’s a lot of interaction involving many access points across the firewall and therefore creates a high potential for security problems.
And so why have so few in our industry paid much attention to VMS cybersecurity? First, like the workforces VMS addresses, corporations likely view that it’s not as important. Contractors aren’t full-time workers and therefore typically get less care and focus. That lax view crosses over into the related security concerns. Ironic since criminals are more likely to break in where there’s less security – the smarter, more dangerous ones that is.
Another dynamic to cybersecurity is that most all of the defense is on the periphery. Once you are inside there’s often less, if any security between internal systems – making it easier to get to the core (when that’s the goal) through an internally unsecure integrated subsystem. As demand on VMS increases for more human capital management integration (with HR-IS) and more automated payment integrations (with Financial-IS), VMS is getting more facility to core systems from the “edge” were it is perceived to reside.
Still unclear, I’m sure you’ve seen those medieval epics where the battering rams are slamming a big front defensive gate that’s supported by elite guards, shoulder to the gates, protecting their fortress from breaches (think firewall). In reality the numerous smaller side doors where the fortress’ suppliers enter present many more opportunities to compromise defenses (think an unsecure VMS) – all made worse if we build defenseless expressways from there to the kingdom’s riches (think simple integrations).
VMS being as dynamic a system as it is, with its large number of system entry points and with its lower corporate priority is a perfect place for cybersecurity concerns. At Provade, having long focused on enterprise-class highly integrated software systems, we know VMS security issues well and have built our product to the highest security standards. Working with large international financial services clients and sophisticated Oracle systems that demand the highest level of security has made us the leaders when it comes to VMS security. Contact us for more information on how we can make sure your overall security isn’t violated through your VMS - and while at it ask us about our industry leading 99.99% uptime too.
Hans Bukow, President of Provade, Inc.