BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.

Business Standards > Articles

At Unisys, information security is key

05 Oct 2009
Topics: Tags: Information security, ISO/IEC 27001, Quality management, ISO 9001

Unisys, one of the world's leading providers of IT outsourcing services, has achieved certification at its Milton Keynes client centre to ISO/IEC 27001:2005 for Information security management systems (ISMS) from BSI UK. Unisys has now achieved certification at 22 of its client service centres around the world, confirming that it is following the highest principles with regard to secure, effective information management practices.

Unisys works with its clients on four main areas of focus, reflecting Unisys business strengths: security, data centre transformation and outsourcing, end-user outsourcing and support services, and application modernization and outsourcing. As a result, Unisys manages both IT resources for enterprise employees on the front lines of business and IT back office functions, including transaction processing, internal networks and online services. As the use of outsourcing centres has grown, so Unisys has been able to offer more sophisticated, value adding processes such as IT planning and risk management.

Because the IT resources it manages are so directly tied to clients' business mission, the need for Unisys to provide a stable, transparent and adaptable security system for both clients and internal departments is paramount. Unisys has achieved impressive results in this area, so the certification process with BSI followed on from a great deal of solid groundwork.

"Unisys has worked with BSI for a many years - from jointly achieving ISO 9001 certification in the UK to collaborating on a potential e-commerce standard. The fact that BSI had developed the predecessor standard BS7799 and our long relationship proved to Unisys that BSI is indeed the leader in security standards. After choosing BSI as registrar in 2005 we never looked back," says Dr Gerhard Knecht, Global Head of Security and Chief Security Officer for Unisys Global Outsourcing and Infrastructure Services.

Keeping the stream flowing safely

At the heart of ISO/IEC 27001:2005 is the principle of handling data securely. The standard aims to help organizations plan, implement and monitor their performance in the area of data protection, client security and IT infrastructure. It seeks to help organizations identify and mitigate risk and improve management of sensitive data and networks. The goal is a coherent, overarching system that provides secure data management across a range of operations.

The standard sets the benchmark for quality and security across the Unisys network of outsourcing centres. They are situated in 11 countries and reflect Unisys' attempts to offer a truly global service to its clients. Given that the potential risks associated with IT governance - particularly in an outsourced environment - have grown, the importance of demonstrating best practice to clients in this area cannot be underestimated.

Businesses are now waking up to the need to have a coherent plan when it comes to IT security. While millions are invested in both anti-virus software and anti-hacking strategies, it is essential for any organization offering clients such broad IT-based services to demonstrate a commitment to security as well as prove it is engaged in continuous testing and improvement of its systems.

Unisys has been a pioneer in cloud computing, a service that may well revolutionize the way organizations obtain business and IT services. Put simply, cloud computing develops the concept of delivering software, IT infrastructure and other key IT support requirements "as a service," whereby a range of IT functions and networks hosted online are available on demand on a pay-for-use basis. The underlying ethos of the cloud is provision of shared services without an enterprise having to invest in expensive servers and infrastructure. Most large outsourcing providers are now offering cloud computing services to their clients. And cloud computing has certainly opened another potential revenue stream for larger IT firms.

However, the security concerns of chief information officers are one of the biggest impediments to widespread adoption cloud computing. To overcome CIOs' concerns about security of data in the cloud, Unisys has recently unveiled a cloud computing strategy and solutions portfolio for organizations to move enterprise application workloads securely to tailored cloud environments with greater confidence in maintaining the integrity of critical information.

Underpinning this strategy is Unisys Stealth Solution, an innovative, patent-pending data protection technology initially designed for military applications and now available to commercial clients. The Unisys Stealth solution cloaks data through multiple levels of authentication and encryption, bit-splitting data into multiple packets so it moves invisibly across networks and protects data in the Unisys secure cloud.

Complementing the Stealth solution is the layered security infrastructure Unisys has deployed at its client centres, including intrusion detection and prevention service, security monitoring, advanced correlation and analytics, firewall management and logging.

Alongside its own internal R&D into, and implementation of, online security, Unisys is hoping that, by achieving certification on ISO/IEC 27001:2005, it has stolen a march on the competition. By showing clients that it will bring stringent security processes to the whole practice of cloud computing, Unisys positions itself at the cutting edge of IT security.

For more information on ISO/IEC 27001:2005, visit: www.bsigroup.com/isms

For BSI UK, please visit: www.bsigroup.co.uk