Disbanding your security team may not be an entirely dumb idea, because plenty of other people in your organisation already overlap with their responsibilities, or could usefully do their jobs. That’s an idea advanced by analyst firm Gartner’s vice president and research fellow Tom Scholtz, who has raised it as a deliberately provocative gesture to get people thinking about how to best secure their organisations. Scholtz’s hypothesis is that when organisations perceive more risk, they create a dedicated team to address it . That team, he said, grows as the scope of risk grows . With business quickly expanding their online activities, that means lots more risk and lots more people in the central team .
Which might do the job but also reminded Scholtz that big teams are seldom noted for efficiency. He also says plenty of businesses see centralised security as roadblocks . I met one chief security officer who said his team is known as the ‘business prevention department’, Scholtz told Gartner’s Security and Risk Management Summit in Sydney today. He therefore looked at how security teams might become less obstructive and hit on the idea of pushing responsibility for security into other teams . One area where this could work, he said, is endpoint security, a field in which many organisations have dedicated and skilled teams to tend desktops and/or servers .
Data security is another area ripe for potential devolution, as Scholtz said security teams often have responsibility to determine the value of data and how it can be used, as do the teams that use that data . Yet both teams exist in their own silo and duplicate elements of each other’s work . Giving the job to one team could therefore be useful. He also pointed out that security teams’ natural proclivities mean they are often not the best educators inside a business, yet other teams are dedicated to the task and therefore excellent candidates for the job of explaining how to control risk. Scholtz’s research led him to believe that organisations will still need central security teams, but that devolution is unlikely to hurt if done well .
Indeed, he said he’s met CIOs who are already making the idea happen, by always looking for other organisations to take responsibility for tasks they don’t think belong in a central technology office. Making the move will also require a culture that sees people willing to learn, fast, and take on new responsibilities . Organisations considering such devolution will also need strong cross-team co-ordination structures, plus the ability to understand how to integrate security requirements into an overall security solution design.
Even those organisations who ultimately see such devolution as too risky, Scholtz said, can still take something away from the theory, by using it to ensure that business unit or team leaders feel accountable for securing their own tools .
Devolving security can also help organisations identify which security functions have been commoditised and are therefore suitable for outsourcing.
Ipswich-based facilities firm Vertas Group snaps up Colchester security business Oakpark Security Systems Ltd
PUBLISHED: 09:39 16 August 2017 | UPDATED: 09:39 16 August 2017
On 27 July at Kingston Crown Court, Michael Quinton pleaded guilty to acting as a director of Limited Risk Ltd contrary to the Company Director Disqualification Act. We began investigating Quinton and Limited Risk Ltd*, an existing Portsmouth-based security company to which he was linked, in May 2014. Quinton, who appeared to be acting as a director of the company, was listed as a disqualified director at Companies House and did not hold an SIA licence. When the investigation began, Quinton and Limited Risk had a number of contracts to undertake security at venues across London and the South East. After further enquiries it became clear that Quinton also had connections to several security companies that were listed as dissolved at Companies House.
These companies were Defensa Security Limited, Guardit (UK) Limited, Guardit Clubs Limited, Guardit Events Limited and Guardit Security Services. After scrutinising Quinton further, our SIA investigators uncovered a number of potential offences from the Commonwealth Games in Scotland in 2014. These offences related to the supply of security staff to the Commonwealth Games where accommodation for the volunteers never materialised and they ended up paying for it themselves. Our SIA investigators were able to show that Quinton had been acting as a director for Limited Risk, despite having been disqualified. As a result, we referred him to the Insolvency Service and supplied information relating to the investigation.
Hampshire Police also investigated Quinton. The Criminal Enforcement team at the Insolvency Service then prosecuted Quinton. The court gave Quinton an 18 month sentence, suspended for 2 years. He was ordered to pay all the prosecution s costs of 13,818.47 within 6 months, and was disqualified from being a director of a company and/or an insolvency practitioner for 10 years. Kevin Young, SIA Partnerships and Investigations Manager, said:
Our investigation of Quinton s business practices relating to the supply of security staff to the 2014 Commonwealth Games in Scotland, and other major sporting events, revealed a pattern of behaviour.
Our investigators at the SIA actively seek to work with partners and the conviction of Michael Quinton shows the value of joint working and sharing of information between the Insolvency Service and Hampshire Police.
The case lawyer, Ian Hatcher, from the Insolvency Service said:
This case shows that the Criminal Enforcement Team of Insolvency Service will take action against those individuals who act as directors or are involved in the management of companies when they are not permitted to do so. Here, a disqualified director attempted to circumvent his ban by incorporating a company abroad and by using the names of others as directors of his British company. The Criminal Enforcement Team of Insolvency Service was alive to this, and took firm action.
- The Security Industry Authority is the organisation responsible for regulating the private security industry in the United Kingdom, reporting to the Home Secretary under the terms of the Private Security Industry Act 2001.
The SIA’s main duties are: the compulsory licensing of individuals undertaking designated activities; and managing the voluntary Approved Contractor Scheme.
- For further information about the Security Industry Authority or to sign up for email updates visit www.sia.homeoffice.gov.uk.