Introduction
Blacknight have data centres in Carlow and Dublin and peer directly with INEX, as well as several other locations around Europe for super-fast connections to the wider internet.
In this case study, we examine Blacknight’s experience in achieving the ISO 27001 Information Security Standard. We explore the challenges they faced, then why they choose ISO certification as the solution, the objectives they set, the benefits they have encountered from it.
The Challenge
Blacknight already had existing systems in place for the security of data, but quickly realised they needed something more. Initially, the team were looking to provide some assurance to their valued customers that the business was serious about securing the data in which they were entrusted. As the company grew, Blacknight realised that managing security was becoming more difficult without a framework to work within. Increasingly, enterprise level customers were asking for certification and evidence of compliance the team realised certification was necessary to compete in the space effectively.
Because of the rapid developments in technology and continuous threats online, Blacknight’s customers now expected them to have the highest standards of security management systems in place, where they could reassure their existing and potential customers that they meet those standards with ISO certification.
The Solution
First, the solution required Blacknight to have a risk framework implemented, to ensure they were controlling, monitoring and measuring what needed to be managed from a security perspective. This framework needed to be externally assessed regularly thus avoiding complacency setting in. The cyber threat landscape has changed over the past number of years and the risks to business are continually growing. Senior management, regulatory bodies, existing and potential customers needed assurance that the business is aware of and can adapt to the threats.
ISO 27001 is internationally recognised as a security standard. Because it maps closely to privacy (GDPR) and NIS compliance requirements, it simplifies the process of demonstrating security compliance to regulatory bodies and to customers.
For example, lengthy third-party supplier questionnaires, contract queries, privacy queries can in many cases be circumvented by providing the certificate as evidence of compliance.
Business Objectives
Becoming ISO certified for Blacknight was not only about following best practices, but also about how they communicated that with their customers, so they are reassured the business is following the highest standards. The benefits of being certified allow Blacknight to increase transparency and assurance for their existing and future customer base. Not only does their certification build on existing relationships, but it also helps to develop relationships with new customers by having that extra trust signal.
The increasing demand for cloud, dedicated servers and colocation services was (and is) a key driver to growing their business. Security is a key component of the value chain, aiming to meet those customers value added needs is where Blacknight aim to differentiate themselves from their competitors. Having a framework that is consistently being assessed and developed is something they continue to aim for.
Having a framework means that the team are always developing our internal processes for ongoing security assessments, as well preparing their strategy for business continuity. The initiative helps Blacknight to continue to grow and develop our brand equity by having a strong and trustworthy brand.
Blacknight’s Benefits of ISO 27001
Being ISO certified has enabled Blacknight to develop and grow their enterprise business. The certification has ensured that all staff have training on a regular basis, which means that team members understand the importance of information security management and are more vigilant and aware of ongoing threats. This training is reflective when their customer facing staff can communicate this understanding effectively with new and existing customers, which has assisted in the growth of their enterprise business.
Increased cyberthreats and customer concerns were further compounded by privacy requirements introduced with the enactment of GDPR. Blacknight needed a framework in place that ensured they were constantly improving and managing security because of the ever-changing threats in the online world; thus ISO 27001 was ideal for their business needs. Implementing ISO 27001 made the team consider their security posture from many different angles including suppliers, business continuity, physical and logical access to data.
The implementation was timely and prescient because it reduced the workload involved in GDPR and the subsequent growth in customer queries relating to security. As a DSP, it also reduced the workload involved in demonstrating NIS compliance and has helped foster relationships with the NCSC / CSIRT.
Resources
