|
By VICTOR KATHEYAS
ABOUT 11 years ago, as a police officer heading the Criminal Investigation Department's (CID) Computer Crime Branch, Tan Swee Wan realised that IT security would have great commercial relevance in the coming years.
Three years later, after working at a number of multinational corporations to gain business experience, he (together with former colleague Kelvin Low) set up Tecbiz Frisman, a company that provides digital investigation and IT asset management services.
The company - headquartered in Singapore with regional offices in Malaysia and Thailand - employs about 15 staff and posted a turnover of about $2.5 million for the full year ended December last year.
Major clients include MNCs such as Shell, Hewlett-Packard and Microsoft. The firm also testifies in court as an expert witness, said Mr Low, who added that it had acted for the new board of the National Kidney Foundation (NKF) against its former board of directors.
The company's core area of business, said Mr Tan, is 'business value protection' - a term which encompasses 'both proactive and reactive' services to prevent and manage breaches of IT security, in addition to IT asset management, which entails managing software licences in a manner which is most cost-effective.
IT asset management often involves inventorying a client's software and hardware, and subsequently monitoring the usage of licences so as to avoid non-compliance while optimising expenditure. For example, Tecbiz Frisman helps companies avoid allowing valid licences to go waste when they retire hardware.
Turning to IT risk management and mitigation, Mr Tan said that Tecbiz Frisman analyses its clients' computer networks and highlights the existence of potential threats, such as Trojans and data destruction software.
Should breaches of security occur, the firm investigates its causes and helps clients understand how to avoid such occurrences in future.
While such offences are often punishable under the Computer Misuse Act, and hence may be investigated by the police instead, Mr Tan said that companies have strong reasons to engage the firm's services.
'Some companies prefer to avoid publicity; once it becomes a criminal case, whether or not the case will be publicised is beyond their control,' he said.
In addition, such crimes often occur across jurisdictions. As such, while the police have investigative powers to pursue the case, the process often takes longer than companies would like.
Perhaps most important of all, Tecbiz Frisman makes the 'data alive' and helps clients understand exactly how the breach occurred, said Mr Tan.
'Data is dead. If you look at it, it's zero and one basically.
'In any computer forensic engagement, all the service providers would look for the data, and then give you the data. But here, we analyse system data and user data - active and deleted - so that a complete picture can be painted about what happened,' he said.
When asked about the effect of the economic downturn on the company, Mr Tan said that he was confident of the firm's success because, among other things, it has strong cashflow management practices.
Being 'very cost-conscious', the company is very prudent when it comes to cash flow and credit management, said Mr Tan.
The company is also fortunate to have MNCs make up the bulk of its clientele as, while 'their payment cycle may be longer, the money will surely come'.
However, he acknowledges that Tecbiz Frisman's clients too have become more cost-conscious. As a result, rather than reprice its services downwards, the company works with clients to help them elect for those services which are most essential, and trim expenditure on less essential offerings.
Making the most of the economic downturn, the company has implemented internal training sessions to ensure that consultants benefit from each other's experience and knowledge. In addition, the company is also 'building upon its inventory of forensic software as well as hardware', said Mr Low.
This article was first published in The Business Times.
| 
