Discipline Not Product
Your users need the flexibility of access to critical services; anywhere, anytime, and on any device. It’s our job to make sure that access is not only reliable but secure. In order to build a secure environment, together, we must truly understand not only the technology but also the business importance of the data and systems themselves in order to help you make appropriate decisions on minimizing risk.
You may have noticed on the home page; Our Security Mantra:
- Security is a discipline, it is not a product
- Security is urgent, the threat landscape changes
- Security is about your digital assets, wherever they are
- Security is about your people, as much as your technology
Security is a discipline, it is not a product
It used to be that a firewall, some anti-virus and malware protection was enough to feel secure. It’s clear now that potential threats are avoiding those avenues of access (though we still need these measures). Every week we hear about new threats, new vulnerabilities discovered and exploited by those who would gain access to your digital assets to do you direct harm.
For that reason, the old “set it and forget it” method of security no longer applies. Every day the threat landscape needs to be reviewed and your defenses updated. Your staff, the biggest vulnerability you have, has to be constantly trained. You, as the business leaders are directly responsible for this data and as such must keep a vigilant and active stance.
Security is urgent, the threat landscape changes
As stated, the threat landscape is constantly changing. All you need do is look in the business section (not technology section) of the Wall Street Journal. Daily there are articles about security breaches and their effect on corporation’s productivity and competitiveness.
If you don’t keep up you put your company at risk. It’s beholden on you, as the asset owners, to make sure your company is ready to run that marathon daily. It takes discipline but it can be done.
Security is about your digital assets, wherever they are
“You can’t improve what you can’t measure”. In business we’ve heard that for decades now as data mining and “Continuous Improvement” has been the rage…
“You can’t secure what you can’t define” is the modified RTM security mantra. The first step in our framework is to work with your corporate executives, the real digital asset owners, those who are responsible for corporate performance, to understand what they consider to be their digital assets, their importance and their appetite for security relative to budget.
Further while the asset owners will know what the asset is and its importance it is the responsibility of the IT staff to identify where in the corporate (or increasingly, cloud) infrastructure these assets reside to best secure them at rest as well as in transit.
“Measure twice, cut once” The process of asset discovery and analysis is eye opening to many corporations. Long before any security measure is implemented this critical step is done once, twice and even three times to assure everything is captured.
Security is about your people, as much as your technology
The only secure digital asset is the one which people have no access to. While true this is completely impractical. In fact, if asked, most people would say “Give me easy access to my data, from anywhere I want, whenever I want; I have a job to do”. How do you balance the needs of the corporation to succeed with the needs to maintain security?
You begin with what has increasingly become your easiest point of breach: your staff themselves. From phishing emails that result in Ransomware situations to sophisticated social engineering that may result in inappropriate transfer of cash, your staff needs to be educated to the latest in security infiltration means and how to avoid them. A well-educated staff is your BEST means of security.