Putting security back together again
Traditionally, the primary approach to investing in security technology was to buy the best available product that would provide a system with the greatest protection. This has resulted in a fragmented and complex approach to security management.
So says Greg Brown, senior director for product marketing and network defence at security company McAfee. Brown delivered a presentation on optimised security management at the McAfee Strategic Security Roundtable, hosted in conjunction with ITWeb at Melrose Arch Hotel earlier this week.
“Companies who wanted a firewall went out to look for the best firewall product. Then if they wanted a Web gateway product they went out to look for the best gateway product,” explained Brown. As this continued, so too did the fragmentation of their companies' security infrastructure, he adds.
According to Brown, this fragmentation has resulted in companies deploying 30 to 40 different security products across their IT systems. “This has, in turn, increased operational costs as companies then have to employ more people to manage all the different security technologies.”
The knock-on effect is far-reaching, especially when companies want to change their business model, Brown noted. The process of then adjusting the IT infrastructure and systems is complicated, reducing business agility and increasing data and productivity risk, he added.
“Most of us have inherited our networks from our predecessors and have had to work with what we have,” offered Cobus Boshoff, IT manager at EnviroServ. “During the recession we have had to apply money to wherever the threat is. As such, the ICT budget has been limited to the immediate threat only.”
While this has been the overriding trend in the security management space, CIO of Sasfin Bank, Dawie Olivier, said change has begun. “While fear has been the great motivator for security management in the past, we are now seeing a more integrated approach where companies are proactively budgeting towards unified security management.”
Delegates noted that corporates need to be aware of the threat landscape that exists and called for increased user education to address cyber crime ignorance. It was also noted that corporate online interactivity, the proliferation of infected memory sticks, and the emergence of the mobile workforce are key trends that add to corporate vulnerability.
It was concluded that a planned and unified approach to security management is required to survive the war against cyber crime.