Don't begrudge the budget
Network security is an investment in the company's ability to secure client contracts and grow the business.
Network security is probably the most critical element inherent to any network architecture, and yet, so often an after-thought. That is, until the network is breached or Web site is hacked, and data assets end up in the headlines across the front pages of the world press.
According to a recent study by the South African Banking Risk Information Centre, South Africans lose around R2.2 billion due to cyber fraud every year. Let's ponder this for a minute: SA's GDP in 2015 was R4 trillion spread across the primary, secondary and tertiary sectors, showing an annual growth rate of close on 0.6%.
The tertiary sector accounts for nearly 69% of GDP, and within that, the financial sector showed a growth of 2.8% over the year due to "increased activity". I wonder how much of this "activity" contributed to this amount of R2.2 billion? Seriously people! That's an astonishing figure and money picked out of the customer's back-pockets, skimmed off the bottom-line. Thanks for coming.
So, how can companies protect themselves from this "leakage"? How can they secure their ability to drive legitimate business using technology as an enabler and plug the holes? I believe it starts with good network security practice, and in securing access and control over the data and information assets that live on the networks.
What is at risk?
Let's take a ten-thousand-foot glance at how network security impacts people and their business. Think about some of the following business-integral data pools that are likely at risk without proper network security management in place:
* Corporate financial records;
* Customer databases and payroll systems;
* Strategic meeting minutes from opcos, mancos, excos, etc;
* Order books and sales workflow applications;
* Warehouse stock control systems;
* Server logs, configuration templates, backup files; and
* Production facility machinery control command logs.
The list could go on. What's important is to consider the business impact (both immediate and post) if the integrity of any of these critical "data pools" is compromised. The point is, the risk of network breach, data extraction and subsequent exploitation is very real. It poses significant financial, reputational and operational impact to all people and their businesses.
If this is true, then why does network security expenditure begrudge opex and even capex budgets? Why do companies view this as an expense when they should be seeing it as an investment in sustainability? Future client service experiences, hard-earned brand promises and signed contracts all depend on one thing - the consistency of service delivery - in effect, the company's reputation. So, why do companies choose not to invest in securing that reputation by protecting their ability to consistently deliver on their promises?
Why dilute my expertise and focus on areas I'm not good at just to make sure something is being done?
Network security is therefore not a grudge expense line item on a company's budget, but rather, an investment in its future ability to secure client contracts and grow the business. It's a vehicle to differentiate the company's core business, to enable it - to enhance its ability and to protect its niche.
What to do about it
In this day and age of outsourcing models and bootstrap budgets, I would shift my effort towards the necessity to focus on what is core to my business. For example, an e-commerce player is there to drive traffic to its Web site in order to sell products online, not to secure a payment gateway that facilitates the transaction. Likewise, a Web site design agency is there to design and develop specialised, creative content that builds a brand and reputation, not to host and secure the Web site and protect it from compromise.
Seriously, why dilute my expertise and focus on areas I'm not good at just to make sure something is being done? Rather get an expert in to assist with a specialised managed service, and remove all the risk from my bottom-line, thereby allowing me to refocus my assets on core business.
When I look at where companies invest time, energy and budget, I see that much is spent on maintaining the status quo, rather than building for a bigger future. I guess that's because people are all hell-bent on not rocking the boat too much, and on riding the wave while it's breaking. But, the fact is, the wave is breaking. That's what allows people to ride it in the first place. How quickly they can paddle out and enjoy the next set is dependent on how much they have invested in their sustainability as a business - their "fitness" level.
Tides come and go, the boat will always be rocking, and the pros will ride all summer long. It pays to be practised and prepared.
It's time to gear up for the future by securing the company's sustainability. Invest in network security expertise and sharpen the focus on the core business. Lock up and grow!
http://www.bdlive.co.za/business/technology/2015/06/08/just-how-big-a-threat-is-cybercrime-to-sa. Accessed: 10 March 2016.
http://www.statssa.gov.za/?p=6233. Accessed: 10 March 2016.
Jared van Ast is the founder and MD of 10dot Cloud Security. He is frustrated with diluted value propositions, and he loves to do things properly. He is suspicious by nature and habitually pragmatic. Focused on network security, 10dot works to lock-up business networks and help them grow. With over 15 yearsâ experience in the IT and ISP sectors, Van Ast is hell-bent on enabling companies to focus on core business.