Another thought from the conference last week; why do we always see security as a technical problem? At least we always talk about it from a technical perspective and we want to solve everything with more products. I believe that before you even consider what equipment to buy there are three important things to consider:
1. A proper security policy.
Without a security policy no one knows what to protect and from whom. If there is breach in security no one will no how to react or how to repair the damage. Polices and procedures goes hand in hand.
2. Balance between cost and benefits
An important aspect of security is that the cost of the security solutions must be proportional to the threats and to what you want to protect. The best way to achieve this is to investigate which assets you have and which threats you can foresee. The next step is to do a threat analyse covering what happens if there is a security breach. Based on this analyse it is possible to grade different threats and choose the protection that is needed from what is sound from an financial standpoint. The goal is to find a balance between the costs for security (money, flexibility etc) and the value of the information. The higher value of the information and the higher the treat level, the higher the investment needed. The equation works the other way around as well; high value but low threat level…lower cost.
Do not forget the users in this process, in the end they need to able to work with the systems.
3. If 1 and 2 is fixed security can lead to increase revenue and lower costs.
If you have control more things, more things will be possible to achieve. More users can get mobile access, partners and customers can get access to internal information etc etc. Good security implemented in the right way can be a way to compete with other companies..
Subscribe to:
Post Comments (Atom)
4 comments:
Hi
This is Maanik, I am a big fan of Indian IT industry. I found your blog during searching from Information Security consulting services in India. I found this blog very informative.
Definitely! Most companies see security as :
1) They HAVE to do it to avoid / limit risk.
2) It's like an insurance. You pay for it... hoping you never need to really use it.
This model is flawed. In particular because it's not appealing.
What I like about the appGATE approach is that it's all about bringing in new possibilities through the use of security. So you don't sell security for my reasons 1 and 2... you sell it because it enables your customers to do more in terms of developing their business / activities.
With your products, a small / medium enterprise can better deploy a distributed workforce which can be more dynamic (immediate access to corporate resources) in doing their business. It reduces their sales cycle time.
With your products, a government agency can access sensitive date securely across the territory it controls. This enables faster response times when dealing with situations / crisis.
Time to change the world's perception of security. It's not something you HAVE to do. It's something that ENABLES you to do more.
Thank you for your nice comments!
I bet most of the poor would join the military if they could. The problem is the military is very competitive for officer positions, and below that most Americans simply can not get into the shape they have to be in. We are not a warrior nation by any means.Indian consultancy services | Business advisory services in India
Post a Comment