Security's Everyman

Security's Everyman

Saturday, February 10, 2007

How Much Security Do You Have?

Security touches every area of IT. It ranges from the perimeter to the end point and everything in between. This InformationWeek article talks about the consolidation of security and how some think that security will evolve into part of the infrastructure that will eliminate the need for stand alone products. Of course others think that there will always be a need and a market for stand alone products. What caught my eye in this article is this statement "But customers also can't manage 32 separate security vendors and their products--a number cited by Noonan last week as the average these days for a large enterprise. IT security spending continues to grow at three times the rate of other tech investments, he said, "a pretty unsustainable business problem.""

I work in a small shop and 32 separate vendors and products sounds like an awful lot to manage. I'm glad that I don't have to deal with that many. We have 8 different security products currently and 2 more in the works. For our needs this give us what I would consider to be a good mix of security that covers multiple layers and various avenues of potential attack. Then when you consider how each of these has various configurations and options most of them go 2 or 3 layers deep.

I'm curious how many different security products do you have? How big is your company? If you take into account the various options that each security product has how deep can you really go? What do you consider to be part of your security platform?

I talk with a lot of people who work in companies ranging from 2 to thousands of employees and I've seen lots of different security devices and products used. What I'd really like to know is how many of them are really unnecessary. How many of them take away from something else? How many of them could be consolidated into other products to reduce cost and management time. This ties in well to Thursdays post on "Too Much Security?" What can companies do to get the best bang for the security dollar?

Part of my passion for security is seeking ways to make security work with minimal pain for the company (financial and administrative), minimal impact to the user experience and most importantly ensuring that all aspects of the security infrastructure works together and not in opposition to each other. That is where I'd like to take my blog and my career. I'm seeking ways to expand my influence and teach others how to make themselves and their company more secure. There are many companies and IT professionals who really don't get security and it's implications to business and their personal lives. Those that do often only do so in a "Security Theater" way. They do what looks good without regard as to whether or not it really mitigates a valid security risk. In my opinion that is why a company can get saddled with 32 or more different security solutions.


Annerose said...

These comments have been invaluable to me as is this whole site. I thank you for your comment.

Michael said...

Thanks for the nice post!

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.