No Process Equals No Security

Michael Vizard
Slide Show

Five Warning Signs Your Security Policy Is Lacking

Warning signs of a weak security policy from SunGard Availability Services

When it comes to security, there's a natural tendency to think in terms of technology. But in reality, a lack of security has more to do with the absence of processes to ensure that we have security than any particular missing piece of technology.

With that in mind, Christopher Burgher, associate principal with SunGard Availability Services' Security Consulting, has come up with five signs that would strongly indicate that your organization has no real process in place in terms of managing security. According to Burgher, missing one of these signs might not be fatal, but chance are pretty good that if you're missing two or more, it's just a matter of time before some form of security crisis comes your way.

Burgher says that most IT organizations are not aggressive enough about managing security as a cost to be avoided. That means that rather than invest in a raft of technologies that are largely unmanaged as they relate to any security process, IT organizations would be better off if they simply took a step back to assess which data needs to be secured -- and when. In addition, Burgher notes that if nobody is actually responsible for managing security processes at a senior level in the company, that means nobody in the company is accountable for security.

Most IT organizations will eventually find that compliance requirements are driving most of their security requirements, so the next best thing they can do after establishing their security policies is start thinking in terms of how many of those processes can be automated. All too often, the cost of security is tied up in manual processes that require expensive security talent to implement. Paying high-priced talent to manually check configurations, for example, is a significant waste of time and money.

Most of what Burgher is describing here can be filed under the heading of common sense. But you would be amazed at the masses of organizations that have bought every type of security product ever known without ever setting up any kind of security process for those products to implement.

Add Comment      Leave a comment on this blog post
Aug 25, 2010 1:08 AM Ashley at Absolute Ashley at Absolute  says:

Another great piece Mike, thank you!

It's really interesting that companies still see security management as a cost to be avoided rather than a cost saving (and critical) activity.  It appears to be a common misconception that security is a hindrance on companies.  This is particularly concerning given the need for compliance and the increased presence of security threats.

Managing security is a great way to not only protect an organization, their employees, and customers, but also manage risk and costs that can accumulate due to data breaches, device theft, and other security related items. 

While asset management and the development of processes might take time to coordinate and implement, the long-term benefits are invaluable.  Companies have an opportunity to take preventative action that will help to minimize the impact of issues as they arise, as well as effectively manage associated costs.  Having a comprehensive security strategy that includes well thought out processes and an IT asset management software solution are key.

Thank you,

Ashley, Absolute Software


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.