Chart A Plan For Security
Following these four steps will help you shore up your systems.
Each of these steps offers a layer of complexity. Typical technology responses to security risks involve the implementation of network-level security measures, such as firewalls, public key infrastructure, certificates, and encryption. But about two-thirds of attacks originate from within a company. Granular authorization and auditing controls don't help with procedural safeguards, such as a system for removing an account when someone's fired, or frequent password changes.
Measuring return on investment on security systems is difficult as well. Executives understand the need to pay for it--businesses spend around 12% of their IT budgets on security, according to InformationWeek's 2002 Global Information Security Survey, fielded by PricewaterhouseCoopers, but any gains that can be provided make the tab easier to swallow.
One place to look is identity management, a growing security sector involving a centralized mechanism to manage user information that's usually stored in a directory server. Identity-management systems provide high-level services on top of the user data, including self-service capabilities that let users directly perform simple yet time-consuming tasks, such as resetting passwords and delegated administration, which allows for the different groups of users to be administered independently.
Identity-management software also includes underlying workflow capabilities that provide automation and mapping of security policies to business rules. This, in essence, provides a direct way to map business policies and procedures to IT systems. Additionally, these workflow components include automation capabilities that provide time-saving benefits. While workflow technology has been around for some time, its application to security management is fairly new and provides features and capabilities that can produce measurable ROI justifications.
For companies that haven't spent a lot of time on a centralized security plan, a severe security breach can tempt a management team to rush toward a fix that may not deliver in the long term. Instead, it's best to view security as a platform, similar to operating systems or server hardware that provide the environment for your systems and applications throughout the enterprise. Any change will send a ripple through all levels of the IT infrastructure of which this security framework is part. Taking the time to work through these steps might make that ROI a bit easier to find.
David Homan is a principal analyst and Beth Kujawski is an editor with Doculabs, a research and consulting firm that helps companies choose and optimize technologies for their business strategies. Write to them at [email protected].
About the Author
You May Also Like