With no end in sight for data breaches, IT security is certainly experiencing it's 15 minutes of fame at the moment but perhaps not for the reasons it would like. This proliferation of data breaches would seem to suggest that companies haven't managed to get their security quite right yet so isn't it time we looked at why that might be?
There is a plethora of security solutions on the market at the moment from IT security vendors, niche vendors and the bigger, more generalist IT vendors. This is absolutely as it should be because there is also a plethora of security challenges to match those solutions. Indeed, there is no silver bullet when it comes to security so having a myriad of choice is great for the customer and something they should embrace. It means that they can choose the right combination of solutions for their needs. Unfortunately, that's a bit more complicated than it might first appear.
Security is a complicated thing and no one can blame a customer for wanting to invest in just one technology. It means that they only have to buy one solution and commit to one contract, which could make good financial sense. And it means that their IT teams only need to be trained up on and manage that one solution which might make a lot of sense from a resource point of view. But the simple truth is that investing in just one security solution probably means one of two things - either you're covered in one particular area of security well but no others, or you're covered across the board but thinly.
When you think about true end-to-end security, it includes a huge volume of solution areas including privilege access, network access control, firewalls, threat detection, alerting systems, mobile data security and much, much more. For full end-to-end vulnerability management, you need layers of security.
Embracing this concept of security layers and buying the right tools for the right jobs is going to be what saves companies from data breaches. If you think about a Swiss Army knife, there is a limit to the amount of tools attached to the device before it becomes unusable and the same is true of security solutions. There's a reason why a hammer doesn't come with a 500 page manual - because the job it does is clear for all to see, that's the beauty of it and that's arguably why it's been around so long. We need to adopt the same mindset for security solutions - buy the right set of tools for your particular IT security challenges but, and this is the key to success, make sure they integrate.
There's nothing worse than a fantastic tool that gives great insights to the IT team but that doesn't integrate into the reporting system, for instance, so it becomes immediately less effective. It's imperative that whatever technologies you choose, you ensure that you can take the data out of them and combine it with other systems to get a holistic view of your security. The more visibility you have of something, the better decisions you can make and the better integrated your systems, the quicker you'll get that visibility and the quicker you'll be able to make those decisions.
One way to ensure that the different technology solutions you invest in will work together seamlessly is to clarify before purchase by asking the right questions of the vendors you're considering. You can also test this during the proof-of-concept stage. But it's also worth considering enlisting the help of a Systems Integrator (SI); they have a wealth of knowledge of what works well together and it's their job to be well-versed in the latest technologies. The security industry is moving at an incredibly fast pace so it's wise to get help navigating the various technologies and platforms available so that you can choose the correct products and solutions for your business. And of course, making integration central to your IT security strategy has the added benefit of future-proofing your business as you will easily be able to add additional tools as and when new vulnerabilities come to light.
Contributed by Brian Chappell, technical services director, EMEA, BeyondTrust