One of the things that I have noticed in life and in business as well as security is that nothing is ever static. What do I mean by this? I mean that we are either moving forward or we are moving back. There really is no standing still at least not for long. And if we believe we are standing still maybe we need a few markers along the way to tell us what is really going on, data security is the same way. You should have some way to indicate our progress as you proceed through your business life. Not just a feeling, but something concrete and measurable. Many times executives in business scrutinize their choices by what can be gained or what pain can be relieved. And they want results and they should get them. But then when it comes to progress in certain areas we don’t always look for the same measurable results. But this is a mistake that can come back to bite you. And it will bite you in many ways if we are talking about data security.
What Are Your guideposts?
How do you know if you are progressing or regressing? Well profitability and revenue growth are two very accepted numbers. Stock price or market share are also good ones. Expenses, at all levels is measured and acted on. These are all maintenance items over time. First you recognize your measurements then you maintain the levels or results that you deem necessary. Security is the same way. How do you determine the efficacy of your security posture? Well a lot of organizations simply do not. Interesting article on trends in security you can see many companies are not keeping up.
Many times they wait until something painful happens then they react. Hardly a sound business process but very maleficent in the world we live in. But maintenance should be part of your security posture. Where are you today? How do you measure it? Where is your security going, in this rapidly changing hostile environment that we operate in every day? Wayne Gretzky said “a good hockey player plays where the puck is, a great hockey player plays where the puck is going to be.” No difference with security you have to stay ahead of the game and only you can determine this posture.
Security Is A Moving Target
I have seen very large important networks that area populated with old antiquated security technology. They are just waiting for a catastrophic breach. Simply updating what they have can move them forward immensely. But it is more than that. The security in most companies is not measured. There are no metrics, or testing or tools to determine where they are in the security picture. A secure system should have modern reporting tools at their disposal 24 hours a day to measure their security profile.
There should be daily and monthly reports, if you don’t have the people in house to do this you can hire services to maintain this for you. But there is no excuse to not have it done. Your system should be tested on an ongoing basis. You should be using preferably an outside organization that specialized in these processes. You should not just be cannibalizing your IT department to do a job they are most likely not trained to do. Finally, this maintenance effort should once again be led from the top. The mindset has to be there in order to see the results.