There's no shortage of burning questions about IT security these days, some sparked by nasty threats, others by economic concerns and some by growing use of social networking and cloud computing.
We spoke to about two dozen experts – IT customers, analysts and vendors – to nail down some answers. What follows is a summary of the questions we addressed. Click on the hyperlinked questions to read more on each topic.
Can you no longer avoid closely monitoring employees?
The insider threat has always existed, but in an era of economic upheaval and uncertainty, the problem is only magnified. That point came across in a recent Ponemon Institute survey of 945 individuals who were laid off, fired or quit their jobs during the last year, with 59% admitting to stealing company data and 67% using their former company's confidential information to leverage a new job. So the big question is: How far should IT managers go to protect corporate data?
"There's a balance," says Max Reissmueller, senior manager of IT operations and infrastructure at Pioneer Electronics, in Long Beach, Calif. "I wouldn't want managers coming to me to keep an eye on a particular employee, wondering what they are doing every minute."
Should you choose a strategic security vendor or shoot for best-in-breed?
A huge debate these days is whether to select a strategic security vendor to provide the majority of security products and services the enterprise might require, or opt to evaluate point products, including those from start-ups, with an eye toward best of breed.
"My tendency is to lean toward a strategic vendor if we can," says Rick Haverty, director of IS infrastructure at the University of Rochester Medical Center, which includes hospitals and medical research centers. But he adds he doesn't yet see the benefit of product integration that choosing a strategic security vendor (in his case Cisco) is supposed to bring, such as common management console.
Can security processes finally be automated?
Automation of security is a concept with momentum this year as some of the larger federal agencies, including the Department of Defense, National Security Agency, Agriculture and Energy, are pushing for a new direction beyond the current FISMA audit mandate for compliance. They want Congress and the Obama Administration to consider adopting the Consensus Audit Guidelines, a set of 20 security technical controls that encourage automation.
But can security processes be automated?
How scared should you be about security statistics?
Vendor-sponsored security surveys are a dime a dozen, but that doesn't mean it's easy to ignore their findings. Did you know the number of crimeware-spreading Web sites infecting PCs with password-stealing crimeware reached an all-time high of 31,173 in December, according to the APWG (formerly Anti-Phishing Working Group) coalition? Or that data breach costs rose to $6.6 million per breach last year, up from $6.3 million in 2007, according to the Ponemon Institute? Just how worried should you be about all this?
Rss FeedRss Feed
The Leader in Network Knowledge
Comment