Security tends to be last on the list
 
|
|||
 | |||
|
Sign up to receive this and other networking newsletters in your inbox.
Here's something that puzzles me: You worry tremendously about the security of e-commerce transactions, yet you don't show half as much concern for the safety of the infrastructure that supports those transactions. Why?
One possibility is that you've already spent so much money on building up your e-commerce network that you've busted the bank. Another is that you don't believe that the network is truly in jeopardy, only the transactions.
But thinking this way puts your company at great risk, according to Ian Poynter, president of security consultancy Jerboa in Cambridge, Mass.
Poynter says some network managers see security as a gray area with no return. Another tendency is to believe that security needs to be performed on an ongoing basis, yet once the infrastructure is set up, there's not much need for a high-level full-time person. Instead, a lower-level person could do the day-to-day monitoring and log checking.
A critical mistake that often happens in e-commerce is that companies try to build infrastructures without involving security experts. Web design teams, marketing teams and business managers are all brought in to consult, but none of them take into consideration the security holes in the system. The expense of having another consultant come in to evaluate the network seems too great for the purseholders.
"Security is like insurance: it falls low on the list," Poynter says. "It's a pure expense item. But what companies don't realize is that if you don't build security in from the start, you end up spending more if you're broken into."
But Poynter says that after a break-in, it is too late to explain to shareholders that what compromised your mission-critical information was that the firm didn't invest in protection right from the start.
Poynter has three tips to help you when building your security infrastructure:
- Think about the value of the information you're exposing. If you understand how much this information is worth to you, your users or your competitors, it might make it easier to get the security items you want budgeted.
- Keep the lines of communication open between the business people and the tech people. If you understand the importance of the information in question, then it will go higher on your priority list. You can only know this if the business people tell you. Also, if you know how important security is to your infrastructure, you have to explain that to the business people.
- Don't ignore people problems. Understand that everyone has to stay in the loop about the mission-critical nature of the information on the network. Do not let broken communications, disgruntled workers, uninformed people or the tight bottom line hamper your efforts to secure your infrastructure. If any of these problem areas flare up, deal with them right away.
"Spending too much on security is stupid. But not spending enough is even more stupid," Poynter says.
RELATED LINKS
Sandra Gittlen is events editor for Network World's Seminars and Events Group. Previously, she was managing editor of Network World Fusion and senior reporter covering Internet research and standards for Network World magazine. She can be reached at sgittlen@nww.com.
E-commerce archive
Past newsletters.
Archive of Network World on E-Commerce in the Enterprise newsletters
