Actions for Key Security Maxims That IT Leaders Should Consider

Article by Rishikesh Kamat

Rishikesh Kamat of Netmagic Solutions highlights key actionable for 5 key security maxims that IT leaders should know and consider

In the last blog, I had talked about 5 key security maxims that InfoSec leaders, chief security officers and security professionals should know and consider while making security decisions in their organizations.(Click here to read the blog)

Each maxim is explained with key actionable that security leaders can use to effectively address them.

False Sense of Security and Poor deployment

Presence of processes and technology tools often give a false sense of security in organizations. Security teams go through implementation of security tools and technologies in the hope to secure their networks, data, critical assets and intellectual property. The reality is that in many cases these tools and technologies do not translate to improving the security posture of the organization.

Key Actions: More than purchasing security paraphernalia, it is important to implement it correctly. Not all organizations have the requisite skills in-house for this. Look out to a managed security services provider who can help achieve effectiveness in your deployments of Security

Focused and Relevant Spending on Security

"Too much security" is an oxymoron. But there is the risk of "too much trust in security". Expensive, new, improved and number of security systems does not make "too much security", in fact, it may not even make "adequate security".

It is important to understand the business well, identify what assets are to be secured and use what is relevant. In an environment where security spending is still frowned upon, it is pertinent to make the best use of your investments.

Key Actions: Identify the critical security checkpoints in your infrastructure and application landscape and then develop your requirements. Do not fall prey to marketing sounds and put the cart before the horse. Again, you may take the help from an external consultant for an effective gap analysis audit.

Reactive Vs. Proactive Conundrum

Proactive approach by far is the best approach – although it is easier said than done. Proactive approach helps you put yourself in the attackers shoes. You will see the opportunities that the attackers are looking for, you see the vulnerabilities before an event, and will be able to patch them with solutions or tools before a breach.

Key actions: Convince your CIO/CEO and the board that security threats are for real. Do a quick PoC (Proof of Concept) using service provider’s toolsto identify potential security gaps that need to be closed.

Cost and Availability Consideration

Proactive security approaches can help you prevent breeches. This in itself is huge in savings considering the damage caused to organizations in terms of financial, reputational and legal issues. Compliance and regulatory scenario is another reason to quickly start changing the approach of security – regulatory and legal penalties can be avoided too.

Letting experts handle an organizations security helps increase availability of critical systems that businesses are so dependent on today. It is important to understand the top and bottom line benefits of security while putting a security plan in place.

Key Actions: Champion the cause of security as a business enabler, because lack of security will only lead to loss of business. It leaders should take the time to educate business line heads and P&L owners of the impact of security risks in terms of financial loss.

Compliance Pressures

Compliance is only getting stringent. It is key that security posture of the organization plays a critical role in adhering to stringent compliance norms, especially in industries such as BFSI, Healthcare, Pharma, etc. If the security slackens, soon the big daddy (Government) is going to get you. If the carrot of business benefits does not work, the compliance stick will do the work.

Key actions:Identify the relevant compliance measures and the corresponding security perspective associated with them. Taking help from a managed security services provider or security consultant can greatly help in identifying and addressing these compliance needs.