“An ounce of prevention is worth a pound of cure” is as relevant in IT security as it was when Benjamin Franklin first said it. As IT professionals look at any potential threat, we have to make one of three choices how we are going to address each threat. We can be passive, defensive or preventative in our approach.
When we choose to be passive about a threat, it means we:
• Do not perceive the threat as being costly
• Don’t think the threat is imminent
• Do not realize the threat exists
Being passive is a choice, and when we are wrong, the cure is very costly. Determining what happened, how it happened and then repairing the damage done to clients, partners and our own business reputation can take months and cost millions of dollars to repair.
Defensive is expensive and requires constant and vigilant oversight. Defensive measures are needed for our greatest areas of threat, but should be limited to high risk users. Risk assessments and assigning risk values should be an integral part of a solid security strategy. Blanket defensive strategies don’t work because they are too expensive and too complex. Targeted defensive measures work because they are focused on a smaller group of users and are less expensive and less complex.
Prevention was as important 200 years ago when Mr. Franklin evangelized it as today. Prevention is less expensive than the cure or the defensive costs of IT security. A great security strategy focuses on prevention and includes technologies that provide:
• Deep packet inspection of information coming into our environments
• Secure access to cloud-based applications
• Automated provisioning and de-provisioning of all user accounts
• Specific management of users with privileged access
• Multi-factor authentication options for specific applications and users
• Discovery of private data that is saved in public or unsecured areas
• Periodic attestation and certification of users access rights
• Data protection, backup and recovery
Many other security technologies can assist us in preventing threats from becoming a reality. EST Group assists our customers in developing the right mix of defensive and preventative measures to deliver a comprehensive and affordable security solution. Call us for a checkup on your current security strategy.