Moving Beyond Checklists: The Case for Advancing Security Strategies Beyond Simple Compliance
Choosing the Right IT Security Products: A Guide for Organisations
In today's digital age, the importance of IT security cannot be overstated. However, it's not just about compliance – the focus should be on the security aspect of the products themselves. This approach can help organisations avoid excess spending and wasted time, and more importantly, prevent data breaches.
When selecting IT security products, it's crucial to consider several factors. These include existing IT security expertise, the need for hiring, deployment options (in-house or managed service), support, training, and supplier responsiveness. Products that make compliance easier to maintain should also be considered.
The initial learning period for these products can be significant, but after that, smaller amounts of time should be set aside monthly or quarterly for reviews. It's essential to remember that continuous compliance, rather than compliance as a one-time event, is a more effective approach.
The search for the perfect IT security product can be challenging, and it's not uncommon for organisations to find that their chosen products are too time-consuming, leading to underutilisation. According to a survey, 16% of respondents cited this as a reason for not using their security products to their full potential.
To ensure the right IT security product(s) are chosen, simple questions at the start of the selection process can help. For instance, it's important to understand the product's capabilities, its ease of use, and the level of support provided.
Training for these products is also essential for getting the maximum security potential. Whether the training comes from the manufacturer or other channels, it's crucial that it's available. Regular maintenance is equally important, as not using IT security products correctly can be as ineffective as not having them at all.
It's worth noting that there is no single security product on the market today that can keep an organisation 100% secure when deployed without attention. This underscores the importance of regular training and maintenance.
Moreover, data breaches are rarely attributed to the failure of a security product, but rather to the breached organisation's lack of proper implementation and maintenance. A 'plug and play' IT security product can fail if it isn't implemented and maintained correctly.
Vendor responsiveness during the sales process is a good indicator of their support later on. Nearly 70% of organisations do not believe they are getting the most from their security products due to complexity, time consumption, or lack of expertise. Over 70% of these organisations acknowledge that not using their security products to their potential puts their organisations at risk.
Interestingly, over 61% of attendees at this year's RSA Conference admitted to deploying IT security products primarily to meet compliance regulations, not for increased security. This suggests that there is room for improvement in the way organisations approach IT security.
In conclusion, choosing IT security products wisely can be a game-changer for any organisation. The cost of choosing and maintaining the right security product is worth preventing a data breach. By focusing on security, considering all factors, and ensuring regular training and maintenance, organisations can protect themselves and their data effectively.
