Five Steps To Better Security: What Every Exec Needs to Know

Every year, the number of data breaches continues to increase and companies are looking for ways to protect their most important asset—their data. In 2007, the Identity Theft Resource Center documented 448 data breaches, potentially affecting more than 127 million records, almost three times the amount in 2006.

Security is critical enabler for organizations’ IT systems for several reasons. Companies must guard against people who would steal or destroy their data and services. Also, government regulations like the Sarbanes-Oxley Act mean businesses must know who has access to what data and when. Every publicly traded business must comply with these regulations and inadequate security policies and controls greatly increase the cost of that compliance.

Additionally, many companies are virtualizing their businesses to become more efficient and nimble. Collaborating with business partners becomes as important as collaborating between employees. Companies must integrate processes and federate identities across company boundaries. In effect, security is the first hurdle.

More specifically, companies must identify employees from partners and define how to access internal IT systems in support of these integrated processes. Then companies need a process to identify the right people, issue an ID so they can log on, grant the appropriate access permissions, and manage the entire system. However, most IT security systems are not designed to work across company boundaries. Emerging technologies enable new capabilities but it is not enough to simply install a product—policy and procedure become even more important.

While there are no easy answers when it comes to protecting enterprise data and assets, here are a few tips to get on the road to achieving a secure enterprise through a measured, thoughtful consideration of factors within your unique business environment.

Develop a Strategic Plan – Enterprises need a consistent security strategy and a reliable process to keep up with the latest technologies and ongoing threats. You should approach security from a holistic and strategic perspective to ensure reliability, regulatory compliance, data confidentiality, integrity and availability.

This plan should include estimated costs, set objectives and a solution blueprint. Also, a pre-determined roadmap for the final result is a critical factor for any successful implementation.

Below are some steps to complete in order to create the right plan for your organization:

  • Set overall scope and objectives
  • Gather high level requirements such as what systems you need to support, etc.
  • Determine the current state of your security and what you want to achieve
  • Develop business case to get executive buy-in on this plan and estimate your costs
  • Develop a blueprint for creating your security solution
  • Select the appropriate software to achieve objectives
  • Develop a roadmap for rolling out the solution
  • Consider the People and Processes – Secure solutions depend upon the integration of technology, processes, and people. Whether you’re devising an approach to identity management or designing your organization’s patch management methodology, you should consider each of these aspects as foundational to your security strategy. Technology is only part of the solution. Having an effective process, while aligning the solution with employees, helps ease the transition for any organization.

    Pick the Right Partner – With so many vendors and consultants available, it is important to find a partner that shares your organization’s strategic vision. After determining a strategy, select partners with experience and a strong reputation. The right partner will help design and implement a system that maximizes existing systems to manage access across systems and network securely and cost-effectively.

    Implement with a Target in Mind – Do not arbitrarily implement solutions and expect them to run smoothly. It is essential to establish architectural guidelines in order to eliminate complexity before it begins.