Point Solutions Not Enough

Security pros are often overwhelmed by the scope of securing data and information. So much so that the problem is often made worse instead of better if the wrong approach is taken or technology deployed.

In a 75-page Enterprise Management Associate’s research study released Thursday titled,The Security of Information: A Strategic Approach to Current Topics and Trends, Senior Analyst Scott Crawford offers insight into the available solutions that are shaping the management and security of business-critical information and how the various technologies best fit together.

“Really the thrust of the report is, if you’re going to build an information security strategy, it really has to be comprehensive and has to take into account all the things that are necessary to build a strong data security posture, said Crawford.

“You can’t deploy tools that address one or another pain-points in this area in isolation because the problem itself it just too broad.”

With so many high-profile data breaches hitting the news lately, data security has become a watchword not just for IT, but for the executive suite as well.

Risks once seen as intangible and difficult to control have become top security management priorities as lost, stolen and abused information has led to highly tangible losses, including corporate embarrassment, lost customer confidence, damaged equity values, regulatory penalties, and the potential impact of even further regulation.

The resulting focus on information risks has brought increased attention to technologies that secure information itself. Yet, point solutions are not the whole answer, said Crawford, who is the former CISO for the Comprehensive Nuclear Test Ban Treaty Organization in Vienna for three years, a comprehensive approach to securing information that embraces the enterprise as a whole is required.

“I wanted to make the point that yes, you can get a handle on the problem,” said Crawford. “Security is not an issue of absolutes. It’s about risk mitigation and the things that you can do to mitigate your risk may not be top of mind in all cases.”

The report examines current factors that influence the broad topics under each of these three domains, with a look at trends and technologies that are shaping today’s approaches to information security couched in the context of a holistic strategy built on these pillars.

Crawford will be sharing highlights of the information security market study in a free one-hour webinar to be held on Tuesday, October 3, 2006, at 11 a.m. EDT.