Most wanted
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Meta Group's Tom Scholtz identifies the top security issues that organisations face today.
The traditional approach to IT security is not enough anymore, claims Tom Scholtz, the vice president of security and risk strategies at IT market analysis company Meta Group.
Its shortcomings, identified by Meta as the 'Top 10 security issues' facing organisations, highlight the lack of understanding of IT in the typical business, and underscore the need
| ||
"Companies must have a 'vision' for their IT security, and this must apply to the needs of the organisation," Scholtz says. "Security is not a 'one size fits all' solution. The objective is to develop consistency of decision-making through business tools that are developed on a case-by-case basis."
Among the areas Meta has identified as problematic in most organisations that have difficulties with their IT security are:
Other issues within Meta's top 10 do not stem from management difficulties, but also from the technology itself. Security is no longer just about securing centralised facilities since there are many new devices that may be used to access corporate systems or contain corporate data, such as PDAs, laptops and mobile phones, which are both mobile and ubiquitous. And the unclear or multiple security standards that some of these devices use often make implementation of any security policy challenging.
Fortunately, there are a number of steps organisations can take, Scholtz says, to fix at least some of the security problems. "Processes, by their nature, are more auditable, so companies should look to implement them where possible. And application security can be improved by including security considerations while the application is being designed."
But security comes at a cost. How much should an organisation spend and how should this figure compare to the amount spent by its peers?
Scholtz argues that organisations should be spending at levels that are appropriate to their needs, rather than simply spending as much as their competitors. "It is important to know what is happening in the rest of the industry - so you are not spending out of line with your competitors - but it is even more important to ensure the effectiveness of security spend and return over time," he says.
An integral part to IT spend is justifying the return on investment - a difficult task for many IT managers. "Some people say you have ROI if you can sleep well at night," says Scholtz. "But the finance department and executives are only interested in how much money IT can save."
While Scholtz admits "it is almost impossible to quantify what the ROI is", he advises IT security staff to always compare the end result to the expectation. "It is all about communication: tell the business on regular occasions what IT security has achieved."
That is advice that would work well for all IT department business, no matter how much it spends on security.
