Wednesday, September 08, 2010      


QUESTION

We're looking at investing in a security solution which apparently covers all threats. Our concern is that we will spend the bulk of our budget on one and then new threats will come out and make it obsolete (like ipods when they came out). What can we do to future-proof?


Asked by:   Roger Quantock, Gartree Press


  Matt Fisher, Vice President, Centennial Software

For a small organization where limited manpower and cash dominate, there are a growing number of solutions (often appliance-based) which do appear to offer a reasonable level of protection versus outlay and ongoing management. However, you?re right that these solutions risk taking longer to address new threats than a solution which is purpose-built for one purpose. For larger organizations or companies where data leakage is a high priority, I think it is worth investing in an effective ?layered? approach to security, where the individual risks are analyzed and addressed with best-fit solutions, rather than an all-in-one approach.

Your example of iPods is a good one, especially when it comes to managing portable media devices. It is important that your chosen solution doesn?t only combat the threats prevalent in the market today, but also has the flexibility to cover new threats as they emerge. As such, I would be wary of any solution that forces you to work in a pre-defined way or which restricts security management to pre-determined device types or threats. A better route is to look for a solution that is able to fit to your desired way of working and that isn?t so straight-jacketed that it can?t react to new threats as they emerge.

At the end of the day, you need to ask yourself ?what cost security??. Each individual organization needs to decide what it can ? and what it needs to ? invest in security systems to achieve an acceptable level of risk.



  Keith Baker, Managing Director, Equiinet

AWAITING ANSWER



  David Ellis, Director of e-security and Professional Services Computerlinks

AWAITING ANSWER



  Graeme Pinkney, Manager of Threat Intelligence and Analysis EMEA, Symantec

AWAITING ANSWER