Back to basics - or true love, the market and security

What relationships and the three Rs - Reduce, Rationalise, Return - can tell you about your security operations.


The last few months have been a cold shower for most of us as we’ve suddenly woken up to the reality that life as we know it can be so uncertain. There are of course upsides like when your wife tells you that she doesn’t want to celebrate her birthday because of the economic crisis.

However don’t believe her. What she’s actually saying is she really wants a big party and if you fail to deliver then either you’re on the verge of bankruptcy or you don’t love her anymore. And the challenge that many of us face right now is to understand what is happening in the market, and this is about as difficult right now as trying to understand what your wife is telling you – not what she’s saying!!

More by Calum MacLeod

Lies, Damned Lies and Statistics

Strange bedfellows
Strange bedfellows

Information technology like every other part of an organisation is today faced with the challenge of delivering more for less. Ambitious new projects are now nice to have and not essentials.

Gone are the days when your success was measured by how much over budget you went on a project, or by getting noticed by focusing on projects that demanded lots of resource but ultimately ended up requiring an army of contract staff to keep it running.

Today we’re getting back to basics; in much the same way that the educational system tries to when someone discovers that a generation of kids have left primary school unable to read or write although they can wax lyrical about concepts that you only figured out when you were sixteen!

Today the Back to Basics campaign can be summed up in the three Rs – Reduce, Rationalise, Return - or at least this is what seems to be the common theme whenever I talk to any organisation.

Everyone in 2009 is reducing; reducing staff, investment, and trying to trim operational costs. At the same time risk control and business continuity has taken on more urgency.

Secondly with companies trying to reduce costs, rationalisation has become extremely important. Over the past five years many companies have added a myriad of systems to their IT infrastructure.

The financial sector is the classic scenario where the turmoil of the past twelve months has resulted in organisations having to absorb other organisations with the resulting diversification of systems and processes. Infrastructures need to be integrated, often with disparate technologies and vendors.

This in turn has led to huge problems for many auditors and security officers in trying to ensure that risk is contained and that business continuity is not impacted, and this is particularly an issue when you are dealing with firewalls from multiple vendors.

Security change management and security lifecycle management become a major area of concern and the only way to manage this effectively is to invest in security management tools that provide a unified interface for multiple vendors.

Finally ROI is very important. Investments that are made today must be able to demonstrate a measurable return on investment. Simply adding technology for the sake of technology, or starting expansive projects with no measurable return other than succeeding in process automation are simply out of the question.

Investments that are made need to focus on improved performance, extending the lifespan of existing technology, and providing a measurable improvement in the area of risk management and business continuity. Security change implementation cycles that normally took days now need to be measured in hours.

One of the key areas that many organisations are now addressing is in the area of firewall and router management. For example in a medium sized organisation with 50 to 100 firewalls it can be estimated that the cost to the organisation as a result of not having an Firewall Policy Management in place can be up to half a million dollars annually.

"Recommended For You"

Why 2012 is the year of Public Key Infrastructure Is there a doctor in the house?