Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fundamentals: Don't Look for a Security 'Holy Grail': Page 2 of 3

Latest Issue of Secure Enterprise Magazine




Read more >>

When I talk with readers at infosec conferences and meetings, I hear many of the same stories David Joachim found in interviewing consultants for his "10 Worst Security Practices" report in our issue. Companies neglect to set and enforce corporate security policies, or they don't re-evaluate their security approaches frequently enough and make essential tweaks, or they invest in expensive security technologies but leave half their features sitting on the shelf.

Vendors, meanwhile, often claim their products will solve 80 percent of your problems--the other 20 percent require other products. Truth is, though, I bet you could solve 80 percent of your security problems just by changing processes or leveraging existing features.

Let me guess: You run Microsoft Active Directory, but you don't use the directory structure to organize users into logical groups so AD and external applications can apply access control based on group membership. You lump users into the local admin group on desktops. You set your perimeter firewall to limit access from the external network to internal resources, but not from the inside out.

It's time for us all to accept that there will probably never be some dramatic transformation, at least not when it comes to info security. No single technology and no single vendor will ever solve all our problems--we must start making the most of what we have. That's the only paradigm shift we can truly count on.