A recent Forrester Research report said that nearly 80 per cent of large European companies cite upgrading security as their main IT priority this year. This implies that once-beleaguered security teams now have significant budget to spend in a bid to mitigate against escalating internet-borne threats.

However, the massive investment in perimeter defence is creating a false sense of security for the majority of UK businesses. While the perimeter may now be effectively patrolled, what about the internal threat?

Security teams usually carry the can for such failures, but they are working blindly. They have no control over operational activity and, typically, no visibility of any changes made. The first time the holes in the security policy are revealed is when a major business problem occurs.

Failure to police IT operational change fundamentally compromises the extensive investment in security technology and creates a significant business risk. It's time for organisations to take a more proactive approach towards monitoring the changes in their system infrastructure.

They need to stop focusing so much attention on the perimeter because it's already secure. Instead, they should patrol those internal processes and system changes that are currently leaving the business vulnerable to a security risk.

Paul Gostick, EMEA marketing manager, Tripwire.

- Got something to say? Send your comments to scfeedback@haymarket.com. We reserve the right to edit letters for publication.