A recent Forrester Research report said that nearly 80 per cent of large European companies cite upgrading security as their main IT priority this year. This implies that once-beleaguered security teams now have significant budget to spend in a bid to mitigate against escalating internet-borne threats.
However, the massive investment in perimeter defence is creating a falsesense of security for the majority of UK businesses. While the perimetermay now be effectively patrolled, what about the internal threat?
Security teams usually carry the can for such failures, but they areworking blindly. They have no control over operational activity and,typically, no visibility of any changes made. The first time the holesin the security policy are revealed is when a major business problemoccurs.
Failure to police IT operational change fundamentally compromises theextensive investment in security technology and creates a significantbusiness risk. It's time for organisations to take a more proactiveapproach towards monitoring the changes in their systeminfrastructure.
They need to stop focusing so much attention on the perimeter becauseit's already secure. Instead, they should patrol those internalprocesses and system changes that are currently leaving the businessvulnerable to a security risk.
Paul Gostick, EMEA marketing manager, Tripwire.
- Got something to say? Send your comments to [email protected] reserve the right to edit letters for publication.
