620 Alden Rd
Suite 104 Markham, ON  L3R 9R7
Phone: 905-513-8866
Fax: 905-470-6019

Toll Free: 1-800-263-1794

 
 
12/09/2009

The Trouble with Security

Network security is a critical issue in Canada. I firmly believe this to be true. So why are there so few successful security consulting practices in this country?

The problem is that there are really two distinct attitudes about security among IT organizations. The first group believes that network security is of fundamental importance. They deploy firewalls and Intrusion Prevention systems, they actively scan their logs, they have processes and procedures, and they audit themselves regularly. These organizations have no need for external security consultants.

The second group, which is much larger, doesn't take security seriously. They might have firewalls, but they don't actively scan their logs. They don't have auditable security policies. And until there is a disaster, they really can't be convinced to care. These organizations believe they have no need for external security consultants.

Sadly, there is almost no middle ground. Security is generally seen as an expensive after thought in network design. The manpower required to implement and adequately manage such a system is seen as a pure expense with little tangible benefit.

When I get a chance to inject a word on the subject, I point out that security is like an insurance policy. Nobody looks for Return on Investment for insurance, because you sincerely hope that the insured event never happens. Anybody who has ever had to get an insurance settlement will tell you that it doesn't begin to cover the real costs. The best case scenario is that it is a pure expense. The same applies to network security. It's a good idea, but don't consider it an investment.