September 26, 2023

Binary Blogger

Are you a 1 or a 0? News, Thoughts and Reviews

Ten Pitfalls Of A Security Initiative

3 min read
8 years ago Binary Blogger

Information Security is the dark horse, the elephant in the corner, the distant cousin that no one really talks about at reunions. Everyone knows it exists but no one really wants to talk about it and fewer really know about it. In the coming months and years technology security in general will be brought to the front of the line and be an expected aspect of all this technology we are surrounding ourselves with. It’s not a question on if it will but when and how fast it will be mandated at every level from your customers, CEOs and government regulators.

Security is a tricky beast. For decades security as been assumed to be a function of IT and for a while it worked out that it was. Then the Internet came and the IT world became everyone’s world and control was no longer in the hands of the weird guys in the basement working on the mainframes. Global connectivity changed the way we conduct business but the security practices didn’t adapt to the Enterprise need quickly enough.

Now as security becomes front and center organizations are scrambling to roll-out all kinds of security initiatives with varying success. There are many ways to succeed but there are also many ways to stall and fail at a security initiative. Here is a compiled list of ten pitfalls to look out for in a security initiative. One thing to remember that even though security is rooted in technology it is a practice of the business.

In no particular order:

  • Focusing on technology before the business processes – Security is a practice of processes supported by technology. Regardless if the solution is 100% technology driven, unless you have the business processes around it well defined the technology will only go so far. There is no magic security switch and never will be, no piece of software or hardware will solve your problems for you they only help you to close that gap. You need to define the rest.
  • Automating bad process – Automation can reduce workload but only if the process being automated is defined and works to begin with.
  • Having an unsupportable infrastructure – Out of support OS, behind on patched, old hardware, etc… it’s a constant balance of maintenance and advancement. Security is dependent on supporting components, let one fall behind can make any new security initiative moot.
  • Lack of a roadmap –  Plan, plan, plan. Look ahead. Phases, milestone, where are you going and how will you get there. Installing the software does nothing if you don’t know where you are taking it.
  • Lack of executive sponsorship – Enterprise security is call that because it impact the entire enterprise. Unless you have executive support from the top down you will find departments will resist and reject and changes your security initiative will introduce. Unless your security department has the wide respect and influence (I bet you don’t) you won’t get support unless the message comes from above.
  • Treating security like a project and not a program – If you think security is like a dev project or IT installation then you will not get very far. Projects have end dates, security is a practice that is constantly moving, adapting and growing. Like a program.
  • Too much, too soon – Don’t ‘boil the ocean’. Change is good but too much change too fast will be sloppy, error prone and have more push back than easing things in.
  • Not managing expectations for dollars – Don’t succumb to ‘brochure buzzwords‘. Be realistic, fall back to your roadmap and milestones to properly set expectations on the deliverable. You do want budget for your next initiative, right?
  • Wrong team – I see this more often than not, the wrong skill sets on the team. It’s OK to shuffle people around or push for extensive training on your employees. Keeping the wrong people driving or on the team longer than necessary only hurts everyone.
  • Poor architecture – You can design yourself into a breach. Security is end to end, focus on the enterprise picture and let the pieces fall into place properly.

Of course this is just some of the pitfalls that you can run into. I left out all the internal politics, training, awareness, budget, threats, risks beyond the technology… all that comes after you get something in place. Another time to talk about that.

End of line.

Please follow and like us:
fb-share-icon
Tweet
Pin Share
Tags:

More Stories

3 min read

Patch Your Software Often, They Are More Important Than You Think

4 months ago Binary Blogger
2 min read

Benefits Of Using A Password Vault

4 months ago Binary Blogger
2 min read

What Is PII And How Do Hackers Use It?

5 months ago Binary Blogger

You may have missed

3 min read

The Electrical Grid Challenge: Powering the Growth of Electric Vehicles

1 week ago Binary Blogger
4 min read

The Expansive World of Video Games: A New Entertainment Focus

1 week ago Binary Blogger
3 min read

Fear or Embrace? The Dilemma of Artificial Intelligence

2 weeks ago Binary Blogger
4 min read

The Green Tech Revolution: Sustainable Practices in Tech-Savvy Companies

2 weeks ago Binary Blogger

Blog Categories

Archives

About Binary Blogger

Binary Blogger is the persona of a 20 year veteran career techie. Throughout the years I have done it all, programming, design, support but have focused on identity security as my primary area of expertise.

I am also a photographer hobbyist, writer, blogger, father, husband and an overall swell guy.

Thanks for reading.

Copyright © All rights reserved. | Newsphere by AF themes.

Enjoy this blog? Please spread the word :)

  • RSS
  • Follow by Email
  • Facebook
    Facebook
    fb-share-icon
  • Twitter
    Visit Us
    Follow Me
    Tweet
  • YOUTUBE
  • INSTAGRAM
RSS
Follow by Email
Facebook
Facebook
fb-share-icon
Twitter
Visit Us
Follow Me
Tweet
YOUTUBE
INSTAGRAM