IT Security Overload?

Okay, you double locked the door, installed a category 25 alarm, treble backed up your power supply and surrounded your property with attack dogs and CCTV cameras. So why are you still afraid?

Don’t let them fool you, there are better things you need to worry about than security.

When you read yet another report about big money being spent on IT security, you can’t help but wonder exactly what they are buying. Research firm Forrester reckons that upgrading IT security is the top priority for 56 per cent of European IT decision makers, with as many as 80 per cent planning to beef up their security software. Hang on, “top priority, beefing up security? Am I missing something here? If security is the biggest priority for 2007, surely those responsible just installed the latest anti-virus software, made sure the auto-update option was turned on, and went on holiday from the 1st of February, not to return until next year.

Of course it’s more complicated than my description, but surely not by much. Every IT department has an existing IT security policy, which may not be perfect, but must be doing at least an adequate job, otherwise IT would have ground to a halt by now. This means that processes and technologies are already in place to combat attacks. Therefore, all that is needed is tweaking, not major projects.

The reason that security has got blown out of all proportion is of course due to hype, with tabloid media morale panic breeding paranoia and leading IT staff to believe that they are under attack from all angles, whereas the truth is that they are rarely in any serious danger.


Poor Focus

Ironically, all this focus on technology could in fact be causing IT departments to look the wrong way; with the real problems in a different direction. Take the recent Service Desk and IT Support Show. This show is located in London’s Olympia, and runs alongside Infosecurity. One show focuses on the complex issue of integrating people, processes and technology to help deliver a quality service to customer, the other sees lots of vendors selling anti-virus and firewall software. The attendees of one event will need a long and concerted effort in order to forge improvements to prove their value, those going to the other just need to buy the right software. You would think therefore that the service desk show would be bigger and busier, and the security show a slight affair. Yet in keeping with our pre-occupation with all things secure, the security show is the busier of the two.

The clue as to why this apparent mix-up occurs comes from when I mentioned the service desk professionals needing to be along for the long haul, while those buying security software can see instant results for their purchases. The problem is that the harder issues that IT faces are the most urgent, and the more time we spend on things to distract us, the harder it will be to fix the real ills within the business.

This leads us to consider the nature of business today and the way in which the current corporate structure is forcing staff to take the easy options. If you want to justify your position within modern organisations, you have to show what you are doing to make things better, and the return on investment for a service improvement programme is going to take some time.

Should we give up then? Not at all, we need to think about how we can break down our projects into achievable goals which offer measurable results, and use these as markers while also allocating time and effort to working on the long term aims.

James West