Threats Know No Downturn

Photo: Hot Shots Imaging

Jim Shanks, Executive Vice President and former CIO of CDW

While many managers tighten their budget belts, there are still technologies that companies can’t scrimp on. According to a recent BizTech survey, security ranked third behind disaster recovery and remote access as the most strategic technologies for our readers during 2008.

Fortunately for IT managers, security technology has evolved in recent years so that small and medium-sized businesses can actually improve overall security while spending less.

Security programs that work for companies combine risk-management principles and IT expertise to lay out a security architecture that doesn’t just cover general IT threats, but concentrates on those areas in which your business is most exposed. There are many ways to go about this. Most are unique to each business, so I’ll give several examples of what I mean.

Three principles should guide your efforts: One, leverage what you’ve got. Two, understand your business processes thoroughly. Three, prioritize your risks to control how, why and when you spend your limited resources.

An important place to start is by leveraging security features in your existing investments. Review your security processes with an eye toward automating as many as possible — “pushing them down the stack.” Because security has become such a market driver, all kinds of platforms include increasingly sophisticated security features.

That means network managers and IT generalists can now take on many assurance tasks that trained security experts once had to handle.

“The tools have definitely made management easier,” says Mike Oliver, director of IT at Claflin Medical Equipment in Warwick, R.I. “What this lets me do is have someone who does not necessarily have a security certification run firewall logs for suspicious activities, a task that used to be much more time-consuming.”

Analyze the Business

Security managers will make the best decisions by analyzing their business processes. Start by detailing the answers to some seemingly simple questions: How is work accomplished? And, how do those processes expose the company to threats? The metrics are extensive, with yardsticks including regulatory compliance, partner audits and customer protection.

But, in addition to looking at where your business is today, look at where you expect to go tomorrow. If I had to pick two trends that will most affect businesses in the coming year, I’d choose data protection and remote/mobile access.

Data protection demands its own security strategy, largely because the threat landscape has become so varied. Threats to sensitive company data are coming in the form of spyware, but that spyware is getting much more intelligent in how it collects or accesses information. Rather than throwing up new walls of perimeter protection, many security experts now concentrate first on identifying their business’ most sensitive data and protecting those stores specifically.

Remote and mobile access is a hot trend for two reasons: Green initiatives place a great deal of emphasis on telecommuting. And, remote access simply makes businesses more efficient.

“Remote access is a key element in our business, and five years ago it was almost nonexistent,” says Craig Neuhardt, vice president of operations at Power Curbers, a manufacturer based in Salisbury, N.C. Neuhardt adds that with lower-cost, more capable remote access devices, information can be shared economically.

The leapfrogging advances in security technology have been fantastic over the past 18 months, which makes choosing the right approach for your company challenging. However, with some analytical introspection, you’ll be surprised at how sophisticated a network you can build on a relatively tight budget.