- “More” is not a strategy. Gartner estimates global spending on IT security will reach $100 billion in 2018. Clearly, the prevailing attitude is we need to be doing (and spending) more. But before you spend a dime on security you need to develop both clarity and buy-in around your top priorities and goals. If you start shopping for solutions before you understand your specific needs you'll run the risk of buying a hammer when your problem isn’t really a nail.
- Security isn’t just one person’s responsibility. To be truly effective, you need to develop a culture of security that transforms it into a company-wide effort. That said, you do need someone with expertise actively owning and managing security, even if you plan on outsourcing. Spending money on solutions is a waste if no one knows how to leverage them properly (or, in the case of outsourcing, hold them accountable).
- Outsourcing can make sense. But only if you have a clearly-defined goal to achieve or problem to solve, and only if you can find the right provider who can deliver on those specific needs. Download the eBook for a list of 10 things to consider to evaluate managed security service providers.
- The biggest threat you face isn't from an attacker, it's complacency. Improving security can require significant organizational change, and change requires buy-in. The most important thing you can do is convince leadership that security is important and worth investing in.
- Leadership only cares about security as it relates to the business. The key to a productive “buy-in” conversation is not to focus on how the business can improve security, but how security can improve the business. You'll find more tips and stats to help you make the business case for security in the eBook.
- Size does matter (but not in the way you think). Despite the prevalence of large company data breaches in the headlines, small actually doesn’t mean safe. In 2014, 60% of attacks were targeted toward small- to medium-sized businesses. But while they typically have fewer resources to utilize against threats, small businesses also have several natural advantages they can leverage. Find out what they are here.
- Spending isn’t what makes you secure. Don’t waste your money and political capital trying to keep up with the Joneses. Focus on addressing your own priorities and needs.
- There’s power in simplicity. “Big security” isn’t always better security. Expanding your coverage has obvious benefits in terms of reducing risk, but it can also introduce complexity, cost, and noise. The key is to determine your goals and risk tolerance and invest accordingly with an eye toward keeping things simple and streamlined as long as you can.
- Good security comes in layers. When evaluating solutions, it's important to understand not only the potential benefits and limiting factors of individual solutions, but how they can boost overall effectiveness when paired with other technology. See how the top security technologies integrate with one another by downloading the eBook.
- Improving security isn’t a one-and-done activity. It requires an ongoing, active, and iterative approach.
Source: Barkly