Security challenges
- Article 1 of 3
- Enterprise Security, June 2004
As IT has become more and more important to the modern business, so security has become a business issue.
Page 1 | Page 2 | Page 3 | All 3 Pages
But is it easier to deploy this kind of layered approach or to decide on a management approach that makes it unnecessary? It is far easier to identify what is good and stop everything else, than to try to identify what is bad. So the 'white list' approach can be a much simpler and more effective solution for many organisations. It focuses on what executable software is required to run the business efficiently, authorises what to run and denies everything else.
Some users will almost certainly complain, but the key benefits of the white list approach are that it helps IT keep track of what is running in the organisation and to therefore patch accordingly, and it is cheaper than the reactive approach of intrusion detection. It also does not need regular updates. Significantly, there are security products available that can help organisations to administer a blanket 'default deny' policy.
A final, but important consideration is security policy: organisations need to spend sufficient time designing their policies - not forgetting to implement and manage them correctly, making changes and rewriting the policy as necessary.
Having a policy in place often proves cheaper and more effective than buying products without understanding where the risks to the business actually are. It should also help to ensure that companies are maximising the return on investment from products they have already bought.
Page 1 | Page 2 | Page 3 | All 3 Pages