The IT security market is evolving rapidly. An increased awareness of threats to data and concerns about system downtime has placed security high up on the agenda of the C-suite, resulting in unprecedented expansion of the market. Choosing a product that is right for your organisation is essential.
Prevention is of course very important. However, a system that protects but does not meet business needs is almost as dangerous as having no security at all. Employees often easily disable these systems or ignore IT requests, resulting in a breach of data. Beyond prevention, these are the top five things I believe organisations need to consider when evaluating security products:
1. Ease of use
Growing pressure on employee time, as a result of a growing focus on compliance and business efficiency has put pressure on employees to get more done in less time. If there is a quicker route to productivity, employees are more likely to use it, even if it risks exposing sensitive data.
With file sharing for example, we are seeing data breaches increasing as a result of employees using unsafe means to share files, such as consumer file sharing sites. Although consumer file sharing methods are often easy to use, they provide little to no security or visibility into an enterprise environment. End users will continue to circumvent IT, in the absence of a safe, efficient alternative to share files.
2. Evaluate the value of data
Other than people, data is a company’s most valuable asset. Spending £100 to secure £10 worth of data may mean that data won’t be stolen, but in real terms it’s a waste of money. Evaluating the cost of replacing data is often the easiest way to decide how much to spend on actually securing it. Getting the balance right is critical, too little security and companies could risk breaching data protection laws or having their data stolen, but too much and businesses will risk running themselves into the ground with the costs.
3. Where is your high value data stored?
The safest approach to protecting sensitive data remains to be a layered on-premise security solution. One type of data or one department will often require greater security than another. Sales teams for example will often hold less confidential information than say a finance department, so tailoring security to individual departments is often a good approach. Understanding where data is stored can consequently help to focus where to spend more or less money on IT security. This in the long run will reduce costs, and will mean that departments handling non sensitive data will not have to go through security procedures which could reduce their productivity.
Do you have real-time visibility into the data in your network? Growth in mobile working and disparate workforces has made visibility more important than ever. Enhanced visibility allows IT departments to easily and quickly monitor and control the data that is being exchanged in their environment. Losing control could result in employee-caused data breach or in compliance violations. When evaluating any new security technology, enhanced visibility needs to be a consideration.
5. Match security with compliance
Securing data is a key part of maintaining compliance with the law. One of the core pieces of legislation is the 1998 Data Protection Act, a breach of which can result in significant fines, as well as serious damage to the reputation of your business. Guaranteeing that the products you purchase help to achieve compliance with data protection law will not only protect you but make sure appropriate levels of security is employed.
The competitive nature of the security market can appear confusing, but the key to tackling it and purchasing the most suitable solutions for your company is all about understanding your business needs. Putting your regulatory and practical needs first will mean that you come away with the right product and the most appropriate level of security. Lastly, it’s not just about the technology. When evaluating products, make sure you’re also evaluating the companies that do all of these things well. Don’t just choose the technology; choose a partner that can help you accomplish your security goals.