Instead of
thinking about security, for a moment imagine taking your family to a public
swimming pool for a fun day out…
Public pools have
fences. They have lifeguards. They have water in the pool, that is
the right depth, the right temperature and has the right treatment to ensure
that it is safe. They have non-slip surfaces and signs that say “no
running”. They have lots of controls all designed to keep everyone safe,
and most of them not noticed by anyone.
But the fences
aren’t 10m high. There are not hundreds of lifeguards. The water
still splashes out of the pool. There aren’t patrols with assault rifles
enforcing the “no running” rule. These would be silly. These would
be a waste of money.
Security can be
too expensive if spent in the wrong place, whether in a business or a public
pool. Businesses that overspend on hardware and underspend on testing are
wasting money just like putting armed guards at a public pool. They
probably believe security is too expensive, but that isn’t really their
problem.
For some
businesses security is not considered a cost at all, is a core strategy. Qantas
is rightly proud of their safety record. They don’t believe that safety
is too expensive.
Information
security is really just data safety. Know what information is important
to your business and protect it well, but not too well.
Security is a
measure of the health of your company, and that makes this myth plausible.
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
