If You Don't Know Where You Are, How Do You Know Where You Are Going?

Posted on by Tony Bradley

Business intelligence and big data analytics are valuable tools for organizations. Collecting and analyzing the right metrics related to current and past performance helps businesses develop effective plans for the future. This is especially true when it comes to securing your network and protecting your data.security metrics

Think of it like making a trip to the grocery store. You can just walk in and shop. You can make guesses about what items you might be out of or just grab whatever looks good in the moment. When you get home, though, you might find that you’ve wasted a lot of time and money on duplicate, unnecessary, or frivolous, items. It’s much more effective to have an accurate inventory of what you already have and a plan for what you intend to prepare over the next few days so you can shop efficiently and cost-effectively.

The same logic applies to your security posture. If you have no idea how well your current security tools and policies are working, or in what areas your existing security posture might be deficient you can’t possibly make an effective plan for how to adapt or improve your security for the future.

Imagine making security decisions in a vacuum. Consider how silly it would be to spend thousands or tens of thousands of dollars on a new antimalware tool when the antimalware protection you already have is already doing an excellent job of protecting your network and endpoints from malicious exploits. No matter how great the marketing campaign or how much of a “bargain” the new antimalware might seem, it would be a ridiculous waste to invest in a new solution if the one you already have works.

The flipside of that scenario is also a problem. Perhaps your antimalware solution is adequate, but there’s room for improvement so you blow your entire security budget to buy the hot new antimalware product without realizing that you don’t have any security at all in place for data on employees’ mobile devices. Even though the new antimalware may be incrementally better than what you had, your overall security posture would benefit much more from filling the void and protecting mobile devices.

Before you “go shopping” for security solutions take some time to understand where you’re at right now and how well your current tools and policies are protecting you…or not. You should consider how your security posture measures against common security baselines and best practices, but more importantly you should take a look at where you’re most at risk and what the biggest threats are to your endpoints and data. You don’t want to waste money or effort implementing a new spam filter if the biggest threat is that your employees have sensitive company data on their mobile devices that isn’t encrypted.

Keep in mind that risk and threats are subjective. There are certainly some exploits and malware attacks that are not discriminating and are a threat to virtually everyone, but you have to take your analysis a step or two beyond just staying aware of emerging threats. You should also consider what mitigating security controls you have in place that might reduce the risk for your organization as well as the overall value or importance of the assets that are exposed to risk.

Take a current assessment of your security posture and its effectiveness so you have a solid understanding of where you are now. Then you can make intelligent decisions about where you should be in the future and what tools and policies it will take to get there.

Tony Bradley

Editor-in-Chief, TechSpective.net

Business Perspectives

big data analytics threat intelligence metrics security awareness

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs