SECURITY WITH CONTEXT LOWERS IT EXPENDITURES
Another vendor dog-n-pony show lined up on your calendar . . . another waste of time. If you are the one responsible for your company's information security, you probably get bombarded with the latest security software or widget maker coming to you with how their product is the next big thing in security. With that, you no doubt wonder how many of these dog-n-ponies you must sit through before they figure out that point solutions aren't even half the battle. Have they ever explained how their product fits into the context of security at your organization? Because this is what information security is all about.

As a security professional, you understand the need for controls such as anti-virus, anti-spyware and anti-malware, as well as content filtering, IPS/IDS, full disk encryption, hardware and software firewalls, just to name a few. These solutions lower risk in their areas of focus, which can be proven in a number of cases. But, what good is anti-virus on 90 percent of workstations in the domain including the mobile domain if the ten percent of systems without AV are of the highest business value? What good is anti-virus on 50 percent of servers (and we all know the push that comes with AV on a database server) if the 50 percent that have AV are in a test environment?

2008 Reported Data Breaches
Keep yourself updated on the latest security breach disclosures

Would it be too difficult for a vendor to tell you they can help identify your critical systems, subnets and applications, and only after this “context” is defined will their product be effective? Of course it would, because without a security context being defined, then the default “blanket” approach to securing enterprise assets is necessary. And what does that mean? It means more “seats” or “licenses” for the vendors. Let's face it, the vendors are in business for one reason and one reason only . . . to provide you with the safest, best, most reliable and cheapest security product they can, right? Not so much. They're in this to make money. But you knew that already.

NCX Group knows the importance of point solutions, but we've seen too many clients hedging their security bet solely on these solutions. We've seen customers deploy state-of-the-art firewall technology at the perimeter yet leave their test environment on the flat internal network. We've seen customers put anti-virus software on workstations in secured areas of which they cannot auto update themselves due to traffic policies into the security domain. We've seen customers spend tons of money on protecting their endpoints yet completely disregard their server environment, all the while allowing untrusted contractor-owned laptops to gain access to their enterprise network. It's time to start looking at security from the standpoint of risk context.

The point is, controls in the right context are what results in true effective security. It is this level of risk analysis that all good security architects must possess; the vision of the big picture, the holistic viewpoint. This is where NCX can help. So unless you understand where your risk areas reside you cannot build a security context. And without a defined context you'll end up spending money unnecessarily, focusing employee time in areas wastefully, and be unable to measure the true effectiveness of your controls.

If you would like a free consultation to learn how NCX Group can help identify your company's areas of risk and provide the recommended steps to securing your information assets, please contact us at 888-448-5451 or request a representative to call you.

---

NCX Group, Inc.
5000 Birch Street, West Tower, Suite 3000
Newport Beach, CA 92660
888-448-5451