IT security is becoming a business priority for South African companies and thanks to increased awareness and education in the IT space, some companies are in fact becoming more discerning about the solutions they choose to secure their infrastructures.
This is the observation of Dries Morris, director of Securicom, a leading local IT security management consulting company.
“IT security has always received a lower priority than other aspects of IT and has historically been considered a grudge purchase," he says. "But, over the last year or two, we have seen more and more companies turning their attention to IT security and a growing trend towards investment in that area of the business.
“Some companies are also becoming far more selective about the security solutions they choose to implement. This, we believe is largely attributed to the efforts by IT security companies and software vendors to raise awareness of the various security threats and provide viable, workable and affordable solutions to combat them."
Morris points out, however, that while companies may be showing increased willingness to invest in IT security solutions, they have yet to shake the mentality that IT security is something that can be bought in a box and forgotten about.
“IT security is not something that can be purchased, installed and then be expected to totally secure an environment indefinitely. The threats to IT security increase in number and complexity everyday and cyber-criminals are constantly evolving their methods of attack so companies need to work to stay ahead of these advancements.
“Information systems and technology are also continuously evolving and these changes result in new vulnerabilities that could lead to a compromise of a company’s critical systems if the security infrastructure does not evolve as well. The wireless internet for instance has nudged an increasing number of people to work remotely, outside the traditional office, and this means that companies have to implement remote access control mechanisms such as SSL VPN.
“So it really is not as cut and dry as buying best-of-breed anti-virus software and installing it. There is significant legwork required to make it effective. That’s where companies are falling short. Remember, anti-virus software, firewalls and the like are just tools and, none of them are flawless and are only as reliable as the last update,” says Morris.
“Also, remember that not all companies need the same protection as their risk profiles differ substantially depending on the nature of their business. There is no such thing as a ‘one-size-fits-all’ security solution and while having just the basics in place might be enough for one company, it may be perilously too little for another.
“Companies need to be weary of this and make sure that the money they spend on IT security is invested in the most appropriate solutions to meet their specific security requirements.
“An independent IT security consultant can provide value-adding insight to assist companies that don’t have the necessary expertise in-house in selecting the most appropriate solution or combination of solutions.”
Morris concludes: “Every business that takes its IT security seriously must understand that monitoring the security environment and the various security solutions deployed within the organisation is essential and must be done around the clock.
“Effective IT security requires a holistic approach and if the necessary resources are not available in house, a managed security service should be enlisted to provide consultancy on best security practices, new threats, solutions and products. All of which must be monitored and properly maintained 24 hours a day, seven days a week.”