How Secure is your Network?

I have been trying to think of a good analogy for IT Security. Insurance? Not really because insurance doesn’t prevent an incident occurring.

How about IT Security being akin to a cricket box (or a cup for baseball)? A cricketer wears one because although he is unlikely to get hit in that area, if he does, the impact is severe.

As we move to a self-service world with web sites interfacing (directly or through middleware) into financial, logistics, reservation and other systems, the opportunity for a security breach increases. The threat from outside the firewall is matched by the threat from within, with security experts suggesting that the risk of an employee abusing the system is much higher than an external “hack”.

This isn’t new – most organisations are wearing a box. Most have invested in good technology supported by strong policies. Can you feel a “but” coming?

The “but” is how do you know it is working at the optimum level? Has the set-up been changed to address the new threats, which are always developing? Who is “checking the checker”?

Let me give you a simple example. What happens if a Firewall device fails in your network? Does it fail open or closed?

So, to make sure that the investment is working, and if the ball does hit that area, the box does it job (stretching the analogy too far), your IT Security requires regular, thorough and independent testing.