Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven (still rare even in this age), human beings will be an integral and fundamental factor in your IT security planning and management. And unless your context is completely on-premises without any connections to the cloud (increasingly rare), the days of the bolt-on, “bigger fence” are numbered.
Before the cloud, organisations focused on building an IT security fence around their computing resources. Also known as the Cadbury Creme Egg model (with its hard exterior and soft interior), such a fence uses components like traditional firewalls to grow with the organisation. However, at a certain point, the bigger fence model reveals several shortcomings:
- It becomes difficult to make the fence bigger without leaving holes.
- With the advent of cloud computing, it is no longer possible to build this kind of fence to surround all of an organisation’s computing and data assets, now spread out in different parts of cyberspace.
- Such a fence imposes limitations on performance, holding organisations back from achieving business goals that depend on speed of connections and data flows.
The answer lies in designing or architecting in IT security from the beginning (no more bolt-ons), in embedding it at micro rather than macro level (forget bigger fences), and in involving end-users directly in the drive for better security (bye-bye, ivory towers). Of course, from these basic principles to an operational, effective IT environment that combines both security and performance, there are then additional steps to be taken. Towers, fences and bolted-on security may also still exist and work in some cases, but these cases will become rarer and rarer as time goes by.