Business IT Guide - News & Blogs

Taking a holistic approach to security

September 22nd 2008

Posted by: Steve_Gold

Keywords: Data protection, IT security, Security & data

IT security systems and software have been with us since the earliest days of the PC and there are many different vendors all clamouring to sell you their latest and greatest IT security applications.

But which are the best, and how do you go about choosing the applications you really need?

Let's take a step back first. Before you can choose which solutions you need, you need to undertake a risk analysis for your organisation’s IT resource.

This isn't rocket science, but merely involves looking at your IT systems and resources with the eyes of an auditor, assessing the weak points in your business and IT practices, and suggesting solutions.

This is where the holistic or whole-of-systems approach comes into the frame. There is no such thing as a perfect IT security system for any one company.

The best solution is built from several building blocks, held together with a set of best practice guidelines and/or business security rules.

Once you have created your risk analysis document, preferably with the assistance of an IT security expert (a good IT reseller will provide you with this resource either free of charge or at a nominal cost), you can work out how best to implement solutions for your organisation.

At its most basic, your IT security portfolio should consist of an anti-virus/anti-malware application, bolstered with an anti-spam application or service for your email system.

Other facets of the portfolio should include a firewall and some form of behavioural analysis technology to act as a catch-all for unknown attack threats that are likely to appear in the future.

It is unlikely that a single suite of applications will meet all your needs. You will need security applications from at least two vendors and those applications will need to talk to each other, to ensure optimum deployment and efficient working.

If you are sourcing your IT security applications through a systems integrator or reseller, you should consider installing the relevant software on a single, dedicated, server, sitting at the centre or edge of your network.

Using a dedicated server approach ensures that all of the processing power is directed at securing your IT resource. It also makes life easier when it comes to updating the system, which can be carried out remotely by your systems integrator or reseller.

In taking a holistic approach, you should also lace your assessments with a cold, hard dose of common sense. You may find your Internet service provider offers a rentware (software-as-a-service) option for some of your security functions.

This is frequently the best option since you only pay for the services you use and then on a per-user basis. It is also a given that your ISP's security technology will be as up-to-date as possible, leaving you to concentrate on seeking and fulfilling your trade.

It's also worth carrying out annual audits of your IT security protection technology, in order to assess whether better value options are available, as well as keeping your system protected against new security threats.

Useful Web sites