Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    Well Do Security Later

    By
    Fahmida Y. Rashid
    -
    November 23, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      PrevNext

      1Well Do Security Later

      1

      This kind of thinking is very common during a merger or an acquisition or when the company is rushing out a new product. Since systems and networks are continuously evolving and getting more complicated, it is always difficult to retrofit security at a later date. Security should be considered from the start, not afterward.

      2Well Do Privacy Later

      2

      The same is true regarding the erroneous thinking about security: It might seem more important to get a new Internet service up and running and to start building up the online buzz before all the privacy policies and protections are in place. Organizations have to comply with a mishmash of regulations to ensure user privacy, so it’s best to have all the ducks in a row before the regulators come knocking.

      3Encryption Is Enough

      3

      After practically every data breach, the organization is criticized for not encrypting the data. While it’s important to protect sensitive data, it’s important to think about the architecture and make sure the network is still secure. Insiders have to still be monitored to ensure they aren’t abusing their privileges. People expect encryption to solve all problems, forgetting that implementation flaws, such as improperly storing the keys, can render encryption moot.

      4One Tool to Defend Them All

      4

      Pick the security technology, and there’s someone out there convinced that it is the cure-all and the only thing needed for security utopia. It doesn’t exist. While there are excellent antivirus, intrusion prevention, network monitoring and forensics tools available, none of them can do everything. Security tools are specialized, and there is no silver bullet. Focus on layered security, not a one-size-fits-all approach.

      5Security Must Be Perfect

      5

      Some executives have the attitude that if security can’t be guaranteed, then it’s not even worth talking about, putting the security professional in a position of having to downplay security risks or over-promising security. Organizations need to have metrics to measure risks and decide when it’s “good enough” and focus on other areas. Security is about balancing protection and cost.

      6Security Is Easy … DIY Security

      6

      It’s easy to look at the landscape and available technology and conclude that it can’t be that hard to take charge of security. However, it’s best to let people who have done it many times and know what they are doing take charge of security, instead of handing it over to someone who may not know how to deal with rough spots or unexpected situations. “How hard is that?” Plenty hard. Leave security to the professional.

      7Find and Patch Is Sufficient

      7

      While regular testing is necessary to look for and patch flaws, it’s not a replacement for having security by design. All penetration testing is doing is plugging holes to harden a broken product, which forces the organization to always be reactive. True security is making sure the common issues are not in the application in the first place and addressing subtle, more complex problems that are discovered down the road.

      8We Arent a Target

      8

      Wrong! Practically every organization, big and small, in all industries is a target. The threat actor can be the frustrated insider, disgruntled ex-employee, a person out to make a political point, a cyber-criminal looking for the fastest way to make money or corporate spy. The Sonys of the world aren’t the only ones under attack. Small credit unions and mom-and-pop operations are targeted, too.

      9No One Knows About It

      9

      Security by obscurity sounds good in theory. If the attacker can’t just Google the software you are running to find known vulnerabilities, then surely, it’s safe from attack. The most common attack vector is cross-site scripting and SQL injection, attacks that are easily preventable, but often overlooked by developers. If an attacker really wants to get in, they will do the research necessary.

      10We Just Need to Train the Users

      10

      It’s another idea that sounds good in theory, but it’s no excuse to skimp on the technology. Users need to be taught to not click on dodgy attachments, but they also shouldn’t be seeing those files in their in-box in the first place. It’s difficult for the savviest Internet user to identify some of the latest scams. While technology can be patched, the human brain can’t.

      PrevNext

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.