I frequently get into discussions with my colleagues and customers about where an organisation's security investment should lie. It can be quite an interesting debate. Besides the analogies that can come up – ninja’s and SAS soldiers always feature highly – the discussion is one that is very important, particularly in our international, interconnected business market.

 

When it comes to security investment some believe the answer is at the network edge – keep the bad guys out with a 10,000 foot wall topped with broken glass and barbed wire, that way no one can get in who isn’t authorised – job done, investment well used. These people seem to forget that a defence system that is built like this can also restrict people going the other way and doesn’t account for a mole on the inside (another analogy for you thereJ) who may be infected or have a vulnerability. More importantly, this takes valuable security budget away from the other parts of the business that can be of equal concern.

What I continually tell people is that security investment is not a one stop shop. Effective defence takes many different layers and many different approaches to ensure you are as protected as you can be. The one surprise that frequently comes up for me is how many people will have good internal and edge security but little to no investment on network security. Security investment should cover all areas where a company’s data will be - including on the network – to ensure so the data is safe from end to end.