Think about the technology landscape as it existed at the turn of the century.
Having just survived the run up to Y2K, most IT departments were well staffed and adequately funded (for the last time, it seems). All network assets were local, and all servers physical. If you had 500 employees, the odds were good you had no more than 600 devices under management. And all of them belonged to you.
Today some of your assets may still reside in your network, but many are cloud-based. Some of your servers carry a hardware footprint, but the majority of them have probably been virtualized. And most of those 500 employees conduct business on laptops, smart phones, and tablets, some of which they purchased, without any knowledge of – or interest in – your company’s security policy. You are probably responsible for 1,500 devices, with a smaller staff to manage them.
Then, all 500 of your coworkers trucked into the office every day, where bandwidth was adequate and dependable.
Today, some of your colleagues work from home, some set up shop in Starbucks, and your road warriors might log in anywhere from Lake Okeechobee to Kuala Lumpur.
Then, everyone worked 9 to 5.
Today, you are likely to find people on your network every hour of the day or night.
Then, while people may not have exactly welcomed network downtime, they expected some, and they (mostly) accepted it.
Today, uptime is viewed as an inalienable right, and woe to the IT manager who struggles to deliver it.
Then, your firewall was your best weapon to assure the security and integrity of your network.
Today, well, we get it. You’ve invested big bucks in equipment and solutions designed to safeguard your network. Next generation firewalls aren’t cheap. Best-in-class SIEM (Security Incident and Event Management) solutions are costly. Intrusion Detection and Prevention systems . . . Network Access Control solutions . . . Multi-Factor Authentication processes . . . Encryption solutions that stretch from user laptops across multiple network platforms . . . Add ’em all up and you could have hired Guns N’ Roses to play at the company’s holiday party instead.
We can sympathize with executives who plunk down tens or even hundreds of thousands of dollars on state-of-the-art security, and assume that’s enough to keep their information—and their people—safe.
But this blog exists to smash the myths surrounding cybersecurity, and we have to tell you the days of setting it and forgetting it are long past.
To take an example from the physical security industry, imagine spending serious money on a carefully deployed closed-circuit security camera system, but never monitoring the feeds. As illogical as that sounds, that’s exactly what many companies do after investing in the best network security gear in the industry.
Every one of those comprehensive and expensive security solutions needs to be proactively monitored and managed, with their settings reviewed, tweaked and adjusted on an ongoing basis. And the professionals charged with all that monitoring and managing need to stay in front of a threat landscape that changes daily.
It’s a lot to ask of any team, but not asking is a tragic waste of money.
Fortunately, there is a Plan B available.
You can outsource all that monitoring and managing to a team of security professionals that does nothing else.