Home > Peak Performance > Outside contributor to the blog shares his views from the field

Outside contributor to the blog shares his views from the field

A security professional working for a large end user organization contributes occasionally to SecurityDreamer under the pseudonym of "Padded Arrow."  Here are his latest thoughts from a Fortune 500 corporate security department:

You may have noticed that over the last couple years, Security is changing phases in the never-ending cycle.  With the current financial climate, cost is once again the biggest project risk.  If Security departments are to survive, they will need to move from an add-on risk function to an integral part of the organization.  They will need to move from saying "no" to saying "how can we do this securely."

First, let's agree on two things; bolt-on security and security by obscurity don't work.  They cost more and in the end, don't increase security.

Collaboration, collaboration, collaboration
As much as we all want to be special, unique and different, that is a negative when it comes to corporate solutions.  Look for opportunities to collaborate with other business units in your company to save money.  I know this is difficult for most of the "I'll tell you but then I have to kill you" security types but why would you implement a million dollar security platform for monitoring when there may already be a solution available.  Many IT management platforms include functionality that can be leveraged by Security; reporting, logging, monitoring, alerting.  Collaborate during product selection and you may get the functionality you need without any additional cost.

Show costs accurately and realistically
Most business managers have grown immune to the claims of loss that Security has been spouting for years.  "If we don't put this system in, we will be overrun with hackers and that will cost millions if not the company."  Put real numbers to a real problem and then propose a solution that costs less than the potential loss.  You wouldn't spend more than something is worth to protect it.

Learn how to say "yes”
…or better yet, "Here is how you design this solution securely."  Granted, 100% Security is 0% functionality however
100% functionality doesn't necessarily mean 0% Security.  The earlier
Security is involved in the development and requirements process, the easier it is to make sure the organization is protected.

– Padded Arrow

Categories: Peak Performance
  1. Robert H.
    May 15, 2009 at 6:51 am

    This is a very good point. I’m not sure why companies have such a problem implementing this other than control. When I started with my current employer, the first thing I was told was “we do not first say no, we first ask why not.” If there was a government law, mandate, regulation or something that prevented an action, then so be it, but it that was up to our interpretation, then why not? Or as you so elequently stated, “How do we do this securely?” GREAT POST!! I personally wish that others in industry positions that I have dealt with would buy into this mentality. Instead I get the lazy mans answer of “That’s not an industry best practice.” It will continue to be an uphill battle until people start thinking for themselves and the better practices for their organization instead of worrying what the rest of industry is doing and waiting to copy what everybody else is doing. Thanks for sharing.

  2. Padded Arrow
    May 15, 2009 at 1:27 pm

    I’m glad you enjoyed it. I have tried to effect change in my current organization with limited success. The challenges were most often people rather than technology…

  3. August 5, 2014 at 11:24 am

    I’m not that much of a internet reader to be honest but your blogs really nice,
    keep it up! I’ll go ahead and bookmark your website to come back in the future.
    All the best

  4. August 12, 2014 at 5:56 pm

    Howdy! This is my first comment here so I just wanted to
    give a quick shout out and tell you I really enjoy reading
    through your articles. Can you suggest any other blogs/websites/forums that deal with the same topics?

    Thank you!

  5. August 14, 2014 at 10:55 am

    Hmm is anyone else having problems with the images on this blog loading?
    I’m trying to figure out if its a problem on my end
    or if it’s the blog. Any suggestions would be greatly appreciated.

  6. September 12, 2014 at 1:46 am

    A fascinating discussion is worth comment.
    I do believe that you should write more on this subject matter, it may
    not be a taboo subject but generally folks don’t discuss these subjects.
    To the next! Cheers!!

  7. September 21, 2014 at 3:48 am

    Excellent blog here! Also your web site loads
    up very fast! What host are you using? Can I get your affiliate link to your host?
    I wish my web site loaded up as fast as yours lol

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: