It’s been said that “efficiency is about doing things right and effectiveness is about doing the right things” (Drucker). The management team of any business is always riding this fine line in an attempt to spend wisely to maximize revenue and control cost. With respect to IT security, CISOs, CSOs and the like must also "walk that tightrope" and be positioned to re-evaluate and adjust to meet today’s and tomorrow’s threats without impacting employee productivity.
This IT security paradox can lead us to lock everything down like Fort Knox, potentially cutting productivity. On the other hand, an IT department can decide on lighter security to increase productivity, but the data and apps are now unsecure. Think of the front door to your home. If you added a dozen different locks and an alarm system your entrance would be more secure, but it may be very frustrating and time consuming to come and go – even to run down to the local store for a brew or a loaf of bread. On the other hand, this doesn’t mean we should live with our doors left open and sacrifice security for efficiency, does it? We must find the right mix of security to keep us safe and still be productive. Or, in business, we need to find the right formula to spend wisely enabling the business to maximize revenue while minimizing the negative impact to productivity.
Security professionals are taking a very pragmatic and mature approach to solving these problems. In general, they are defining attack vectors and assigning risk values to them. Basically asking “if x happens, what is the worst case scenario and how much will it cost?” The monetary loss could come from fines, loss of sales as a result of a corrupt reputation as well as actual spending to remedy the issues.
After deciphering the highest risk vs. reward scenario, security analysts shop for solutions with a careful eye to their other prioritized problems. Ideally, they will favor vendors who offer solutions that address their top challenges today along with the flexibility to address their second tier challenges tomorrow. In addition, they need tools that can essentially slipstream into the current infrastructure. No one wants to rip out solution A just to insert solution B. That is to say, they seek a single vendor that offers flexible solutions.
We’ve listened! Like a rubber band around your dollars, One Identity solutions are flexible and stretch to secure your growing (or shrinking) bundle. For example, our privileged account management products offer the ability to turn security way up; namely, build workflow behind each and every request for administrative credentials stored in the password safe. While highly secure, this means there is latency between each request for the credential and the admin’s ability to do the work. On the other hand, we can dial down security so that the password is available in near real time reducing security but maximizing productivity.
If you’d like to learn more about our Identity and Access Management solutions, check out this video. It’ll give you a good overview of our solutions to help you ride that fine line between enhance security and keeping the business moving forward!