Too Much or Too Little
Security is a very broad subject, but to keep it a reasonable topic of discussion, the basics need to be understood, and we need to differentiate between what’s too much and what’s too little. There are various forms of security that we all probably deal with on a regular basis, whether it’s from an administration side or as the end user. Wireless, network, password, and file-level security all encompass a certain set of guidelines, the knowledge of which will help you apply security in a more efficient way. But even when you become versed in all that is needed to effectively implement security in your data protection, how do you know what and how much is necessary?
It would seem ideal if every company, entity, or individual could throw as much security as possible into any scenario and call it good. However, this is unreasonable and non-ideal, and there are at least two major reasons why. The first is the fact that security can become very expensive very fast. If you’re talking about security for large networks and wireless deployments, then the cost can rack up quickly, into the hundreds of thousands in some cases. For this reason, you will want to limit the expense while balancing against necessity.
A good example of this comes from a company that VLCM has worked with recently. This particular business had stacked a considerable amount of security into their network and was paying the typical price for it. However, in their case, they had only about 50 users. Even with these smaller numbers, they were paying for a higher level and amount of security than we see with most businesses accommodating 1,000 or more users. The cost wasn’t warranted for the size of their environment.
The critical piece in the puzzle is to know that it’s necessary, but to realize, at the same time, what is the right amount for the size of your environment and the nature of your data. With the case of this particular company, there wasn’t really any mission critical data that needed extensive protection, and they didn’t have any intellectual property that was worth millions.
Striking the Balance
This same example brings us to the second matter that needs to be considered when discussing the degree of security needed. Too much security not only costs more than is necessary, but it can also affect performance drastically. The IT manager for this business was so focused on security that he made it difficult to do business. Their security took a drastic hit in performance overhead and efficiency.
While this story sounds like a pretty cut and dry example of what’s too much when it comes to security, finding the right balance between how much is too much and how much isn’t enough is also the biggest challenge in the area of data security. That’s where an experienced consultant, like those we have here at VLCM, come in so handy. The ability to weigh out the pros and cons and identify the right amount for the right needs is what determines efficient security implementation.
For example, when you consider a doctor’s office or other organization in the healthcare industry, the level of security that is needed to maintain the confidentiality of sensitive and valuable information is pretty high. Whereas, with a company that specializes in heating and air conditioning, the level of security that is needed is relatively minimal. How you approach security with these two different scenarios is going to be different. Again the key is to find that critical balance between sufficient and overkill.
When a company is looking at improving their security, they need to ask themselves:
• What potential disasters am I trying to prevent
• What are my risks
• What is my budget for security
• How important is security to my business
The ability to answer these questions with an adequate amount of detail is key to proper security assessment and placement. At VLCM, we strive to do that very thing, in order to offer our clients the protection they need without the costs they don’t.
About Josh Linton
Josh Linton is the Vice President of Technology at VLCM, which is celebrating its 30-year anniversary in 2013. In this role, Josh manages the company’s technical team that provides tech support and services to its clients. He is also responsible for evaluating and recommending new products and services to customers.
Josh graduated from Brigham Young University (BYU) with a Bachelor of Science degree in Business Management with an emphasis on Information Systems.
