Is Security Easy?

As I have discussions with the customers I meet and talk to on a regular basis, I constantly yearn to understand the challenges they are facing. What is stopping them from moving forward and implementing the security tools that are available to them. Why purchase that SIEM to only put it on the shelf? Sure, you need to use the money but why would you not use it after you bought it? You know the response that I keep getting… (it rips my heart apart)… “It Is DIfficult”… wait.. what did you say? I just showed you how RSA enVision has reports available out of the box, I informed you of the fact that we use no agents, I just pointed out all the VMware messages that RSA enVision can correlate… OUT OF THE BOX. Doesn’t “out of the box” mean simple?
As I was busy worrying about the products, they were busy worrying about all that stuff that happens before you put the product in place. What am I actually looking for you? What do I need to look for in the future? How do I know what I need to do when I don’t actually know what to do? What policies… what compliance… where do I begin to start? I get it… I get the pain. People think that security is like a big jigsaw puzzle. You open the cover and look at the thousands of pieces and you have no idea where to start. It becomes overwhelming and sometimes you just want to put the cover back on the box. You leave the box sitting there and tell yourself you will get back to it, and it just keeps sitting there…
My concern is without starting the jigsaw puzzle you will be missing more then the finished product. You have to understand, security is a piece in the jigsaw puzzle, not the puzzle itself. It has the correct place in the bigger picture and once you put it in place, the others can easily link up around it. I understand that it is tough to find the piece but once you do, you will see why you needed it and why without it, you will never have a complete solution. You are lost until you have the piece.
Of course there are many companies out there that provide the consulting services to help you find the piece. You see, it is their job to find the piece and help you finish your puzzle. No matter how you start, you can not be afraid of security. It may be difficult in the beginning but everything that you don’t know is difficult in the beginning. That should never stop an organization from implementing solutions that are built to be easy. I understand that it isn’t the products that are difficult, it is taking the first step into the security puzzle piece that is difficult. So let me recap… security in itself is a puzzle piece in a very large jigsaw puzzle. Putting the puzzle together can be difficult, but it isn’t the security piece itself that makes it difficult. The security puzzle piece is essential in the grand scheme of things. Without it, the puzzle can never be complete. Don’t be afraid of it, it can be done and must. Don’t be afraid of the box… opening it… look inside… take a deep breath and start it. Don’t wait until someone throws the box away or until someone opens your box for you and starts taking your pieces.

, ,

  1. Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: