Cost determines security choices

Firms are being urged to shop around more to find the security system best suited to their needs

Businesses need to engage more with vendors when choosing security systems, to ensure the best possible protection and to avoid overspending, according to Standard Chartered Bank.

John Meakin, group head of information security at the bank, told delegates at the Gartner Security Summit in London this week that by selecting general security packages chief information security officers (CISOs) are not serving their businesses as well as they could.

‘It’s about engagement between the buy side and the sell side,’ said Meakin. ‘Just because you have security policies and investment in security does not necessarily mean you are secure.’

Meakin says one of the biggest problems is internal security.

‘Thousands of staff still have incorrect access to internal systems. Inappropriate access is an unsolved problem and a very difficult one to solve.’

Steve Prentice, research chief at Gartner, says firms often do not do what is best by selecting one security package.

‘People buy what they want, not what they need, because the technology is affordable. They think they have the best protection when they have things that they don’t need and the technology is not tailored,’ he said.

Vic Wheatman, managing vice president of Gartner Research, says firms should assess their vulnerabilities carefully before addressing security issues.

‘You have to identify the problems and use complementary technology to solve them. It’s about getting best of need rather than best of breed,’ he said.

‘Having the best product is not the most important thing. This may mean people buy from vendors that serve unique needs.’

Regulatory compliance is one of the reasons businesses go for the best of breed option, according to Jay Heiser, Gartner research vice president.

‘A lot of regulations have counter-productive requirements. Security should be treated more like risk-management programme. Audit requirements do not really lessen risk,’ he said.

Bob Gleichauf, of the senior technology group at networking vendor Cisco Systems, says vendors should aim to work together more as users might want to stitch together products.

What do you think? Email us at [email protected]