Getting to grips with security

Many companies have yet to get their strategies aligned with security regulations

The horror stories about IT security and the cost to businesses of security failures continue unabated, creating uncertainty in the typical business about the security systems that are in place.

As soon as one security challenge is addressed, a new business model is developed with its own security management issues. Traditional IT infrastructures have known boundaries that are relatively easy to protect. But virtualisation and cloud computing, for example, throw up a new set of challenges and the debate around the security of those models is in full swing.

Some experts argue that cloud computing is a calculated risk for most IT departments because there is concern over who is responsible for security breaches in the datacentre. However, the cloud computing model is not yet widely used so there is the opportunity to research the risk before taking the plunge.

The risks don’t stop with corporate IT management decision making. Outside the business, new security laws continue to keep organisations on their toes.

The new and more punishing Data Protection Act came into force this month, giving the Information Commissioner’s Office powers to levy individual fines of up to £500,000.

There is also the Payment Card Industry Data Security Standard (PCI-DSS). This applies to organisations that hold and process details of credit card holders.

And it takes time to comply with these regulations. Many companies have yet to get their strategies aligned with the PCI-DSS, for example.

The secret to navigating the strategic issues around IT security is to be aware of the problems and separate them from the hype. To help you achieve this, read the first part of our definitive guide to security here.