Earlier this morning, the feature on Biggest IT Security
Failures on CFO Insight caught my eye. The article captures some of the more
well known recent IT security incidents and discusses how these news stories
may just be the tip of the iceberg. Bigger stories around cyber-espionage
(check out the blog post from Oracle’s Ricardo Diaz on this subject) go
unnoticed or unreported.
Looking at the companies mentioned, it is obvious that IT
Security is not really about budgets. Or rather, it is not ONLY about budgets.
If throwing money at the problem will have gotten rid of the problem that is "security breaches", big brands wouldn’t have made the headlines with these news stories.
A smarter, Security inside out approach is called for. Secure the data where it
resides, build in security within the layers from infrastructure, database,
middleware to applications, and manage access to these systems. Adopt a
platform approach to security so that your resources, all the way from
infrastructure up to the applications, can leverage security processes and
solutions in a standardized, repeatable and consistent way. This will also
allow you to extend your security framework as your infrastructure grows or as
you look to support applications in the cloud or mobile access. Build a sound
security platform and then leverage it across it all and through time to
maximize your existing investment. A standard security platform also eases your
compliance burden since you will not be dealing with silo’ed information.
Take a look at Oracle’s platform approach to Identity
Management and tell us what you think.