Can you outrun the bear?
Because security is not Boolean, how do you know if you are secure? If regulation and compliance are not measures of whether you are secure or not, then how do you measure if your data is secure? Security is very gray, and very complicated. But, consider this simple story for some perspective:
If a boy and his friend are in the forest, and they come upon a bear, the boy does not have to run faster than the bear, he just has to run faster than his friend.
Security is analogous to the bear, to say that you are absolutely secure means that you want to be able to run faster than the bear. That could be very expensive. Ideally, your main goal is not to escape the bear, just stay faster than most organizations, those that will be overcome by the bear.
Where are you … where will you be in ten years?
A number of important issues and trends have been explored, but only you can assess your path to success and minimized risk. Recognize that computing environments have changed drastically during the last ten years, and security requirements have shifted dramatically. A big safe, powerful wall around your data center data just won’t suffice any longer. Data is on the move, and needs protection in any and every state, any time and any place. So as you contemplate your security strategies consider these questions and that huge bear fast on your tail.
● What type of organization are you?
● Are you an organization that merely fears the auditor?
● Are you an organization that always wants to run faster than the bear?
● Or, are you the type of organization that is changing, improving, faster than the organizations around you so they will be overcome by the bear while you survive?