It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Data Security Trends Part 4: Constraints Fuel Compromise

Posted by on in Data Security

Projects always need to be completed and delivered under certain constraints. Traditionally, the three constraints have been referred to as the Project Management Triangle. One side of the triangle cannot be changed without affecting the others and each side represents a constraint as follows:

●    Time constraint - amount of time available to complete a project.
●    Cost constraint - budgeted amount available for the project.
●    Scope constraint - what must be completed to produce the project's end result.

In the context of the Project Management Triangle, one could describe a Security Triangle. The concepts and legs of the triangle are very similar. Again, each side represents a constraint so one side of the triangle cannot be changed without affecting the others.
The Security Triangle includes a:

●    Usability constraint - how useable the security will be once implemented.
●    Cost constraint - the amount of money available for the task.
●    Security constraint - how secure the tasks end result will be.

These are often competing, i.e., increased security typically means decreased usability and increased cost.  If an organization wants to write their own security system to protect all their sensitive data to make it as secure as possible without sacrificing usability, it would cost them a very large amount of money.

Constraints Fuel Compromise

There are the organizations that merely want to be compliant, and have less concern for real security. Those organizations fear the auditor, not the bad guy. They are the organizations that will most likely be breached and hacked, even unknowingly.  There are also organizations that want to be secure, and will spend a significant amount of money to become secure, because they fear the bad guy. For these organizations, achieving the tightest possible level of security is paramount.  Then there are the organizations that fall into the middle…they are very judicious with their security spend. They want to be more secure than compliant, but are willing to make some compromises to limit cost.  Which camp does your organization fall into?

 

This blog entry is the third in a five part series about data security trends of the past decade. Stay tuned for "Part 5: Beyond Compliance is Best".

Tagged in: Compliance Data Security

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Thursday, 03 October 2013