Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IT Security in the SMB - Call for input

Published: 2008-02-02
Last Updated: 2008-02-02 23:55:34 UTC
by Brian Granier (Version: 1)
2 comment(s)

One of the catch phrases when discussing IT Security is the principle that there is no "silver bullet". In order words, there is no one thing or solution that will solve all of your IT security problems. With that in mind, I would like to turn the focus on the small to medium business (SMB). Over the past few years, I have observed a lot of development being done for the SMB markets that work to integrate as many different layers of IT security into one product as possible.

At the same time, IT security has become integrated into a business must do rather than a business should do thanks for IT security regulations and a change in thinking for business leaders that have learned over time that IT security can be a business decision driven by ROI.

Given these two primary factors I have observed impacting this market, my concern is that while SMB business leaders are now more aware of IT security as a necessity, how many of them are falling into the old trap of relying on a single purchase to satisfy all of their needs? Even though multiple function devices are improving, there is still no silver bullet. Or has the industry made progress in educating these business leaders that security is a journey, not a destination.

I am requesting feedback from anyone who works with these types of business and can provide their thoughts from the field.
I will be looking at all of the feedback I get and posting a follow-up article on a future shift.

2 comment(s)
Diary Archives