DIY Works Well for Many Projects, But Not for IT Security
November 12, 2014 | By TMCnet Special Guest - Pat Kanai, engineering manager at Nuspire Networks
Original article: http://www.mobilemarketportal.com/mobile-security/articles/393494-diy-works-well-many-projects-but-not-it.htm
Do-it-yourself IT projects can save money and prove to work just fine. But a DIY security system for your invaluable information probably isn’t a very good idea. These days, cyberattacks and security glitches are a regular occurrence – and routine news headlines and organization’s need to be confident that their security systems can protect invaluable information.
In fact, a DIY data-protection system may spark more harm than protection. Here are some of the shortcomings that occur when a DIY security system is implemented:
- Let me count the ways. IT professionals often forget how many parts and pieces comprise a strong security network. It’s not simply about buying the right software, such as a firewall, or hardware, such as servers. It involves layers of complex technology that requires upkeep and constant monitoring. The monitoring chores alone –checking data-system logs for hackers trying to exploit the IT network 24/7 and even the physical data center itself – prove time-consuming and prevent IT staff from working on value-added projects.
- The watchdogs are watching – and waiting. Financial-services organizations, retailers and hospital-care providers grasp that federal and state regulators have strong regulations about data protection and are continuing to toughen them. From PCI to HIPPA, many industries are continuing to implement or update compliance and security standards to protect information. Regulators are upset about the growing number of security breaches – and they are poised to impose stiff fines on organizations that are too lax about security. A DIY system does not necessarily help organizations stay ahead of the evolving landscape and up to date with the latest regulation changes.
- IT Security Takes Professional Training. IT professionals keep up with the latest security technology, but they aren’t security experts. They require training and must understand the tools they use and industry standards about security. They must stay atop of security and that, especially for small and medium-sized IT staffs, proves more than daunting.
- Managing the explosion of personal devices. IT departments and senior leaders lose sight of the security headaches that mobile phones, laptops and the avalanche of other personal devices can cause. It’s not just the home office data that must be protected but every home gadget employees use for work as well as entry points that third-party vendors and customers use to do business online with your organization. Some of the biggest data breaches reflect hackers invading a company’s data network through a portal used by a vendor or other third party and a DIY program does not necessarily cover all devices.
- Many organizations lack a security or data-recovery plan. Even if an organization believes its DIY security system is OK, it often lacks a basic security plan or a data-recovery plan to follow when a data breach threat erupts. IT departments get overwhelmed with servicing the hardware and software they must handle regularly and they shortchange the planning and execution of security protocols, programs and processes.
What’s the answer? For a growing number of organizations, third-party managed network security service providers prove to be cost-effective and good watchdogs. They have the personnel to handle security matters; the contact with law-enforcement agencies, often global ones, to stay apprised of cyberthieves’ latest ploy for gaining access to IT networks; the setup to handle compliance and other issues and the all-hands-on-deck attitude to focus entirely on security.
From the outset, third-party network security providers spot issues during an initial security audit that organizations weren’t aware of, and they can develop guidelines, among other benefits. In addition, using a managed network security service provider frees up the IT staff to tackle value-added projects that will benefit the bottom line.
DIY-ers are usually quite passionate about what they do – and that’s great. But when it comes to protecting an organizations priceless data, even that fervor isn’t enough to handle all the responsibilities of keeping away those nasty cybercriminals.
Pat Kanai is engineering manager at Nuspire Networks, a state-of-the-science managed network security service provider.