It is better to put in place an effective security policy
than simply investing in network security equipment, users have
been advised by Butler Group.
The application of network security policies will be a key topic at
the analyst firm's network security briefing in London next week (4
February). Maxine Holt, senior research analyst at Butler Group,
said, "There are a lot of organisations that do not even have a
security policy."
Holt warned that a security policy is a crucial part of any firm's
security strategy. She said, "It is all very well for organisations
to spend hundreds of thousands of pounds on the latest network
security solutions, but if they have not got the policy to back it
up, they will not get the maximum benefit."
A report from Butler Group published in 2003 warned that some
companies have responded to security hype from the media and
suppliers by investing in security products just because they think
they should.
But Holt believes that having an effective security policy and
undertaking regular risk assessments can help users avoid
unnecessary expenditure.
She said, "If you think it will take 90 seconds to hack into your
network, there is no point in investing in security that will
detect an intruder within 10 seconds, particularly if you already
have the necessary technology in place."
Butler Group advocates a layered approach to IT security that
encompasses a range of security products in different areas. These
include anti-virus products, firewalls, intrusion detection systems
and virtual private networks.
Holt advised users not to put all their eggs in one basket when
buying security products. Companies should look for a best-of-breed
approach, rather than buying all their products from the same
supplier, she said.
Holt said her presentation at the network security event would also
examine the feasibility of achieving a return on investment. She
said, "What organisations have to do is to view security as an
insurance and decide what the cost of not having it would be."