I stand in front of more than 70 IT security professionals giving a presentation on security gaps associated with managing the access of users who are not traditional employees. As is the norm, I pepper the presentation with some light attempts at humor to keep people engaged. Each quirky joke I share elicits the desired chuckle or murmur of amusement from the crowd.
Nearing the end of the presentation, I come to the last slide.
"On a more serious note, I want to ask you one simple question: when will securing the environment against these threats become a priority for your enterprise?”
The first checkbox on the screen reads “Before a Breach.”
The second checkbox “After a Breach.”
Now, why is this funny? Well, like any good comedy, it’s funny because it’s true. Everyone in the audience knew the answer was “After a Breach.” However, this isn’t Mork and Mindy funny, this is Fargo funny: dark, strange, and it really doesn’t make a lot of sense. Not that Mork and Mindy did either, but that’s for another blog post (seriously though, what was it with the egg metaphor?).
Unfortunately, it is absolutely true that security plays a back seat to service level and the status quo. Too often, security only becomes a focus once the damage is already done.
Let’s play out the same “before” and “after” options in two other examples:
When should you get car insurance? Before or after a car wreck?
When should you start living a healthier lifestyle? Before or after a heart attack?
The reality is, after a security breach has occurred, you may not have an opportunity to take corrective action against future intrusions. Why? Because you and/or your company might not be around.
This should not be a laughing matter because when it comes to security breaches, it’s usually not if, but when they’ll happen.
The good news for IT is you are not alone. We know you’re covering multiple lines of business and supporting a growing user population in an increasingly complex environment. There are solutions to help you bridge security gaps (RapidIdentity) and people with which you can partner to enable increased security without impacting service levels (Identity Automation).
I am hopeful that there will be less laughter and more hand-raising for the proactive approach in the coming year. We are committed to helping our clients make this happen, as well as to creating a more secure environment that reduces the opportunity for a malicious breach and minimizes the damage that results should one occur.
Other blog posts that might interest you: