This is true in many areas. Single solutions popularly labeled and sold under the name “Data Leakage Protection/Prevention” are mostly just conscience salvers. They may deal with a certain concern, but don’t solve the overall security problem. In fact most of them leave gaping holes. Most of the issues addressed by DLP products can be resolved through group policy rules in Windows. Central management through true Endpoint Security/Protection solutions are by far the best way to handle your company’s wide range of client security issues.
Another area in which poor planning and lack of an overall strategy can prove painful are hardware-based authentication mechanisms like Smartcards, one-off password generators and other tokens. These are not just costly to implement, they are also expensive and difficult to run.
Recently the trend has been towards single-platform integration of various authentication mechanisms for different applications. Known as Versatile Authentication, this approach is aimed at making these mechanisms easier to use. It is in fact a very efficient strategy, and companies should ideally concentrate on a single, integrated card solution for both physical and logical security. Even better, they should include additional things like paying for coffee at the cafeteria. This will significantly lower logistical and management costs and at improve security at the same time.
Unfortunately, comprehensive solutions like these often get bogged down because of lack of cooperation between different departments or because someone already has a project running somewhere within the organization. Once again, blame can be laid on poor coordination. Shedding departmental blinkers and creating a comprehensive overview are the hallmarks of any good strategic planning.
The list goes on and on. IT security too often is hampered by problems brought on by a tactical versus a strategic approach to solution planning. Conflicting responsibilities are common root cause, as are excess complexity and lack of understanding. IT security, after all, can mean anything and everything from physical security to application security. Throw in the fact that employees are becoming more and more mobile and are using an ever-wider range of devices and it becomes evident that good-old perimeter defense simply won’t adequately protect your company any more.
It is exactly because the issue has become so complex that companies need to step back and look at the big picture; one that is unencumbered by siloed thinking within an organization. This is especially true for investment planning. As a rule, a limited number of well implemented and well managed security levels will beat a bunch of single solutions any day. Companies need to improve both their planning processes and their strategies if they want to make the most of increasingly restricted IT budgets. Short-term tactical investments are only good for filling holes, both real and imagined, in your security infrastructure.