Trying to find the right balance between cost and a certain security level is something many customers have problems with. What is the return on the investment on security products?
When I'm taking to customers about ZENworks it's easy to discuss thing's like distributing applications or imaging the workstations, but talking about security is something different. Customers need to image their workstations and distribute applications so that their staff can use the applications to do their daily work. Security however is something that isn't visible, what do you get back when you invest in software that helps you to secure your environment.
I often compare IT security with the security of an office building, would some proper locks be sufficient, do you need an alarm system, maybe camera's or do you need a security staff looking after your property 24x7? When you decide on securing your building you try to get a balance between the cost and the value of your property. Securing your computer infrastructure is no different, you try to balance the different aspects to set a certain security level.
There is one large difference between securing an office building and securing your IT infrastructure. Most people can imagine how much effort it would take to break in to a building and get some items, this is quit different for the security of IT assets. It's difficult for most people to imagine how easy or how difficult it would be to get access to computer networks or how difficult it would be to get control over some workstations.
This week Nova, a Dutch TV program, discussed the risks of USB devices, they worked with a security company and created 80 USB devices that would send a message out as soon as the USB devices where plugged in to a Windows workstation, they left the USB sticks behind at offices of different companies. The result, within a day many of these USB sticks where plugged in to a workstation on the company networks.
Events like this show how easy it is to break in to IT environments, still many IT managers find it difficult to find the right balance when it comes to securing their network.
We only know one thing for sure, just like with securing office buildings, when items get stolen, you are too late.