Skip navigation
TELUS Talks Business
Community > Talking Business > 2010 > August > 12
Share
Previous Next

Talking Business

Currently Being Moderated
Ben.Sapiro
0

As an employee of a national communications company, I get a lot of emails about strong passwords and I get constant reminders about the security policies in place to protect our customers’ information. Over the past decade I’ve worked in various roles helping companies make sure their networks, computers and data are secure from unauthorised access. However there’s always been a nagging question in mind – how much is enough security when it comes to your business data?

 

When I first started in information security, a seasoned consultant told me a joke involving guards, safes and tall fences – the joke wasn’t that funny (thus I spare you a retelling), but the punch line was “and even then I can’t guarantee your data will be secure”. What the joke lacked in humour, it made up for in insight; no matter what you do, it will never be perfectly secure – there will always be a new virus, a smarter hacker or a smaller flash drive to lose at an airport.

 

However, while we’ll never achieve perfect security, perhaps we can get to the right level of security to meet our business needs without inconveniencing us in the process. What we really want is to be reasonably secure against the real problems we will face, or more simply put – we want to be secure enough.

 

Part of secure enough is understanding the risks you face and selecting the right processes and technology to address the problem – for example:

 

  • If you’ve got credit card data, you need to protect it; firewalls, encryption and intrusion detection are the right place to start.
  • Employees working from home – try secure connectivity technology and user education to make sure they practice good security
  • Outsourcing technology – look at audits and clear policies to confirm your partner keeps your data secure

 

The other part of secure enough is knowing what your peers in the industry are doing; having the data to know what other’s consider reasonable. If you can achieve the same (or better) level of security as your industry peers your customers are more likely to view you as secure enough.

 

To help solve the challenge of determining what Canadian businesses consider to be secure enough, a team at TELUS Security Labs entered into a joint research initiative with the Rotman business faculty at the Univeristy of Toronto. Every year, we survey a few hundred Canadian businesses from all sectors then use the data to compile and publish the Canadian IT Security Practices Report.

 

Last year we learnt a great deal about what secure enough looks like, including:

 

  • The best performing organizations spent 15% of their IT budget on information security (but the majority organizations spent an average of 7% and didn’t perform well)
  • Business successfully invested in technology to detect and analyse security breaches
  • The number of security breaches quadrupled but businesses invested in operational processes that helped reduce the cost of dealing with the breaches
  • Preventing unauthorised access to information by employees was the fastest growing problem for Canadian businesses

 

The data contained in the survey report (the report is available at telus.com/securitysurvey), provides managers with justification for improving their IT security by:

 

  • Expanding their security budget to address an evolving threat landscape
  • Investing in people and processes to leverage technology more effectively in detecting and preventing breaches
  • Working with the business to make sure customer data is kept safe

 

At the start of August we opened up the 2010 survey and now we’re looking for Canadian business managers to tell us and our co-researchers at the University of Toronto about their perspectives on security and the challenges they face.

 

Help define what secure enough looks like by taking the 2010 security survey today (telus.com/securitysurvey).

 

Ben Sapiro is a Research Director in TELUS Security Labs, one of North America’s leading information security research organizations. Ben is a co-author of the Rotman-TELUS IT Security Practices Survey and works with the Canadian executives to help define security strategies. In his spare time Ben works on emerging solutions for securing the cloud and on-demand computing services.

655 Views Tags: strategy, 10-99, 100+, business, security, data, labs, business_data, protecting, breaches, access, survey, it_security, rotman


Comments (0)
Add a comment Leave a comment on this blog post.

There are no comments on this post

Actions

Popular Blog Posts

Share
Subscribe to emails from TELUS Subscribe to blog
TELUS.com  |  Legal  |  Privacy policy  |  © 2012 TELUS Communications Company