IT Information Security – The First Layer of Defense is People

Yesterday I wrote a blog titled “Submarines, Stealth Fighters and Evolving Needs of Information Security in the Server Room where I discuss some new server technologies aimed at better securing data from hackers, viruses and new malware called rootkits.

After writing that blog, I began to think about the variety of levels by which information security is delivered.  To truly manage risk and provide information security for a business, you need many levels of controls and defenses. In fact, I learned that Intel IT has a Defense in Depth strategy for information security

Within Intel IT, every strategic discussion I have witnessed from implementing cloud architectures, deploying server virtualization and client virtualization, evaluating Windows 7  (more coming soon on our plans here), developing business intelligence and social media collaboration solutions, designing for security is a paramount factor.  Every IT solution must take into account aspects of information security – the risks of not considering it are too great.  There is a rich set on content dedicated to Intel IT’s approach to security solutions.

Of course the question for IT is how much is enough. Is meeting the minimum regulatory requirements sufficient – or should we strive for a higher level of protection – at what cost.  There is no formula here.  It is a delicate balance to match risk, investment costs and ROI to deliver sufficient information security protection.  Over-invest in security and you could be constraining business growth or restricting process improvement … under-invest and you risk exposure to information loss could be too high; or (worst of all) don’t innovate business processes because of worries concerning security exposure

It was only after taking our required annual IT security training mandated for all Intel employees last week did it really hit me that PEOPLE are our primary defense against information theft.  Within the Intel IT organization, I have found a huge focus on the value of our people – our subject matter experts.  From the engineers, architects and IT strategists to the training of all employees on the principles, expectations and tools we all need to use to maximize the effectiveness of what IT has put in place.  This was reinforced by a recent Gartner call I attended where the speaker proposed that people are our most agile and important asset.  I agree.

The bottom line: IT’s job is simultaneously deliver business value through innovation aimed at enabling growth, boosting productivity, maximizing efficiency and maintaining continuity.  This is what makes PEOPLE so critical because the balancing act is a question of IT governance – the formal means to evaluate, benchmark and decide how to balance these critical questions – in close collaboration with partner business units, HR, legal and senior management.

Technology can’t do it alone – we have to deploy technology with intelligence, purpose and controls.  That is only possible by enabling people to be trained, educated and empowered with the ability, tools and support to be successful. 

Do you agree?

Chris Peters

@Chris_P_Intel (twitter)