Security is About Balancing Tradeoffs

Balancing Tradeoffs.pngSecurity is valuable, but comes at a cost.  Businesses and organizations must weight investments in security with the costs and potential impacts to productivity and user experiences.  It is a balancing act of tradeoffs.

Optimal security is the right balance of cost, user experience, and risk.  In most cases it is a moving target as threats are changing, expectations of users shift, and growing demands of infrastructures alter the environment being protected.

The changing landscapes of technology pose challenges to maintaining a stable tradeoff equation.  New services, platforms and introduction of new form factors can create complexity which legacy security controls may have difficulty adapting to.  Upgrading technology, although wonderful for users is also a windfall for attackers as it opens new opportunities for compromise. 

Decision makers must understand their risk appetite for loss, budget for investment, and willingness for productivity disruption to their users.  Security is typically instituted to manage risk or insure legal compliance.  The goal of security is not to establish an impervious compute environment.  That simply is not possible and would be insanely expensive to approach.  Instead, security is about reasonable controls to manage the risk of loss.  Losses will still occur, but if they are acceptable based upon the investment and expectations, management should be happy.

Security is not free.  Improving security can require replacement or purchase of equipment, software, staffing, and business processes.  Initial integration costs are just the beginning as sustaining costs are also part of the equation.  When multiple vendors and products are instituted, the cost of sustaining management can be very high due to the complexity.

The benefit of security is the reduction or control of risks.  Security incidents, including breaches, downtime, and data loss can range from trivial to catastrophic.  But they are not going away and the industry is witnessing a steady increase across all sectors.  So risk is here to stay.  Security is the counterbalance.

The challenge is to understand the risks, costs, and productivity impacts to decide the amount and types of security which best fit the expectations.  This is the optimal level of security we must all strive to achieve and sustain.

Twitter:  @Matt_Rosenquist   

Blog:   http://communities.intel.com/people/MatthewRosenquist/content

LinkedIn:  http://linkedin.com/in/matthewrosenquist

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.