Security is valuable, but comes at a cost. Businesses and organizations must weight investments in security with the costs and potential impacts to productivity and user experiences. It is a balancing act of tradeoffs.
Optimal security is the right balance of cost, user experience, and risk. In most cases it is a moving target as threats are changing, expectations of users shift, and growing demands of infrastructures alter the environment being protected.
The changing landscapes of technology pose challenges to maintaining a stable tradeoff equation. New services, platforms and introduction of new form factors can create complexity which legacy security controls may have difficulty adapting to. Upgrading technology, although wonderful for users is also a windfall for attackers as it opens new opportunities for compromise.
Decision makers must understand their risk appetite for loss, budget for investment, and willingness for productivity disruption to their users. Security is typically instituted to manage risk or insure legal compliance. The goal of security is not to establish an impervious compute environment. That simply is not possible and would be insanely expensive to approach. Instead, security is about reasonable controls to manage the risk of loss. Losses will still occur, but if they are acceptable based upon the investment and expectations, management should be happy.
Security is not free. Improving security can require replacement or purchase of equipment, software, staffing, and business processes. Initial integration costs are just the beginning as sustaining costs are also part of the equation. When multiple vendors and products are instituted, the cost of sustaining management can be very high due to the complexity.
The benefit of security is the reduction or control of risks. Security incidents, including breaches, downtime, and data loss can range from trivial to catastrophic. But they are not going away and the industry is witnessing a steady increase across all sectors. So risk is here to stay. Security is the counterbalance.
The challenge is to understand the risks, costs, and productivity impacts to decide the amount and types of security which best fit the expectations. This is the optimal level of security we must all strive to achieve and sustain.