We’re surrounded by security risks — everywhere, all the time — but we never give most of them a second thought. We gladly hand over our credit cards to staff in stores and restaurants. We login to our online banking sites using ISPs all over the world. We install demo equipment from vendors on our corporate networks. All without a qualm.
And yet these actions — and many, many more besides — carry risks which, while probably remote, could be devastating to the individual or the business. But most of the time we’re unaffected and, probably because of that fact, we keep on exposing ourselves to them.
How does that make sense? Well it leverages a basic human trait — the ability to ignore the uncomfortable when it might stop us from doing what we want. Bruce Schneier has written extensively about our inability to judge risk correctly, and how that leads us to minimise most risks as a coping mechanism so we can get on with our day.
How (un)prepared are our networks?
On a personal level, that decision is down to the individual. But in a business context, it makes sense to take a step back and think carefully about what it means to use our new tablet on our corporate network, or grant temporary credentials to a contractor working on our web applications. But facing the uncomfortable reality of risk over every case like that could paralyse our effectiveness.
Fortunately, we’re better prepared than we realise — our networks already have the potential, flexibility and agility to deal with most of the threats the world can throw at them.
However, what often holds back security effectiveness is a lack of the reporting or visibility of real-time information that makes organisations aware of what they’re facing and fuels the smart decisions. Alternatively, organisations may have the monitoring and intrusion-detection systems necessary to identify threats as they arise, but will be so swamped with information they’re unable to pull out the crucial insights that lead to effective protection.
A real-time view of the threats and outcomes you face is essential, but is only effective when coupled with the knowledge to convert insight into appropriate action.
Four main security goals
That’s why BT launched BT Assure. The BT Assure eValuator is our approach to helping you assess and rethink your network’s security. By registering for a session with us, you are taking a step towards looking at how your network security is aligned with your organisation’s objectives and goals.
It is a multi-dimensional tool that looks at metrics which we believe are needed for secure network. The evaluator assesses the three elements of security; people, processes and technology.
The output of the eValuator provides you with a detailed view of your readiness in key areas which will help you to prioritise your security spend and activities for the coming 12-24 months.
BT’s security practice focuses on four main goals:
- Anticipating the evolving threat landscape
- Controlling the cost of security
- Improving operating efficiencies
- Supporting audit and compliance activities.
Standalone security is so last century; we weave at least one of these security priorities into everything we bring to market, including situations where we’re bundling security expertise into a core BT offering, such as BT Connect or BT Advise.
Take the security challenge and use this opportunity to make sure your organisation is ready for whatever’s out there.