IT Security Tactics For Recessionary Times

With the current economic downturn and most companies slashing their IT budgets — including allocations for security — IT security experts are offering suggestions for how to maximize funds and resources, as well as what kind of mindset we need to assume during a recession.  These are not only tough times, but different — and yes — changing times.   An 8-minute video on searchsecurity.com, “Security Strategies During a Recession,” provides tremendous food for thought from seven such experts.   For example, as everyone from President Obama to Warren Buffett frequently points out, a budget crisis is an opportunity to become more efficient — to figure out where costs can be reduced, where money can be saved, where operational efficiencies can be incorporated. 

With respect to security, IT managers will need to plan VERY wisely, especially since this is a time when people who commit fraud will become more creative and much more prevalent.  Therefore, one thing IT staffs do not want to cut back on is vigilance.  As the IT security experts point out, it’s even more important now to assess risk and seek out ways to reduce it.  IT managers must also reprioritize risks according to which ones have the greatest return.  One other idea was to focus on the problem(s) and become part of the solution — perhaps a piece of advice to keep firmly in mind as job security becomes as much of a concern as IT security.

 

Implementing an Authentication Solution: One Size Does Not Fit All

When you stack up authentication solutions, it becomes apparent the “one size fits all” approach falls short.  You need to implement a solution that makes sense for your environment and for your business.

It goes without saying that the authentication solution that works best for one organization is not necessarily going to be the best for another.  Every enterprise has unique requirements based on its size, the number and location of its facilities, and the number and variety of applications used — not to mention the type of business it is and the industry in which it resides. 

Each enterprise also has a different set of user groups.  While one organization could have the majority of its users in one location, another could have users based around the globe and working in remote as well as corporate locations.  Partners and customers as well as employees could have access to systems and applications and require different authentication controls.

Another consideration is the organization’s business drivers.  Is security of utmost concern, or usability?  For some companies, there is greater emphasis on relieving the users’ password management burden as much as possible in order to maintain or increase productivity.  Other companies, particularly those required to be compliant with government and/or industry regulations, are more concerned with maintaining or boosting security.   

Depending on what all these factors are, an organization may want to strengthen authentication by requiring that specific users respond to pre-set challenge questions in addition to entering their username and password, or an organization may find that smart cards would be more expedient than passwords.  

Without the right authentication solution, an organization could see user frustration and, consequently, diminished productivity.  The IT staff could be burdened with more work and therefore use more resources instead of less to address authentication issues.  Most importantly, security could be compromised, giving unauthorized users an opportunity to access sensitive or private data.

Whatever your business may be or your environment may require, you want to make sure the authentication solution you implement is one that fits.