There is often a counter balance between security and usability. On one end of the spectrum is a completely secure system, but not usable. To ever be completely secure; to ensure the bad actors can’t access your systems, an organization has to ensure that their own employees can’t be bad actors. A completely secure system is one that isn’t usable. A computer that is powered off inside of a locked safe is secure, but is it usable? No, not really.
If we take that paradigm and apply it to your company, there are ways to ensure that the company is secure, but your system also has to be used. As a real world example, let’s discuss company A, that makes toys. They have several computers that they use for designing the toys, ordering new materials, invoices, billing, email and employee records. To be secure, the company shouldn’t allow any outside communication that can be compromised, but they need those communications for their business. If “secure” meant that they have 100% assurance that no one could access the system, the company can’t do their jobs to make toys. So how much security should be applied to compay A’s computer systems?
The answer is “just enough”. Just enough access to perform the critical task, but not so much access that it could be an avenue for a bad actor to exploit. Each process, application, communication method, employee and login must be checked under the guise of security to ensure that it is necessary for the business, and it is secure enough.
But how much is enough? Well, that depends on the amount of risk that item poses if it were compromised, as compared to the value of that item being examined. This type of Business Impact Analysis is something that each and every business SHOULD conduct to understand their risk posture. The risk around the company’s “secret sauce” is probably more valuable than past material invoices, so the “secret sauce” should receive more scrutiny.
Want to know more? Contact us today!