Best Practices: SME Security
Secure Design on a Dime: Our Top 5 Best Practices for SMEs
The global economic downturn has forced most organizations to drastically reevaluate their expenditures, just to survive. But smaller business are often hit hardest—in fact, among the more than 25 million SMBs registered with Equifax, commercial bankruptcies nearly doubled in March 2009 compared with the same period a year ago. If your company has survived thus far, you may have experienced deep cuts in your IT budget, including security. True, in our InformationWeek Analytics/Dark Reading survey of 250 business IT professionals at companies with fewer than 1,000 employees, most said security spending would remain steady. But in a world where the cost and complexity of securing digital assets just keep increasing—and further regulation is likely—operating under last year’s budget constraints is incredibly challenging.
The way we see it, IT professionals charged with protecting corporate data and systems while the budgetary rug is in danger of being pulled out from under them have two options: Complain, compromise and cut corners, or take the mandate to meet your security needs for pennies on the dollar as a challenge. We recommend the latter. Building a surprisingly effective security foundation with a tight budget is possible, given some creativity, out-of-the-box thinking and a little sweat equity. Sure, big enterprise competitors might spend a million bucks having a services org engineer their network security defenses. But what SMEs lack in budget they often make up for in agility—little red tape to cut through means IT can respond quickly to new threats.
In this InformationWeek Analytics report, presented in conjunction with bMighty, we’ll detail the security tools that small shops need, at a minimum, to prepare for the increasingly complex security and compliance environment that exists today. More importantly, we’ll reveal our Top 5 ways growing businesses can stretch their IT budgets and boost the overall effectiveness of their network security investments. (B140809)
Survey Name: InformationWeek Analytics/Dark Reading What Keeps Security Managers Awake at Night
Survey Date: September 2008
Region: North America
Number of Respondents: 414 total; 250 from companies with fewer than 1,000 employees
Table of Contents
4 Author’s Bio
5 Executive Summary
6 Research Synopsis
7 Money Can’t Buy Stress Relief
8 Tools of the Trade
13 Our 5-Step Strategic Security Plan
22 Appendix
5 Best Practices:
13 1 / Consider security infrastructure consolidation.
15 2 / Embrace end user education.
16 3 / Implement sound password and group policies.
17 4 / Perform penetration testing regularly.
19 5 / Outsource strategically.
About the Author
Randy George has covered a wide range of network infrastructure and information security topics in his six years as a contributor to InformationWeek and Network Computing. He has 15 years of experience in enterprise IT and has spent the past 10 years working as a senior-level systems analyst and network engineer in the professional sports industry. Randy holds various professional certifications from Microsoft, Cisco and Check Point, a BS in computer engineering from Wentworth Institute of Technology and an MBA from the University of Massachusetts Isenberg School of Management.
Be the first one to comment.