Wish you all a very Happy Diwali and a Secure New Year. Securing a company will always remain a challenge. There will be no one single right way of doing it. Majority view is that we are safe and we do not have to do anything further. How often that this myth been proven wrong. Even after being audited by the best firms and following best practises, the recent breach of Debit/Atm card information in India, has proven that we have a long way to go, before we can feel safe.
Securing an organisation has to be more practical. A copy book style will not work. There are just too many ways that protections can be breached. Many a times, we are not even sure, whether our gates have already been broken. Each aspect of protecting an organisation has to viewed holistically and an approach, not too though on users, will go a long way.
More often we make our security too complicated and end up mis-managing it. Any security implementation should begin with knowing what to protect. Then understanding what are the access points. You need to create your own defence ring around your data assuming all access points are vulnerable and will be compromised. Once this is understood, it becomes very easy to secure your data.
Hope, this year we will have fewer breaches and a more secure year, ahead.