Many times we’ll be meeting with a client, and they will ask “Are we secure?” What a great question!!! “Secure” means so many different things to so many people, that it’s an almost impossible question to answer J In general, after probing, we tend to find that what people really want to know are a few other things:
- Will my system keep running every day all day?
- If my system stops running, will it start running again really, really soon?
- Can a competitor or rogue employee access sensitive information?
This pretty much covers it for most people. My standard answers to these questions usually serve to frustrate the questioner:
Will my system keep running every day?
How much is it worth to you to be up all day every day?
If my system stops running, will it start running again really really soon?
Define really, really soon? How long is it okay for you to be “down”? 5 minutes? An hour? A day? Two Days? A week?
Can a competitor or rogue employee access sensitive information?
How much is it worth to you in terms of dollars and additional procedures to stop them?
The bottom line in all of this is that there are no simple, yes or no answers to questions about being secure or stable. It’s all about having an ongoing dialog with your IT team. There are upwards of 15-20 different areas that need to be addressed related to the dialog. These can include discussions about backups, firewalls, power protection, proactive system monitoring and resolutions, anti-virus, anti-spam, anti-spyware, restricted user rights, server images, user and internet monitoring, password policies, ongoing technology planning, having a disaster recovery plan, etc.
And the thing is, it’s not just a one-time thing. These conversations need to happen at least a few times a year if not quarterly.
Are you secure? It’s a simple question. The answer is a little trickier.