Read time: 3 minutes

IT security gets back to basics

By , ITWeb
20 Feb 2014

IT security gets back to basics

Rushing to adopt the next big thing does little to improve overall information security if the basics are not in place, says Brendan Kotze, MD of Performanta Services.

Kotze says local companies must question their maturity around endpoint and malware management. “Unfortunately, while endpoint and malware management was once a key focus, it’s not seen as ‘sexy’ anymore. So, most companies are not seeing full value from these investments, because they are not implementing them correctly, optimising them, managing them effectively, or aligning them to business requirements.

“It’s time to get back to basics,” Kotze says. “We see a cycle of purchasing where enterprises buy the next big thing based on new features or version number, but they implement the solution using nothing more than default settings. Naturally, the results are disappointing, so they lose faith in the technology and go out and buy more technology. So the cycle starts over again. It is important to recognise that the technology is just a piece of the puzzle. The lion’s share of focus should rather be on people and processes.”

Kotze believes many enterprises are following an ‘80-20 rule’, where they spend 80% of their budget solving 20% of the problem. “But, in most cases, they already have solutions in place that could address much of their risk if they were optimised and integrated. You might say that if your perception of an endpoint solution is poor, you probably haven’t implemented it properly or optimised your investment.”

Believing that enterprises ‘should not blame the kit, they should blame the implementation’, and ‘you cannot manage what you can’t measure’, Kotze will address the upcoming ITWeb Security Summit on endpoint malware management and DLP; getting back to basics; carrying out a root cause analysis; managing threats in a logical way; and creating reports that are actionable and effective. For more information about this event, click here.

Editorial contacts
Leigh Angelo
ITP Communications
leigh@tradeprojects.co.za
011 869 9153

Note to the editor:
Now in its ninth year, the ITWeb Security Summit is southern Africa’s premier information security event for IT and business professionals. It is presented by ITWeb, South Africa’s leading technology-focused publisher, with media products and services that span online, print and events. The ITWeb Security Summit 2014 is endorsed by ISACA and (ISC)² Gauteng Chapter and will be staged at the Sandton Convention Centre from 27-29 May. For more information, go to www.securitysummit.co.za. Join the conversation on Twitter at #itwebsec.

Daily newsletter