For example, unified threat management (UTM) appliances have matured to the point where it’s possible to cover all the essential bases of a solid security policy – from anti-virus and spam protection to web filtering and wireless security – with just a single box. While the traditional ‘best-of-breed’ philosophy has resulted in IT departments being forced to integrate and manage multiple complex security products, the pragmatic enterprise has recognised that, in a broad set of environments, UTM is a better answer because it is actually fully used and implemented, not sitting on a shelf while someone tries to understand how it works.
Another development for the pragmatic enterprise to consider is cloud-based security-as-a-service, where the management of the security process is handled remotely by a specialist MSP (managed security provider). This can also offer the advantage of flexible licensing, where companies pay for the exact amount of services they’re using without tying capital up in under-utilised hardware and software.
Lastly, the explosion of mobile devices (tablets, smartphones, etc.) coupled with more and more mobile malware everyday leaves IT organizations with gaping holes in their security posture, and for no reason. With user-centric security models, one simple policy can move with the user, regardless of which device (PC, Mac, tablet or smartphone) they have in their hands at the time.
For businesses that don’t have the desire to build mini armies of dedicated IT security staff, why make things more complicated than they need to be? IT should drive innovation and growth, not be trapped in a Sisyphean cycle of its own making. Pragmatic security means not only delivering comprehensive protection, it’s also about freeing up a company’s most valuable resource: its people’s brains – and talent – and time.
Kris Hagerman is CEO of IT security firm Sophos.