Careful Planning
Before diving in to your infrastructure upgrade, take a step back and consider the following issues:
What am I upgrading this for ?
Am I worried about confidentiality of my data ?
Am I worried about the integrity of my data ?
Am I worried about the availability of my data ?
Nothing particularly new here, but often one of more of these elements is overlooked until it is too late, or the budget has run out.
We all want the best we can afford, however we need to ensure the money is spent in the right places.
For example a standard company website may not be of concern when it comes to confidentiality, however availability and integrity are probably important.
But out of these two which would be most important. Integrity or availability.
Well if I had to spend the money on only these two areas, it would be 3 quarters of the budget on integrity and a quarter on availability. I think I would rather the site was down for a few hours than hacked but left up.
Of course the minute I decide to add some kind of login page, datatbase function or online transaction system on my website then my priorities change dramatically. Now I am concerned with all three, and in my view the following order should be applied:
Confidentiality
Integrity
Availability
If you work for a company and are tasked with upgrades etc, consider the three items above before looking at hardware and software technologies. Too often new technologies guide decisions rather than a companies real security requirements.
What am I upgrading this for ?
Am I worried about confidentiality of my data ?
Am I worried about the integrity of my data ?
Am I worried about the availability of my data ?
Nothing particularly new here, but often one of more of these elements is overlooked until it is too late, or the budget has run out.
We all want the best we can afford, however we need to ensure the money is spent in the right places.
For example a standard company website may not be of concern when it comes to confidentiality, however availability and integrity are probably important.
But out of these two which would be most important. Integrity or availability.
Well if I had to spend the money on only these two areas, it would be 3 quarters of the budget on integrity and a quarter on availability. I think I would rather the site was down for a few hours than hacked but left up.
Of course the minute I decide to add some kind of login page, datatbase function or online transaction system on my website then my priorities change dramatically. Now I am concerned with all three, and in my view the following order should be applied:
Confidentiality
Integrity
Availability
If you work for a company and are tasked with upgrades etc, consider the three items above before looking at hardware and software technologies. Too often new technologies guide decisions rather than a companies real security requirements.
Comments
Post a Comment