Security and Technology Ramblings…

    Residual Security

Google has it defined as a term belonging to the securities / financial market. But, I think it’s a worthy term to use for the IT / data security world.

A company will start out with the best of intentions. They will place a focused view on security by investing in personnel, hardware, policy and procedure. Things will be good and security will be tight. After a period of time, security becomes just another line in the budget and presents an opportunity for cost savings. Thus, the budget is reduced and the bottom line to the company becomes better.

The point at which this happens up to the point of the next breach or significant incident would be what I would call “residual security”. Security hardware, policy and procedures once managed and kept in practice start to fall by the way side. No longer are patches applied to firewalls, intrusion prevention devices and other safety barriers or monitors. No one is directly responsible any longer which leads to decay in the effectiveness of the installed infrastructure.

Security has come full circle. Company life is great. Why did we ever need that security “stuff” in the past. Thank goodness we figured out what a waste it was and we can spend the money on better things now.

I veiw the end point of residual security as the point of the next major breach or security compromise. At that point, it would seem that the cycle would start all over again.

Leave a Reply