'Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them.'
Unless you are in the Information Security business, this is a cost to your business, period. Insurance, coffee and heating are, similarly, unlikely to generate revenue for your business. Legally, it is difficult to operate without specific insurances and arguably, the Langton Blue office wouldn’t work without the freshly ground “Jabberwocky” beans we enjoy so much. Without dipping a toe in the security pool, businesses today are unable to operate online while maintaining an acceptable risk profile.
And there’s the elephant. How much is enough? What are the risks? How much should you budget, for what benefit How do you measure that benefit? Langton Blue doesn’t sell security products, or licences, or recommend the next “service pack” be installed. We apply our cross-discipline, sleeves up, peer-reviewed knowledge that comes from independent thinking and working with many different clients to work with your view of security and how you would like to manage your technology risk to your business. We don’t pull punches, and we call it as we see it. With the increasing take-up of outsourced service management, with unique requirements within related service level agreements (did we just say “Cloud”?), clearly understanding the operational implications and accepting the associated operational risks to bring home the benefits contributes to peaceful, stress-inhibiting, sleep. Using our knowledge of what works, and what does not, we can help you decide which of your services to move, how to move it, when to move it, and what to move it to. We can provide insight into what’s easy, what’s hard, and what’s worth doing and what’s not.
Identity management is a component often overlooked, prior to deploying a security theatre. Without an established identity for the person or system accessing your data, how can you be sure whether it should or should not be permitted? Do audit logs for your compliance team make sense without clearly identifying who did what, when? Langton Blue supports your security posturing and strategic vision through discussion and sharing of experience to create actionable roadmaps with time and budget-bounded, measurable results.
For the technologists out there, try these for size:
- vCenter 5.5 with PKI certificates on all services – not a walk in the park
- Microsoft PKI with 3 tiers and offline Certificate Authorities – still looks more like openssl than a wizard
- Microsoft ADFS API – how much code? How many servers? Better get it right. There are vendors selling “appliances” due to the complexity.
- BYOD – is this something that your business wants? What benefits will it bring? What risks? What will it cost?