An interesting article was posted today at Computer Weekly, titled “Upfront security better and cheaper, says expert“. The main takeaway for the business owners can be summed up in this quote from the founder of application security firm DigitalBodyGuard:
A secure infrastructure can be developed for the same cost in the same time as an insecure infrastructure
– Jon McCoy, DigitalBodyGuard
Some businesses – especially small-to-medium size ones – tend to underestimate the value of the upfront security, and sometime deem it unnecessary, just like some homeowners feel that they do not need to spend their money on the home security and monitoring systems. Perhaps, for an average owner, it is an overkill – until someone breaks in. The main argument here is to remember that people tend to rely on their everyday experiences when they judge the necessity of certain features – and those experiences are not necessarily equal. When someone breaks into your business data it can be compared to the fire or flood, not a break-in. You can recover from a burglary – you still have a roof over your head, still have a job and family – and while this experience may be stressful, unpleasant, terrifying – you can still move on. On the other hand, when your house is completely destroyed by fire, flood or other disaster, and you did not have an plan B ready – that is when real troubles begin… Business Continuity should be planned even before business is up and running.
A dollar spent on the planning stage can be worth ten, a hundred or even a thousand times that post deployment, which is a good business reason for investing in security early.
Jon McCoy, DigitalBodyGuard
When security of your business data compromised – your whole business is compromised. You may not be able to recover from the damage, when your client data is destroyed or used in identity theft. Upfront security is more and more important now – and business owners and employees can no longer be reactive, but must be proactive when it comes to business security issues. Whether it is business-specific software applications, or computer network in general, systems must not just be safe and secure – they also have to comply with various industry standards – such as HIPAA for medical field, for example. Bringing the network or the software up to standards after it has already been implemented is counter-productive and can be very costly.
McCoy, a software engineer himself, would like to see business executives consider information security in early stages, when the business direction, products and infrastructure are being planned.