Once upon a time, securing your IT environment meant sticking a firewall between your network and the Internet. These days there's a lot more to it. IT security needs to be implemented on multiple levels and actively managed which makes things a tad more complex. This month's IT Manager Podcast focuses on that complexity - why IT security has become so convoluted and how best to simplify without sacrificing.
Join me as I talk with Rick Omar Kazi from Compugen and Bruce Cowper from Microsoft Canada and we discuss the importance of customer trust, how Canadians companies are stacking up and tips to adopting new technologies while simplifying your IT security.
This podcast is available in both MP3 and WMA formats. For more information about this podcast series, please check out the IT Manager Podcast web page.
Podcast Interview Time Index with Topics
IT Security is essentially Information Security (everything else - physical security, network security, etc. are supportive of the overarching objective i.e. protection of the information) - and the very nature of information makes IT security inherently complex.
The history of cryptography (one of the oldest information protection methods) is quite instructive. The speed with which the complexity of an already complicated task increased as technology availability, transaction frequency and user numbers increased. Simon Singh's "The Code Book" (ISBN-13: 978-1857028898) is a good non-geek source.
The main reason why the complexity of IT Security will only increase is that we did not cater for the amazing rapidity with which modern IT has developed and been adopted, which has led to (you guessed it) "technology availability, transaction frequency and increase of user numbers" and the inescapable complexity of IT security.
The last line in your comment hit the nail on the head.
IT Security can be made less complex if we combine people (awareness), products (secure OS) and processes.
Security is best deployed in 4 easy layers : Network, Endpoint, Server and Application.
Windows 2008 actually provides enhancements that are built into the core product, so extra products are not needed, simplifying IT managers lives quite alot.