How IT departments pour security dollars down the drain

IT departments spend hundreds — maybe millions — of dollars a year on network security systems to protect the organization from ever-increasing threats.

But a Symantec Corp. technology evangelist says the worst thing they do is sometimes turn some — or all — the capabilities off to boost network performance.

“There’s illustration after illustration out there that point to huge mistakes on the part of IT saying turning a dollar is more important than security,” Neils Johnson said in an interview Wednesday at the SC Congress security conference in Toronto. “It may be in the short term; long term that philosophy is going to own you.”

The second biggest mistake IT professionals make is believing anti-virus protection isn’t needed. It has moved down the list of priorities, he said, but without it the organization is vulnerable to virus-born attacks.

Finally, many don’t do the basics like keeping systems patched. At least 75 per cent of network breaches wouldn’t be an issue if security-related software is up to date. he said.


Johnson was at the conference to give a spirited talk on the need for security professionals to focus on risk definition and mitigation rather than IT infrastructure.

He doesn’t suffer from opinions — or energy, striding across the stage and letting loose with entertaining broadsides:

–”If your priority is dealing with risk from an infrastructure perspective, you are so behind the curve. You have to deal with (protecting) the infrastructure, but today it is so not much about the infrastructure” but protecting corporate data;

–”Bad things happen to good people:” Risk comes from everywhere — the threat landscape, HR, litigation — and security pros need to ensure they can have IT systems up and running after any malady hits;

–”I like people … but people by and large bring with them three strikes: They are inefficient, ineffective and error-prone … Anything I can do to put an air gap between the information and the infrastructure, and protect both from people, in my mind is risk mitigation. I want to eliminate people to the best of my ability from the equation.”

–Employees, customers, supplies, vendors are “egomaniacs” who want their information on their screens and don’t care about separating personal from corporate data. That’s IT’s problem, the figure.

–People talk today about big data, but when data mining huge amounts of data becomes common it “will change the way you and I consider security from an overall perspective.” Target number one will be the huge repositories of data — on premise or in the cloud — organizations have been stockpiling. And that will impact today’s careful plans for disaster recovery and business continuity plans, he suggested.
One problem is organizations have departments that don’t work together, he said. “Someone has to stand up inside the organization and say it’s time to stop and understand we’re all going to play nice in the sandbox. Today that’s nearly a requirement. Tomorrow it will absolutely be one.”

Read the whole story here


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.