Believing That Technology Alone Can Solve All Security Woes
John Stewart, chief security officer, Cisco Systems
Traditionally, those chartered with securing an enterprise have tended to look to technology first -- and, at times, exclusively -- to protect their information assets. But there is no "silver bullet" that can make an enterprise secure. Security professionals may want to simply write a check or apply more technology with the hopes that it will make the problem go away.
That simply doesn't work. Technology does not equal security. You can't resolve all security issues by strictly applying more technology to the problem. Security is a process, not a product. It's a culture, not a service. Only through consistently evaluating the risks of every interaction with applications and data can sustainable security be achieved.
The hard work begins by recognizing the business systems that are most critical to your operations. Then incrementally securing each exposure. Over time your assets become more and more secure. It is neither easy, nor quick, but it's important and it must be done. You have no more valuable assets than your customer data and your intellectual property, so protect them wisely.