Whenever we talk about security management, the topic of best practices will normally crop up. Taking lessons from your peers is a natural step, and the security fraternity is particularly keen to help each other improve. Yet how do those practices get established, and what makes them “good”? When are new practices needed, and when should older methods die out?
As the wider world of IT evolves, so does the list of practices and techniques needed to keep those IT environments secure. For example, cloud computing launched with AWS’s first service in November 2004. The practices around securing cloud deployments had to keep pace with the rapid iteration of the cloud in general. However, AWS, Microsoft, Google and others all have their own services, ways of handling data, and best practices for security.
At the same time, every career path has its own history, list of best practices, and received wisdom that may no longer be fit for purpose. Consider epidemiology, which is the study of data around health and diseases. This can provide an apt metaphor for the evolution of IT security.
Managing Director EMEA North and…
