The importance of having adequate security on your computer systems can not be stressed too much.
Without adequate security, your systems are vulnerable to viruses, remote attacks, and other similar abuses. Having said that, it is possible to have too much security. When that happens, it can interfere with your ability to do your normal work, or receive the support that you need.
Having more than one anti-virus package will lead to problems. While it is important to have good anti virus software, having more than one type of anti virus software usually causes them to interfere with each other. What usually happens, is that each anti-virus package detects the others as an infection, and tries to heal the infection. The result is that all the packages end up being crippled, and you are left with no anti-virus protection at all.
Having too many firewalls can give similar results. With two, or more, firewalls, there is a great risk that they will end up blocking each other. This could lead to a complete shutdown of your network. At the very least, it means a large headache trying to determine where network traffic is being blocked.
Policies and procedures can get in the way, too. Just the other day, I had a request to populate the field in one SQL table, with data from a second table. A simple one line SQL command. I spent nearly an hour contacting different people in the customer’s IT department. Each one had to get the explanation of what the change was, who authorized it, and so on. When I finally was given access, and was able to run the SQL command, it was all over in under a minute.
As important as your system security is, these are just a few examples of how it is possible to go too far. What you choose for to address your security, has to be well thought out, and planned, to achieve the desired results. It should also be evaluated periodically. Not only to make sure it is adequate and current, but also to make sure that it is not becoming it’s own worst enemy.
Contact CCS Retail to arange for our Risk Assessment Audit and PCI-DSS compliance review.