Why IT Security Is a Painful Necessity for All Businesses

From a pessimist’s point of view (or someone that has had their arm twisted to meet a standard), having to include IT security is a necessary evil, an act of submission, kneeling to an arbitrary requirement that has no benefit to the actual product you are building. 

Overtaxed engineering resources were pushed to their limit to build this solution to meet customer specifications, and then they were asked to meet another list of needs just to get some certification checkmark. Ridiculous, right? The number of features shared by those two sets of requirements might feel like it is non-existent. The Venn diagram would look like a pair of binoculars – completely separate circles.

How could there be any other perspective? It would be like being a fan of Justin Beiber or Abba. Indefensible positions! Well, bear with me and read on.

An optimist (and yes, they do exist) has completed the list of Herculean labors and lived to tell the tale, and they may have even achieved IT security nirvana of defeating specialist hackers more than once! Nobody, not even the optimist, will tell you that it was a refreshing, invigorating experience. 

Then there is human interference, spear phishing as well as virus writing and blackhat techniques. But they will give you an honest answer – it was a means to a very worthwhile end.

I work daily with companies that are determining their appetite for IT security checkmarks. The common characteristic among the optimists is a serious driving fire. A hunger for success. An absolutely undeniable competitive streak.

The executives who take the plunge are the ones who truly believe that their company and their products can go toe-to-toe with any rival – and they both recognize and embrace the opportunity for a competitive differentiator. 

When it comes to IT security, optimists embrace the opportunity to widen the gap between themselves and the rest of the field.

Even if you aren’t naturally an optimist, there are many reasons to be hopeful. Even if your organization gets bamboozled in the IT security process, the focused niche yields significant financial rewards when you complete the process. 

Likewise for government contracts, in finance, or even with public utilities – each have their own requirements and barriers to entry. Each offers a subset of business that can be unlocked with a specific set of capabilities. The fact that many vendors steer away from managed IT services or IT security creates a larger market share for those who embrace it.

So what derails companies on the road to IT security? What are the hidden gotchas along the way? I promised some coverage of how vendors get bamboozled, so let’s roll up our sleeves and talk about how the sausage gets made.

The most common pitfall is simply a failure to understand what you are about to do. Make sure to talk to other companies that have done it recently. Get feedback on what they would do, if faced with the same hurdle again. It’s not always possible to get that kind of candid advice, but try.

“Talk to specialists. Sure, they might try to sell you their services, but keep your ears open for free advice. It will give you a unique insight to the common pain points.” says Jamie from

The elimination of engineering overhead represents the solution to a major problem – the unavailability of resources.

Just like with video security systems, possibly the worst trap, is the hiring of one-dimensional consultants. There are folks that make a very lucrative career out of guiding companies through the maze. The problem? The consultants don’t actually do any of the work. 

Your team will still need to provide all of the engineering resources and project management, not to mention the sweat equity in the project. The consultant will help point you in the right direction and provide plenty of advice, but don’t expect a silver bullet.

Evaluate your internal resources with a skeptical eye. Do you have the IT security experience in-house? The expertise? The knowledge and skills? Do you have the bandwidth? Assess these items, and if you need to supplement the effort, look for a partner that complements your strengths well. Be blunt, ask the tough questions, and make sure that you know how much of the load they will carry and how much will have to be done internally.

There is no one-size-fits-all for IT security. It really all depends on your product, your team, and your goals.

James Styles

James writes for a number of different blogs, and enjoys fishing and wine. James lives in Nebraska with his family.