I have been doing Information Security for a decade and a half and there is a disturbing pattern that still to this day has not abated. That pattern involves more of a philosophy than the actual scaling you would need to for designing a security solution for an organization. The scaling law I’m talking about is one that is usually recognized too late in the implementation process, namely the post-production phase of a project.
What I’m referring to is the amount of output you have to deal with that is a result of implementing a security solution without considering the resources necessary to manage and the resulting business process that need to accommodate this reality.
One of the best use cases that demonstrates this phenomena is around the implementation of a Data Loss Prevention (DLP) solution for an enterprise. A typical DLP solution usually involves three main areas:
You have a number of approaches you could take. The most reasonable would be to focus on one of the three areas that consider was vital and to scale the scope of the inspections to very specific set of criteria. Is this how most DLP deployments go? No, instead usually all three are turned on at the same time and there is no scaling back of the criteria.
The result; more incidents and false-positives than fleas at the Westminster Canine convention. Once this scenario is encountered you end up scaling back your efforts and loss at least 3 months of progress. So do yourself a favor when implementing a security solution and understand what our outputs are before they are produced.