By Rick Epstein
Have you ever heard someone rationalize an important decision with a folksy saying? It may make one seem wise at the time, but you should be aware that, for every such "wise" saying, there is generally an equally wise and opposite saying. For example, "look before you leap," but "he who hesitates is lost."
If your rationale for not reconsidering your SAP BusinessObjects security model is "If it ain't broke, don't fix it," then my reply to you is that "A stitch in time saves nine." You won't know whether it's broken until you look.
There are, of course, other sorts of objections to taking action that I hear over and over again from normally risk-averse people who don't want to address necessary changes to their SAP BusinessObjects security model.
Here are the top five:
We don't have any data that needs to be secured.
Great. Just publish it all on the Internet. No? Every company has private data
that they don't want to share with competitors and/or the public. The only
difference is the degree to which a breach will hurt. What is your pain
threshold?
We don't have time right now.
We don't have time right now.
What will it take to get your attention? Delaying the discussion of your SAP
BusinessObjects security model will almost inevitably lead to an unanticipated security
breach. Implementing a well designed security model is an investment. Prioritize
and make the time.
We don't have money in the budget.
We don't have money in the budget.
Budgets are expressions of priorities. If you don't have money in the budget,
then you need to re-examine your priorities. The potential cost to your company
-- in terms of both money and reputation -- in the event private information is
viewed by an unauthorized person or persons far exceeds what it would cost you to
analyze and reengineer your SAP BusinessObjects security model.
Why should we change? Our security model works fine.
Why should we change? Our security model works fine.
If it seems as though the pain of change is too much to bear, ask yourself how
you will feel about the pain of regret. It is quite likely that there are
unknown security holes in your security model. Designing and implementing a
security model using a true top-down methodology is the only way to ensure that
there are no such holes.
We don't have resources who know enough…
…about SAP BusinessObjects security to instantiate a true top-down security model. Then I guess today is your lucky day. Please reach out to me at repstein@resolvitinc.com. I would be glad to provide some tips and tricks and answer some questions in a 1-hour free consultation.
We don't have resources who know enough…
…about SAP BusinessObjects security to instantiate a true top-down security model. Then I guess today is your lucky day. Please reach out to me at repstein@resolvitinc.com. I would be glad to provide some tips and tricks and answer some questions in a 1-hour free consultation.
No comments:
Post a Comment