Computer geeks love their acronyms. Here’s one more: TANSTAAFL. There ain’t no such thing as a free lunch. No, I’m not talking about the grilled Alaskan salmon meal you got while playing on your phone instead of listening to the vendor pitch. I mean that if we want better security, someone has to pay for it. And it’d be better for all involved if that cost was made clear to everyone, especially those footing the bill. But a lot of that cost is pushed around instead of paid by the person eating that lunch.

Here’s what I mean: the security scan turns up a bunch of holes, generates a report, the security team hands it to IT to patch all those systems. Congratulations, the security team has now completed a tiny sliver of the real work needed to be done. Just applying a single patch in a running business can involve investigation, testing, integration, and downtime. And that’s assuming the patch works as advertised and doesn’t break anything.

Read the full article published January 7, 2019 here: https://www.helpnetsecurity.com/2019/01/07/shifting-the-burden/ by Help Net Security.