We are presented with a wide array of excellent tools that can assist us in defending our systems, measuring compliance, and testing for vulnerabilities. There is no doubt that without the effective use of these tools, it would be unrealistic to expect that we can defend our systems and data from the many threats and risks that are surrounding us.
The challenge is that technology is often underutilized. We have tools that have far more potential than is being used. We all use word processors and other office tools that have a lot more capabilities and features than we normally use. These are features that we have paid for, but like a good book, sit on the shelf unused until we reach out to access them. Life is so busy that we often fail to look into what additional improvements are already there and available. This is a very costly problem when we look at the information management and security tools that organizations have purchased and installed.
During consulting assignments, l often found organizations asking me what tools they should buy, and what new solutions are out there to address their perceived problems, when in fact they already have the capabilities they are looking for on the tools that they already have. We need to take more time to learn how to use the tools we have and work with our vendors to get the most possible benefit from the investment that we have already made without always looking for another tool.