It is difficult to contribute something new to this kind of 'rankings', however I have found this article from Network World in which the problem is approached from a point of view of approach that I liked a lot. I take the license to transcribe the article with my own interpretation
Mistake 1: Thinking that the organization's entrepreneurial mindset is the same as it was five years ago
Five years ago, the type of devices that accessed a corporate network were limited to the company's platformed computers, whether desktop or laptop.
Currently that is not the case, more and more smartphones are imposed as business elements, and now we are witnessing the fashion of tablets. In short, a lot of new computers that have not even been designed to exert on them the type of control that you can have over the typical Windows computer within a domain.
Add to this scenario the number of widely used 'Cloud' applications, and we have a fairly complex scenario to manage that requires a much more modern strategy.
Mistake 2: Not knowing how to establish the correct relationships between the security team and the rest of the IT areas
The classic tug-of-war between the security division and the rest of the departments. For anyone who has worked in an IT company, the discussions between what the development group wants, the deadlines of the marketing group, the cost imposed by the financial group and the objections of the security team will sound highly familiar.
Having a very clear and defined 'decision chain' is key.
Mistake 3: Not understanding that virtualization requires new security strategies
It is obvious that as virtualization technologies are integrated, the approach must change. It has become very fashionable to introduce services already packaged in vmware format -for example- that are supposedly 'plug & play', but what is rarely thought of is how these computers are patched and how their security is managed
Mistake 4: Not being prepared for a data leak
It is probably always clear that documents are considered sensitive within an organization but what if they appear outside the organization? Having mechanisms to identify access to documents and having traceability in this regard is key
Mistake 5: Supplier Complacency
Very typical in Spain, once the organization establishes its clientele network of 'partners' there is rarely a critical spirit to review what they are selling us. It must be clear that the solution offered by a supplier X does not have to be the most correct although on previous occasions it has provided us with interesting applications.
We must remain alert and aware of what is in the market in a global way, not only through the eyes of our partners.
Author: Yago Jesús
Source: Security by Default
