Strategy pays off for bookseller

For Indigo Books and Music, IT security is about aligning security strategies with corporate goals and objectives, and the bookseller has urged companies to follow this example.

Indigo’s security spending is based on its impact to the overall business model, assessing risks from a business perspective, instead of a technology perspective, said Ricky Mehra, director of IT security and internal controls for Indigo. Mehra was at a recent online security roundtable hosted by Microsoft Canada.

“Our security investments are strategic in nature,” he said, adding that Indigo looks at its security investments and determines how it will fit the company’s business model five years down the line.

As an online company doing millions of dollars worth of transactions, Indigo exercises prudence in applying global security for its business, Mehra said.

To keep its customers’ trust and its business competitive, Indigo has invested considerably in a “defence in depth” security framework, said Mehra, which includes technical controls like firewalls, password control mechanisms and intrusion detection devices. It has also devoted resources to establishing internal policies such as who gets access to what information, and user awareness and training to better secure its online business and corporate network.

Stephen Lawson, vice-president of technology with Fox Group Consulting in Mount Albert, Ont., said companies should take a page from Indigo’s approach to IT security. “A lot of people have the misconception that [security] is an option [but] it is really about the implementation of…policies,” said Lawson.

While many organizations like Indigo use a “defence in depth” framework, there are still companies that believe installing a piece of technology will do for IT security. But technology is only one piece of the puzzle, Lawson said. It is important for the business side to first create security policies, then look into technology to enforce those policies, he added.

Implementing IT security policy as part of the corporate agenda is becoming more important in view of increasing government regulations.

With compliance becoming more of an issue, security executives are citing compliance to prove return on investment, said Steve Lloyd, Microsoft Canada’s chief security advisor. “To convince the higher ranks that security is worth investing in, talk about compliance and the penalties that will be levied if you don’t comply,” he said.

QuickLink 060014

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now