In the old days, IT professionals—if they thought about security at all—tended to think of it in terms of software or hardware they could bolt on to their networks and not think about again, with the expectation that this was all that was required to completely protect their network from the dangers of an online world.

Well, that’s simply not good enough anymore. Regardless of what some vendors may say otherwise, security is not a product—it’s a process, and one that requires us to think strategically about how we use technical solutions to meet the objectives of our corporate security policy. This allows us to proactively ...