Today, the job of building and maintaining secure IT systems is more complex than ever before. The imperative for zero downtime, a mobile workforce, distributed applications, and new infrastructure concepts like cloud all conspire to prevent you from securing your data.
Meanwhile the consequences of a failure in security have increased several-fold. There are more stringent regulatory powers, more electronic links to suppliers, organised crime and extortion, and personal privacy obligations. All this in an environment where litigation is rife.
Together this increase in complexity coupled with greater penalties for failure mean that you need a higher level of assurance that your investments in security are delivering. Are they deployed in the right place? Are they configured according to the best current advice? Are they operating as the vendor stated?