Most organisations now understand the need for effective external IT security, and have some understanding of how basic network defences should be constructed, with firewalls, de-militarised zones (DMZ's) that separate the public internet from internal networks, content filters and intrusion detection systems. But unfortunately, fixing the organisation's IT security isn't as simple as fitting a combination lock on a safe. Networks grow and change in nature and structure, while internet security threats continue to evolve. Regular testing and strengthening of defences are needed to ensure they are fit for purpose.

The DTI's 2004 Information Security Breaches survey revealed that although 80 per cent of UK businesses now use some form of internet firewall, more than half had no other security technology in place. Although no Context clients are quite this lax in their approach to IT security, this alarming statistic does highlight the need for a holistic approach. Building tough defences in one area is useless if there are weaknesses elsewhere. Similarly, poorly configured or out of date security solutions might as well not exist. Network defences need to be solid, and can be undermined by the electronic equivalent of a pinhole or hairline fracture. We have worked with clients who have suffered security breaches because a single firewall was misconfigured, allowing over-permissive access to a server.