IT Security : The 9/11 Parallel
Saturday, January-07-2006
Jan. 07, 2006 – Saturday 10:33PM : As an IT Consultant to the SMB (Small to Medium Business) sector and other organizations of similar size I’m acutely aware of the challenges these organizations face particularly in the area of IT Security. My clients range in size from the 1 person / two computer start up business to the 100+ year old companies of over 50 employees with a corresponding number of notebook and desktop computers, one to several servers and a range of other IT gadgets from routers to printers and PDAs. On the surface this would seem a rather diverse group of differing needs when in fact they all have the same essential criteria for their IT assets.
- The assets (computers etc) must work and work efficiently. That is the users have to be able to perform their work tasks with little to no disruption from the system.
- They need to be secured and reasonably safe from the range of computing threats such as viruses, spyware and hackers.
The latter item, up until a few years back, was mostly overlooked outside of a good anti virus program as the threats perhaps didn’t seem so real or at least remote. One of the enduring lessons of the 9/11 attacks is that the world isn’t that safe a place and those dangers aren’t in always in some far off place. The actors of 9/11 brought their aggressions directly to the American homeland. The cyber world of the Internet does in effect the same. A hacker whether in Beijing, Bangalore or Boston is only milliseconds away from being able to attack any machine attached to the Internet anywhere in the world. The Internet in effect can bring cyber world terror to any Internet connected machine. Like the one in your office or livingroom.
So how does 9/11 relate to the current state of IT Security? Been to an airport lately? Prior to 9/11 airport security was modest and unless you were actually boarding a plane there was a minimum of disruption to your access to most areas of the airport. In fact even if you were boarding a flight the disruption was minimal. Not now.
I would suspect most people would agree that flying is substantially safer because of the security measures put in place but I’ve yet to hear anyone say those same security measures aren’t annoying. Waiting in the security check line for 45 minutes isn’t many folks idea of fun. In sum your security is enhanced at the price of some disruption and ease of use.
Those of us that follow the IT security issues closely (in my case as part of my IT consulting practice) are well aware how malicious code (spyware, worms and related) on the Internet has grown exponentially in numbers in the past several years. Just like the lesson of 9/11 it’s become all too apparent the world of the Internet isn’t a safe place for the naive traveler.
Security procedures for computing system are sometimes annoying when they slow down getting a job done. In fact they’re sometimes damn infuriating. Just like those security checks at the airports. Would you want to get on an airplane these days that had NO security procedures or protections in place?
The challenge for IT security in these times is certainly not to ignore it as you do so at great peril to your business assets, reputation and in fact given the increasingly tough legislation, your bankroll. The challenge is to create systems that are well designed and that from the beginning take securing the computing assets into consideration as a primary design factor. Systems that are effective and efficient in getting the daily business tasks done while streamlining the security side and making it as transparent as possible.
Kind of like that electronic pass (EZ-Pass here in Pennsylvania, USA) that lets you zip through the toll road toll booth without stopping.
Posted by mike.shafer on 01-07-2006 at 01:01 am
Posted in Mike's Musings
No comments yet.