Security is “in the news.” What can we learn?

Dave Kinnear 1-On Leadership

I can’t help but chuckle as politicians, who most likely think a “server” is the guy in the tuxedo waiting on their table, opine on how the NSA should run their IT system security. What a joke! I don’t make this statement as a knee-jerk supporter of one political party or another. Rather, I say this as a technologist. I’ve spent my professional life in and around technology which allows me to form a reasonably knowledgeable opinion on the topic. What I’ve been hearing in the news are committee politicians making absurd declarations about security. Like I said, a joke.

So what makes this a joke? Simple. People. As long as we need human Network Administrators we, our data and our systems will be vulnerable. What frustrates me and frankly makes me at least a bit angry, is that the propagation of the idea that our systems can be truly secure is a huge disservice to the ignorant public. Ignorance can be addressed, it can be corrected. Isn’t education of the electorate a main goal of our public officials? Shouldn’t it be? Instead, they pontificate, puff themselves up and meanwhile, the public is thinking that there is some form of security that will actually keep their data safe. It’s like living in a community with an unattended gate. No security at all, but some folks feel better because there is a (useless) gate to go through. Go figure!

For those of us in the business world, the lesson to learn is for us to do our very best to understand what our Network Administrators have access to, break up access between several people where possible, and move people around so that there is less likelihood that there will be any more vulnerability than necessary. The big take-away is this: As long as people are involved with our data, there is a significant chance for a breach of security.

What are you doing to mitigate the problem? Do you have even a high-level understanding of your own network? Do you outsource IT maintenance? What access does your outsource vendor have?