Five Warning Signs Your Security Policy Is Lacking
Warning signs of a weak security policy from SunGuard Availability Services.
At least that appears to be the major focus of a recent security report from Cisco. I think it makes a mistake, however, by focusing on technology to address what is largely identified as a behavioral problem. I was a security auditor for a number of years and head of a security research division, and have owned security several times during my career. I learned that a vastly more successful, and much more cost-effective approach, is to address the behavior directly. However, that choice is not one a CIO can make and it, like other decisions that affect the entire enterprise, must come from the top.
In the end, I agree with Cisco that the problem exists. Where I disagree is both in who should address it and how it should be addressed.
Defining the Problem
It then looks ahead at the trend to bring consumer products into businesses, which don't even have basic security, and an increased tendency, particularly by younger employees, to want to share what they are doing and seeing on social media. Added to this is the trend of increasingly allowing employees to work on anything, anyplace and you have a recipe for disaster.
The report does point out that part of this disaster recipe is the tendency for new employees to think security is someone else's problem. And there, I think, lies the mistake.
When Steve Jobs took over Apple, it actually had an ongoing and uncontrolled practice of leaking confidential information. The company was heavily targeted by news organizations wanting the latest scoop and, as a result, when new products where launched, they had already been widely discussed and often dismissed as inadequate. That was a big part of why the company was failing; it had lost control of the images that surrounded its products and while competitors rarely took advantage of this information, they easily could have. A company that has since been defined by its ability to control its image and that of its products was, back then, unable to keep the necessary secrets.