Security Must Be Built in from the Start

Carl Weinschenk

Security folks are smart. They can work around problems, test and deploy new equipment and spot rogue access points (usually). That's not the type of smarts that we are referring to right how, however. Our concern is whether they are smart enough to recognize and influence the future.

It's a tall order. Consider this Enterprise Strategy Group story from last month that suggests that companies are doing a good job of protecting their core e-mail platform, but are dropping the ball when it comes to securing other communication techniques. Many of these platforms, which include Webmail, IM and SMS, are used by mobile workers. This shows bad execution -- and probably bad planning -- on the part of IT executives, corporate decision makers and/or vendors.

The need to look ahead is an unspoken theme in this Sci-Tech Today story on the latest study by Pew Internet & American Life Project. The study found that more people are using wireless and cellular devices to connect to the Internet for work-related tasks. The results were not surprising but the commentary was interesting: The writer chose to compare and contrast use cases for wireless and cellular. The idea is that business mobility is increasing, but the precise path it will take -- cellular, Wi-Fi, WiMax or combinations of those and others -- is unclear.

Of course, the market will determine the winners and losers. The best that IT can do is make sure everything that emerges is secure. The prerequisite for that is a good understanding of how these platforms are evolving. The author of the Sci-Tech Today story implied that IT departments are resistant to Wi-Fi deployments due to residual concerns about security problems that have been alleviated. If these folks have an out-of-date view of the state of Wi-Fi security -- or any security, for that matter -- it bodes poorly for their ability to influence future developments.

Modern telecommunications -- the first-generation Internet, later applications such as VoIP and mobility -- seeped into the enterprise gradually. In many cases, security was bolted on afterwards. Wi-Fi is the best example of this: Essentially a sieve in its early days, the use of the platform in business led to an industry-wide crash program to improve security.

Security must be a core component of Web 2.0, mobile VoIP and other new platforms and the applications that ride on them. In addition to losing data while the early poorly secured versions of the products are in the field, retrofitted security never really works as well as security that is integrated in the initial planning process. The first step: IT personnel must make their security concerns known while platform decisions are being made.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.