When I was at Hurwitz Group, we published a Trend Watch every week. I was looking back at some old ones and got a brief chuckle out of this one from November, 2000. Anyobdy remember Doctor Laura? (I expect that she is still around, though I haven’t listened to her lately).
Dr. Laura: “Hello Kate, you’re on the air”
Kate: “Hi, Dr. Laura, thanks for taking my call. My security dilemma is that I would like to open a port in our firewall…”
Dr. Laura: “ No. Absolutely not.”
Kate: “ But let me explain…If we make this connection to our business partner, we can save $1.2 million in the first 6 months!”
Dr. Laura: “You can make excuses all you want, Kate, but what you are asking is reprehensible, not to mention against policy. [click]. Hello, Nick, you’re on the air.”
Nick: “Hi, Dr. Laura, my security dilemma is I have 75 unique passwords and I was hoping to change them every 31 days instead of every 30.”
Dr. Laura: “How old are you, Nick?”
Nick: “Uh, thirty-four, but why does that matter?”
Dr. Laura: “Because you’re old enough to know better! What you’re asking will create a hole the size of
Dan: “Hi, Dr. Laura. I’ve come up with a way to generate revenue of over $25 million in two weeks using online technology.”
Dr. Laura: “No.”
Dan: “But I haven’t even told you what my security dilemma is!”
Dr. Laura: “I can tell already – a revenue generator that large will put us at risk in an incomprehensible way. [click]”
Sound familiar? Although the conversations above never really happened (couldn’t have guessed, huh?), ones like them occur daily in the lives of Information Security Officers, who are charged with making decisions to protect the interests of their company. Sometimes this is due to the ongoing frustration of being the “paranoid” one in a sea of complacency and other times it is just the easy way out.
The Hurwitz Take: Security is no longer about saying “no”, instead it is about asking “how?” “How” is a much more complex undertaking that should begin with a proper risk assessment and include the application of security architecture principles and techniques to successfully deploy applications that are tearing down the barriers between businesses. “How” is also different from “yes” – “how” ensures that the appropriate level of rigor is applied to the situation to engender a reasonable security posture. Security principles of old must be re-thought and modified to mirror the ever-changing eBusiness landscape.
Btw, yes, I do own the copyright to all of my Hurwitz Group work.
The Daily Incite – March 29, 2006
March 29, 2006 Good Morning: Every so often you need a good rant and to just become a bit unglued. For some reason, that InformationWeek blog post going after Morgan Stanley set me off. So I ranted and it felt good. I work hard to be optimistic every