Recent questions about the inherent security of the Chrome browser have highlighted one of the major challenges in todays business landscape. If you keep crying wolf (especially in the case of Chrome where it wasn’t really warranted) how do you get people to pay attention when the situation is really serious?
All the technology that is used today in business is a tool for good just as much as it can be used as a tool for bad. The determining factor is simply the human being that is behind the keyboard. In essence this means that we all need to take responsibility for technology security given our interconnected world. One persons security issue can soon become everyone else’s.
The first step in taking responsibility for technology security is to understand that security is always a compromise.
One of the best ways of understanding this conundrum is to study the above graphic. In essence you can make a choice between any two sides of the triangle. You simply can’t have all three. Thus, you can have a system that is secure and usable but it isn’t going to be cheap. Likewise, if you want something that is usable and cheap it isn’t going to be secure. You get the picture?
Another issue that you need appreciate is how much the odds are stacked again you because you must defend against EVERY vulnerability whereas an intruder only needs to ONE to exploit. Thus, you can appreciate who has the easier job.
Absolute security is impossible, it is all about risk minimization. The less of a target you present the less likely you are to being breeched. Technology risk minimization means understanding all the systems you are using and how they can be made more secure. The most important tool for this is not simply more technology it is in fact policy. Ask yourself what policies does my business have in place to keep it secure?
Most businesses I see have none. They have no idea how secure (or more appropriately insecure) they are and worst of all they have no policy around maintaining security.
The argument around around creating policies and becoming more secure is that it is cost and time consuming. Yes, that is exactly the way it should be. Security is about pain. The more pain the more secure things are. As a comparison let’s have a look at the costs involved if you discover one day your systems have been breeched. The ONLY way to 100% sure that the intruder is no longer in you system is to wipe and rebuild EVERYTHING! You can’t simply return to a backup unless you know the exact time that your system was first compromised (and in most cases that is highly unlikely).
So, what is the cost of wiping every server and every desktop and rebuilding while your staff sit around twiddling their thumbs? Far more than you would have ever spent securing your systems up front. Pro active security may appear expensive but it is far cheaper than post detection recovery.
Good technology security is simply a cost of doing business these days. In fact smart businesses are exploiting their heightened security as a commercial advantage in the market place to differentiate them from their competition. So it can actually pay dividends and generate revenue.
In short, get serious about technology security. Be proactive and make it part of the way that you do business day in and day out. Your security is up to you and I need you to be more secure because your security also affects me in our connected world.