- Kindle back orders stretch 3 months at Amazon
- Cisco shutting down between holidays
- Smartphone smackdown: Storm vs. iPhone
- 12 myths about how the Internet works
- Google layoffs: 10,000 jobs being cut
I'm a big fan of Tom Peters. Right - the Tom Peters who wrote In Search of Excellence and The Brand You. When Tom turned 60, he packaged up a list of 60 things he believes in in a book called Sixty. Many of the things are simple but frequently forgotten. It's useful to go back through these ideas every so often to remind ourselves what we should be focusing on.
Because you are still getting a feel for this column, I thought I would discuss things I believe about security.
Security is too complicated. We as security and network professionals pride ourselves on how we mask complexity for our users. That's the wrong goal. We should be eliminating complexity. There are too many boxes, too many niche products and too many activities that step all over each other. It's hard to believe, but by looking at security pragmatically and simplifying our security infrastructures, we can make technology easier to use and more secure.
Big is the new small. For a long time, small start-ups ruled the roost. It was cool to buy innovative technology, even if it required a totally different management hierarchy. Most folks I talk to are tired of this. They want an architecture-based solution from a stable vendor. They want innovation, but they want it to fit into their existing security infrastructure. They want to stop integrating disparate security technologies. All other things being equal, they want big.
Compliance is good for you. I know I'm out on a limb here. But if you look back six or seven years, before the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act, security was a mess and there was no standardization. You couldn't tell your boss if your security was good or bad. Regulation changed this. It made us think about simple blocking and tackling. It made us document what we were doing. And ultimately it made someone accountable for protecting sensitive information. The topper has been security funding that wasn't available before.
We don't teach; we fix. If we spent half as much time teaching our clients what not to do as we spend cleaning up after them when they mess up, we'd all be better off. So maybe you require new employees to read the acceptable use policy and sign it. But have you taught them how to recognize a phishing message? Or how to detect a spyware site? Or made it clear that they should not be using their iPods on corporate machines? User education is a gaping hole in everything we do, and we need to fix it.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment