From Russia, with luck

Your global business partners may not have the same network security concerns you have - if they have any at all. On a recent 10-day sojourn in Eastern Europe, I learned a great deal about that region's take on security. It is definitely not the same as ours.

You may remember the security industry of the late 1980s: Security? Who needs it? There are no problems. We are having enough trouble getting money to buy computers and hoping they work.

That's close to the Russian and East European views. Then add the Wild West component - not the Internet version, but the Wild West that is emerging economies whose first and foremost goal is merely to survive. Security does not contribute to the bottom line and is therefore secondary, tertiary and otherwise way down the list. Does this sound like us 20 years ago?

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Your global business partners may not have the same network security concerns you have - if they have any at all. On a recent 10-day sojourn in Eastern Europe, I learned a great deal about that region's take on security. It is definitely not the same as ours.

You may remember the security industry of the late 1980s: Security? Who needs it? There are no problems. We are having enough trouble getting money to buy computers and hoping they work.

That's close to the Russian and East European views. Then add the Wild West component - not the Internet version, but the Wild West that is emerging economies whose first and foremost goal is merely to survive. Security does not contribute to the bottom line and is therefore secondary, tertiary and otherwise way down the list. Does this sound like us 20 years ago?

Wireless Internet access is something we complain about every time we can't acquire a signal instantly or get it for free. As a culture we have come to believe that unlimited bandwidth is an entitlement, and Western businesses accommodate us by offering free wireless for overpriced coffee or cholesterol-laden burgers.

In Moscow, I walked into the airport Hilton hotel that was undergoing a minor remodeling of the lobby. They told me, "Sorry, nyet Internet, we are doing a major remodel." I had to hop a cab to the nearest motel-anything with Internet access.

You can buy Internet access, sometimes for $38 a day, once you hand over your passport. At the club next to my hotel, they charged too much for beer, but I got free wireless. I poked around My Network Neighborhood: no security, no MAC filtering, no crypto - but tons of connections to the networks in the office building above the club. The wireless router was hanging on a subnetwork of a car dealership, which was piggybacked on the backbone of the office complex, the bank and a casino. No passwords. I am not familiar with the local Russian laws on computer trespassing, but I had learned enough. The concept of glasnost clearly has been extended to cyberspace.

At the security conference I was attending, I asked someone if there was an identity theft problem in Russia. "Oh, yes, very serious," he said.

When I asked what they do about it, he shrugged. "What's to do? Anyone can buy anything, anyway. Why should I care?" Information - private, corporate and state - is an openly traded commodity. When he told me he worked at a bank, I asked whether he had ever sold private customer data. "Of course," he replied. "I have to pay the rent."

And so it went, person after person. Not the executives, but at the worker echelon of the banking industry, it was definitely a "me first, me second and me third" attitude. The thinking is, if someone wants it, they're going to get it anyway, so why waste time and money trying to protect it? It's tough for me to wrap my head around this as I realize how many U.S.-headquartered banks and other multinationals rely on the coordinated trust and security supposedly offered by foreign partners.