I have found in my travels that more often than I would like people have interpreted security as needing to be so complex that not even they understand it. “Well if I plug this in over here and then close my eyes and plug the other end over there we should be secure.” Security should be clean and simple. I know that the vision of some teenage kid in his pj’s hacking away when his folks think he’s asleep terrifies us all, but come on, who are you fooling. Making security complex only means that you spend less time working on your systems to confirm that they are patched and up to date, or even really working. When testing out a new security product you should find out how much time it will take to manage and how it will make your life easier in the long run.
Sunday, April 27, 2008
Monday, April 21, 2008
In a recent phone conversation I found myself thinking, “Why does this person want this specific solution?” This is probably how you should start any conversation when you are discussing implementing a security product/solution in someone’s network. The issue is the person didn’t know why they needed this specific solution so I was educating them on the risks they were taking by not having it. This seems to be a constant theme in my conversations with people, “Why this solution?”
It shouldn’t be so surprising to me that people often don’t know what they want or why they need something. The security industry is full of people that know everything there is to know about security (or think they do). The issue is people outside of the industry really don’t understand the risks that are out there or how to protect themselves. If you ask these folks many will say spam, viruses or hackers but they don’t know why they say that. It is just what CNN, MSN or whatever news channel they subscribe to tells them to fear.
Maybe it is time for the security industry to start an initiative to educate people who are not security savvy as to the real risks that are out there….like Lindsey Lohan.