If Security is All Around Us, Why Isn’t It Working?
Security is all around us. We have firewalls, VPN’s, encryption and policies. Yet still it seems that millions, and in some cases billions of records, (our information, our documents, our money and our private details) are stolen from so called secure systems.
I believe that the reason for this is very simple. Security has become a buzz word. “Yes of course our systems are secure;” “We use the latest security systems;” “We employ the most up to date security systems and policies” …
In these cases, the word security has been used as an excuse not to go in to details or to throw off blame and recrimination. Yahoo sent this sentence to its users after its breach announcements, “We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.” What does it mean? “We continuously …”
So there is continuous monitoring, yet still it would seem up to 1 billion records seem to have been stolen?
It is time for a change. Security needs to be taken seriously. Not used as a funding mechanism, or a word that corporations can use to try and shift responsibility to someone else when a theft of data happens. Yes, theft of data. Let’s stop talking about hacks and hackers. This word in my lifetime has had different meaning, from a general reporter, a kid in his bedroom having fun, to statewide intrusions into systems. Let’s start talking about these attacks as theft. Theft of our data, our money and our privacy.
Security systems need to come up to scratch. Firewalls help but they are poor defenses for theft that has arisen from an internal source. Database encryption is only as good as the administrators of the database and password hashing let it just stop being used. In today’s climate, we need systems in place that are more dynamic in nature. These systems need to change automatically with each call, they need to be able to react to situations, much like an immunization against TB can react when the real TB bacteria enters the body. An immunization against a disease is not there to stop a bacterium entering your body, but when it is in, it renders it useless without disrupting the body’s ability to carry on. It is up to you to try and stop the disease in the first place. That is where Firewalls and policies have a role. But today we also need the immunization program, one that creates systems that can protect our data from within. A system that does not hinder the role of the system even under an attack and one that renders the information useless to all but those who are authorized to view it.
Security needs to become more dynamic in its role within the enterprise. We in the industry need to start redefining how security is seen, and more importantly, how security WORKS.