It seems that one major online breach after another occurs: One breach hardly has time to clear the news cycle before another occurs.
Here at The BTW alone we’ve discussed the following major data breaches over the course of just the last month or so: CitiGroup, Sony, and the Pentagon (the Pentagon!).
In talking with small and medium businesses (SMB) in particular, many aren’t sure where the main liability lies: Whether companies aren’t taking the proper precautions to protect data (which would be more of a human failing, whether error in use, poor planning of protections) – or – whether the problem is inherent in poor software, firewalls, authentications/encryptions, and so forth.
Internet security is paramount. It’s not “insurance,” however. Insurance is what you purchase in order to recover from a bad outcome, if one happens. Internet security, however, is the protections that prevent a bad outcome from happening in the first place.
Speaking of the internet: Many SMBs aren’t fully aware of what Cloud computing is – if they’re aware at all – even when utilizing it! Therefore, when migrating storage, process, access, etc., in either discreet ways or as holistic solutions, security is often a back-of-the-envelope consideration. This is a huge mistake.
Let’s face it: Even large enterprises – the most “sophisticated” (we hope) environments – are struggling with security and poor outcomes. For SMB, it’s a real challenge: Many SMBs don’t know how to define what the Cloud is. And yet, according to Trend Micro, many are using cloud-based applications for such things as human resource management, or customer relationship management (CRM) – “…but don’t associate those apps with cloud computing”, according to Ian Gordon, Trend Micro Canada’s marketing and channel chief.
One has to wonder what their vendors are telling them when selling and instituting these “solutions” if the customer doesn’t even understand what they’re buying. And security? How do you secure something you can’t articulate in the simplest of terms? How do you assess what your vendor is doing?
Food for thought: If you’re “IT,” be certain you tell your business stakeholders exactly what is being implemented and what the advantages, and any liabilities, may be. Get full understanding and approval.
If you’re “Business,” understand the technology that you own, pay for, and use. It’s not that difficult to have a pragmatic understanding for where things reside, what business value they deliver, and what special accommodations must be made in securing and progressing the environment.
Get on it.
NP: Jive Samba, Cannonball Adderley, jazz24.org