[edit – Some readers didn’t recognize the referenced site as a parody Gov site. It is, but lessons taken from it are still valid.]
There’s a new tunnel at the White House. I can’t tell you where. Not because I don’t know, but if I told you then I’d have Secret Service people and the NSA gumming up my Gmail and scoping out my Twitter account.
What I can tell you is that this Deep Underground Command Center (DUCC) has been planned for some time and they broke ground on the project in 2010 – if you believe the official reports.
In fact, on the White House Tunnel System Website, there is a note that says…
The new underground command center serves two purposes: 1) To protect key people with sufficient staff and data to render critical decisions and 2) Ensure the survival of the facility to allow dissemination of these decisions. The DUCC can only serve this purpose if the President and his team can secretly relocate there on very short notice.
If IT professionals are to take a lesson from the U.S. government, it’s that your vital assets should always be treated as such. A list of no-no’s might include…
Leaving doors to your facility propped open for environmental reasons. If it’s too hot, have facilities management fix the thermostat.
Remaining signed into computers and workstations when you’re away from your desk or HORRORS away from the office. Lots of folks still haven’t initiated timed sign-off protocols and enterprise workstations. All it takes to create a breach is for some unscrupulous person to wander by and hop onto a vacant machine.
Using BYOD equipment isn’t completely vetted and approved. With new mobile phones and phablets coming out almost weekly, it’s hard to lock down new personal devices. The first step IT needs to take is creating a BYOD policy that requires all devices to be evaluated. This policy should also include allowances for the resources to do this properly.
Those are just a few thoughts off the top of my head. But if the U.S. government can keep their assets secure and running (do NOT bring up the healthcare Website, please), then shouldn’t private organizations be as well equipped to do the same?
What do you think?