After reading Rich Mogull’s post at Securosis I couldn’t help but feel guilty for not blogging in AGES. Rich’s blog is one of the reasons I got into blogging myself and as he states it allowed me the opportunity to meet people I otherwise wouldn’t have. Twitter came along and has taken a big chunk out of blogging, not only writing, but reading as well. Is Twitter a replacement for blogging, it shouldn’t be, but it is a lot easier. I never had any deep technical posts so can only imagine the work that the smart folks put into their posts.
For the most part I have been staying off the radar lately. As mom used to say, if you don’t have anything nice to say…..
Disenchanted would probably best describe my current feeling toward security. Dealing with internal policy stuff has been tough, and talking with external companies has been even worse. I used to think that people made bad decisions focused around security just based on their lack of knowledge surrounding it. Given the proper information I believed that people would make sound decisions around the security of their information. I’m not so sure about that anymore.
Whether it is a start-up or an established company it seems like no one cares about security. I was talking with a CEO of an established company about their decision to move their messaging and document management to Google Apps. I asked some questions about how they are dealing with certain security concerns and his response was “We never really thought about that.” So then I described them more in depth to give him the information they didn’t think about and his response was “Well we don’t have anything important in email so if someone gains access it isn’t a big deal.” I don’t know about you, but I can’t think of anyone that would be happy to find out their email was breached. People don’t realize the amount of confidential information they handle on a regular basis…until it bites them in the ass.
Unfortunately this is not the only person with this attitude that I have been dealing with. People, including but not limited to the decision makers, just don’t seem to care about security. Make it available, make it easy, hope the odds are in our favor that it won’t happen to us.
I’m whining…I know…I’ll stop now. A more uplifting post will come soon, promise.
Filed under: Uncategorized | 1 Comment