Feeling guilty

17May10

After reading Rich Mogull’s post at Securosis I couldn’t help but feel guilty for not blogging in AGES.  Rich’s blog is one of the reasons I got into blogging myself and as he states it allowed me the opportunity to meet people I otherwise wouldn’t have.  Twitter came along and has taken a big chunk out of blogging, not only writing, but reading as well.   Is Twitter a replacement for blogging, it shouldn’t be, but it is a lot easier.  I never had any deep technical posts so can only imagine the work that the smart folks put into their posts.  😉

For the most part I have been staying off the radar lately.  As mom used to say, if you don’t have anything nice to say…..

Disenchanted would probably best describe my current feeling toward security.  Dealing with internal policy stuff has been tough, and talking with external companies has been even worse.  I used to think that people made bad decisions focused around security just based on their lack of knowledge surrounding it.  Given the proper information I believed that people would make sound decisions around the security of their information.  I’m not so sure about that anymore.

Whether it is a start-up or an established company it seems like no one cares about security.  I was talking with a CEO of an established company about their decision to move their messaging and document management to Google Apps.  I asked some questions about how they are dealing with certain security concerns and his response was “We never really thought about that.”  So then I described them more in depth to give him the information they didn’t think about and his response was “Well we don’t have anything important in email so if someone gains access it isn’t a big deal.”  I don’t know about you, but I can’t think of anyone that would be happy to find out their email was breached.  People don’t realize the amount of confidential information they handle on a regular basis…until it bites them in the ass.

Unfortunately this is not the only person with this attitude that I have been dealing with.  People, including but not limited to the decision makers, just don’t seem to care about security.  Make it available, make it easy, hope the odds are in our favor that it won’t happen to us.

I’m whining…I know…I’ll stop now.  A more uplifting post will come soon, promise.

–DanO

Advertisements


One Response to “Feeling guilty”

  1. AMEN!

    Ignoring security just leaves one vulnerable to hearing “I told you so” at some point in time. As a consultant, that is the one phrase I hate to use, but people either refuse to listen out of disbelief, or dispute the facts out of ignorance.

    If you have the attitude that it will never happen to you you are only kidding yourself, and in most cases, it already has happened and you don’t know. For me, Security is a number one priority, and that only gets reinforced when I get a resume from a potential 14 year old summer intern who signs their email with PGP encryption and lists one of his skill sets as security penetration and use of Rainbow Tables. I had to look up Rainbow Tables to know what he was talking about. If that does not scare you into security, nothing will.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: