Padlocking the balsa wood door

By Philip Sullivan, Computerworld |  Security

The last two companies that I worked for had Web sites, as well as great paranoid delusions about the security threat presented posed by those Web sites. Actually, they worried about the army of miscreants lurking in the shadows waiting to attack those Web sites. So in an effort to protect data that almost no one really wanted, they bought an expensive padlock and used it to secure a balsa wood door. Let me explain.

At one place, the Web servers lived behind a firewall, surrounded by all the other stuff that's supposed to keep it safe from potential bad guys. All of that was then locked away in the computer center behind a great big door. Unfortunately, few of the IT staff had keys, so the first person to arrive each morning carded the door with a driver's license and kept it open with a power cord tied around the doorknob (the last place I worked used a phone cord). So while we were potentially protected from high-tech hackers, any disgruntled hatchet-wielding hackers were free to have a go. As did anyone who happened to wander back there after having had a bad day with the boss.

Much of the driving force behind the Herculean efforts put into security systems seems to be an effort to placate the egos of middle and upper management, who really want to believe that there are evil forces afoot, planning to abscond with their valuable data files. It's completely understandable why your management's worried, isn't it? There's a big, big market for information about your company's widgets or doodads or whatever it is that you're supposed to be fortifying, isn't there?

Okay, sarcasm aside, here's another example of having that shiny lock on the balsa wood door -- leaving your data in a form that can be used by anyone who steals it.

Whenever I read a story about how a hacker broke into a database and stole credit card numbers, my first reaction has always been: "What sort of moron stores sensitive data like that in plain text in the first place?"

Why spend thousands of dollars protecting the data, when a cheap encryption scheme would have rendered it useless? Spy couriers carry their documents in exploding briefcases. Banks tuck a packet of exploding dye in their moneybags. Fine, if you want it, take it -- it just won't be very useful. "This message will self-destruct in 5 seconds. Have a nice day, Mr. Phelps."

In a previous incarnation, I was in engineering. I had the opportunity to work with a security expert who was an ex-government spook.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question