Padlocking the balsa wood door
The last two companies that I worked for had Web sites, as well as great paranoid delusions about the security threat presented posed by those Web sites. Actually, they worried about the army of miscreants lurking in the shadows waiting to attack those Web sites. So in an effort to protect data that almost no one really wanted, they bought an expensive padlock and used it to secure a balsa wood door. Let me explain.
At one place, the Web servers lived behind a firewall, surrounded by all the other stuff that's supposed to keep it safe from potential bad guys. All of that was then locked away in the computer center behind a great big door. Unfortunately, few of the IT staff had keys, so the first person to arrive each morning carded the door with a driver's license and kept it open with a power cord tied around the doorknob (the last place I worked used a phone cord). So while we were potentially protected from high-tech hackers, any disgruntled hatchet-wielding hackers were free to have a go. As did anyone who happened to wander back there after having had a bad day with the boss.
Much of the driving force behind the Herculean efforts put into security systems seems to be an effort to placate the egos of middle and upper management, who really want to believe that there are evil forces afoot, planning to abscond with their valuable data files. It's completely understandable why your management's worried, isn't it? There's a big, big market for information about your company's widgets or doodads or whatever it is that you're supposed to be fortifying, isn't there?
Okay, sarcasm aside, here's another example of having that shiny lock on the balsa wood door -- leaving your data in a form that can be used by anyone who steals it.
Whenever I read a story about how a hacker broke into a database and stole credit card numbers, my first reaction has always been: "What sort of moron stores sensitive data like that in plain text in the first place?"
Why spend thousands of dollars protecting the data, when a cheap encryption scheme would have rendered it useless? Spy couriers carry their documents in exploding briefcases. Banks tuck a packet of exploding dye in their moneybags. Fine, if you want it, take it -- it just won't be very useful. "This message will self-destruct in 5 seconds. Have a nice day, Mr. Phelps."
In a previous incarnation, I was in engineering. I had the opportunity to work with a security expert who was an ex-government spook.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
