Security Lessons in St. Louis

During the MasterMind Security Panel I moderated at the ITEC conference in St. Louis on October 2nd, two points made a big impression on me. Let me tell you the stories, but I will change the individuals and company names. Security issues at various companies tread into some delicate areas, and I don't want to get the panelists in trouble in case I misrepresent what they said.

John Doe manages security issues for a huge financial services company. When the topic came up about protecting against security breaches caused by employees plugging in USB drives, John said his company monitors all USB drive activity. When a user connects a USB drive to their computer, the monitoring system sends an alert.

Since John takes photos of company events and the like, he triggers a security alert every time he downloads photos from his digital camera to his computer. The security desk tech on duty calls, verifies John and his camera, and clears the log entry.

Imagine that – security is serious enough at John's big company to actually lock out the USB drives, or at least monitor when someone uses a USB device on their computer. Why? To cut down on viruses and botnets getting onto the network, and to slow down employees trying to steal things.

The same security restrictions apply to DVD drives on desktops and laptops. Many viruses and botnets come in through that “little cupholder” on your computer, but not at John's company. They're so strict their traveling executives have to go old school and play Solitaire on the airplane rather than watching DVDs. Small hassle for employees, much less security hassle for John and his company.

Jane Doe (no relation to John) does security awareness and training for a hospital. Although doctors on TV seem nice, polite, and generous with their time (except for House, of course), real doctors have short tempers and no patience with non-medical technology. As Jane said, “you'd think someone who can do brain surgery could remember how to log into a computer with their name and password, but they can't.”

Since Jane can't force the doctors to login normally, she's invested in biometrics. All computers have fingerprint readers for authentication. Slide a finger and get to work.

This change has been so popular Jane is now moving toward proximity sensors for the doctors as well. They don't mind being tracked and called, they just refuse to remember their user names and passwords, and regard rules as critical for others but completely unnecessary for themselves. Jane is preparing a campaign explaining how the fingerprint readers and proximity badges save time for the doctors while increasing billing.

Doctors pay attention to billing. Luckily, John Doe and Jane Doe pay attention to new ways to handle security. Together, they're making their companies more secure, whether the employees like it or not.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon