Security Lessons and Your Personal Firewall

Security Lessons and Your Personal Firewall

Summary: There's an interesting dynamic I've been noticing and discussing a lot recently - people and companies are grappling with how to project some facets of their lives and information online while keeping other areas secret.As i suggested in my previous post, it was entirely possible that the Mumbai attackers were monitoring communications and the media live during their rampage - there is now firm evidence they were using Blackberries.

SHARE:

There's an interesting dynamic I've been noticing and discussing a lot recently - people and companies are grappling with how to project some facets of their lives and information online while keeping other areas secret.

As i suggested in my previous post, it was entirely possible that the Mumbai attackers were monitoring communications and the media live during their rampage - there is now firm evidence they were using Blackberries.

We are going to have to get a lot more sophisticated in how we apply and use security with modern technologies both on a personal level and in business - there are remarkable similarities.

Whether it is a mother incensed that tagged images of her young daughter are uploaded without her permission or knowledge to sites like Flickr and Facebook after a children's party by other attendees, or banter on Twitter about the Mumbai attacks that could reveal position and status information to the attackers in real time, there are some difficult societal issues emerging.

We are in an era when information flow of all types is phenomenal. The shadow global financial markets have shown us how security sophistication enabled communication impenetrable to all but a few, with hugely negative and disruptive results. This is the negative side of a closed system which isn't being monitored and regulated effectively.

The counter flow in the IT world is the planned move to cloud services in large companies which undermines the power of the force field around the IT czar and their staff in the typical company. Monitoring and enforcing regulations is a key part of traditional IT.

Already grappling with firewalls penetrated by ever increasing numbers of connections to external customers, partners, employees and systems, 'traditional' IT has the same problem we all do in this era: flexible communication with viable security. The Facebook dilemma for people with multiple social circles is a more benign personal example - you're having a party on Saturday night, but you only want to invite your friends whose taste matches the musical theme of the evening. How do you create the social discretion needed for the intimate soiree, and prevent your uninvited friends getting upset when they see the party pics in your profile later?

It's almost as if we need personal security levels in our lives - different stages of information availability. Another Facebook example - the drunken escapade pictures in your profile don't play so well with the 300 new friends you've made since that incident, or with most potential employers, but you want to retain them for your friends who were with you that night and who tagged you in them. Facebook has security settings but most people don't know how to use them.

Transposing these issues to the typical company we have the classic problem. At one end of the spectrum is legacy security enforcement on enterprise class systems, at the other end ad hoc usage of modern browser based applications by business units who got up and running in minutes with an expensed credit card debit with 'software as a service'.

Neither are satisfactory security solutions - one is increasingly too rigid and inflexible, the other often perceived to be too loose and therefore a potential critical security leak.

With the incredible flexibility and connectedness of modern society by those who know how to use the tools, we are lagging in our understanding of creating appropriate security standards.

The western world prides itself on the concepts of open democracy. There is a commonsense element about revealing valuable information publicly which seems in short supply across a broad swathe of society right now. I wonder if 'security' will be on school curriculums in the future? It would certainly be a valuable lesson to learn for all walks of life.

Topics: Social Enterprise, Security

About

Oliver Marks leads the Global Digital Enterprise Team at HP, having previously provided seasoned independent consulting guidance to companies on effective planning of business strategy, tactics, technology decisions, roll out and enduring use models that make best use of modern collaborative and social networking tools to achieve their business goals.

These are Oliver's views and not those of his employer HP.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • How dry can an article get!

    With all respect to the author, I couldn't get past the second paragraph before wilting away from extreme dehydration. Dull is a harsh description but very accurate. Reading this article was like sucking on a dry sponge. I didn't have to read much before that mouth full of dust cased a natural reaction!

    It was so dry that it begged a response. Please, I don't strike maliciously here, but someone should speak for this authors sake! It was almost unbearable!

    Please rethink your writing style.
    RS9
  • Cloud computing faces legal hurdles.

    "Cloud computing" may only really be feasible for personal use, not business. In the US and many other countries, a wide range of industries are regulated with respect to how they handle specific kinds of data, like personally identifiable information, intellectual property information, medical and other privileged records, financial records, etc. (We can only hope this is a trend that grows given the swiftness that international criminal cartels have moved to adopt technology, especially the Internet, to pursue their criminal endeavors.) I don't see IT loosening; instead, expect to see the computer and information handling standards increase, significantly, especially as individual states step in to fill any voids in federal law.
    ca_ellis@...