/>
X
Innovation

IT Commandment: Thou shalt not ignore security risks when choosing platforms

I am joining my fellow ZDNet bloggers this week in posting this Security Commandment:   Thou Shalt Not Ignore Security Risks When Choosing Platforms   Although for most of us it is already too late and we are doomed to the purgatory of continuous updates, windows of vulnerability, and increased exposure there are still opportunities to adhere to this Commandment.
zd-defaultauthor-richard-stiennon.jpg
Written by Richard Stiennon on

I am joining my fellow ZDNet bloggers this week in posting this Security Commandment:

 

Thou Shalt Not Ignore Security Risks When Choosing Platforms

 

Although for most of us it is already too late and we are doomed to the purgatory of continuous updates, windows of vulnerability, and increased exposure there are still opportunities to adhere to this Commandment.   

 

Over the last ten years organization have foolishly listened to the argument that it was cheaper to standardize on platforms.  The argument went that first of all you would not need separate groups of people to handle desktop and server maintenance.  And secondly, anyone can manage a Windows environment; there are no crazy sounding command line arguments to learn. Just pop in a CD and follow the instructions from the Wizard.  Remote management? Don’t worry that’s coming. Software distribution? User controls? All coming. 64 bit support? Anti-virus, anti-spyware?  Availability? Reliability? That is coming too!  

 

So, it’s too late to move away from Windows Server platforms. You have invested way too much. You have written all of your applications to non standard HTTP and are married forever to Internet Explorer.  What can you do?

 

Next time you are rolling out a new service either internally or for public consumption evaluate your platform choices taking into account the following:

 

  1. Cost of frequent updates for security patches.
  2. Cost of continuous Anti-Virus signature updates.
  3. Exposure to next mass propagating malware regardless of updates.

 

Keep in mind that if you have dedicated personnel to manage the new project it is not necessarily more expensive to have a Linux expert instead of a Windows expert.

 

By doing this you will discover that if you include risk in the equation standardization is not always cheaper; especially when your standardization is the same as everyone else’s standardization.  There is lower risk in diversity.

 

This may also prevent you from using Windows for your PBX applications, media applications, cell phones, gaming devices, ATMs, manufacturing controls, SCADA networks, traffic lights,  and medical equipment choices.


Our IT Commandments:
  1. Thou shalt not outsource mission critical functions
  2. Thou shalt not pretend
  3. Thou shalt honor and empower thy (Unix) sysadmins
  4. Thou shalt leave the ideology to someone else
  5. Thou shalt not condemn departments doing their own IT
  6. Thou shalt put thy users first, above all else
  7. Thou shalt give something back to the community
  8. Thou shalt not use nonsecure protocols on thy network
  9. Thou shalt free thy content
  10. Thou shalt not ignore security risks when choosing platforms
  11. Thou shalt not fear change
  12. Thou shalt document all thy works
  13. Thou shalt loosely couple
Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Hackers are finding ways around multi-factor authentication. Here's what to watch for
a-man-looking-at-his-smartphone-while-sitting-at-a-computer-in-his-home-office

Hackers are finding ways around multi-factor authentication. Here's what to watch for

Elon Musk drops details about Tesla's humanoid robot
tesla-humanoid

Elon Musk drops details about Tesla's humanoid robot