Online IT Security Drama: Reality or TV?
People who work in the health care field always seem to cringe when they hear others talk about watching popular hospital dramas like "ER" on TV, and, upon questioning, will typically offer that such shows either aren't very realistic or actually remind them too much of their real, grisly work to be much fun to follow.
I have to wonder which reaction IT security pros might have in taking in "The Unprotected," an online miniseries dedicated to portraying the theater of database defense, incident response and regulatory compliance. The series was produced and is being hosted by vendor Application Security to help illustrate the problems faced the types of organizations to which it sells its database security software.
In the series, the setting is all too familiar, as an internal security team and CTO struggle to figure out how to traverse a minefield that involves electronic data theft, angry consultants and even angrier C-levels (with the threat of truly scary auditors!).
A slight knock-off of shows like "Law & Order" and the seemingly endless supply of "CSI" variations, "The Unprotected" actually does a pretty good job of depicting some of the circumstances I'd imagine are happening today in cube farms across America as people wrestle with issues of security and related compliance.
But, I also have to wonder, are most real-life organizations as oblivious as they appear to be depicted here, like the fictional company Greencrest and its lukewarm IT department, who seem to think that relying only on firewalls and authentication software to protect their databases is sufficient?
Or is the reality even more dire than it's shown on the show, because, in fact most people in real-life companies actually already know how desperate the situation is in trying to ward off ever more sophisticated attacks and maintain compliance with seemingly fluid regulations?
It's probably somewhere in between.
But it begs the question, should a show like this be scripted to read like "CSI: Rack Server" or something far more helpless, perverse and self-loathing, like some spinoff hybrid of "The Office" where the goal is applying security patches instead of selling paper? I'm guessing that a true reality show based on today's IT security environment would be more like "World's Deadliest Catch."
See, the thing is, I think that Applications Security has done something creative here to surface a realistic story in a way that might help some people who do not yet understand the extreme challenges and towering forces that have aligned themselves over the heads of the IT security workers to learn more about these problems they face.
But having spoken to so many practitioners over the years, seen them shake their heads while they talk about how their managers don't listen to them, or heard how their line of business leaders won't write them a budget, the sad truth is that it's typically those most closely involved with the affected operations, those who would star in such a show, who are the last ones who need to be informed just how overwhelming the whole situation is.
Perhaps life-like fiction was indeed the best idea in this case, because the reality TV version would be too much for almost anyone to stomach.
Drama is entertaining. Resignation would just seem sad.
Follow eWeek Security Watch on Twitter at: eWeekSecWatch.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.