As weve said for several years now, security is the first and last step in building an e-business enterprise. It is also the part of the infrastructure task that garners the least applause for a job well done. No one will thank you for keeping all those bad guys out of the companys network. Someone will fire you when one of those bad guys sneaks through.
And there are clear indications that the job is only going to get tougher.
As we write in this weeks Special Report, "The social engineering of security," building that safe network requires a lot more than making some good hardware and IT architecture decisions. It requires an approach that embraces social, political and cultural considerations. As David Thompson states, "Senior leadership wants objective measurement of an inherently subjective discipline; peer managers dont understand that their participation is necessary; users continually do foolish things; the threats are changing daily; and many organizations are forced to do more with fewer people." Sound familiar? Welcome to the security club.
The task can seem overwhelming. Just when you think you have a handle on Windows 2000 security, you can be sure that someone is going to ask about the security aspects of smart tags on Windows XP. Have those laptops locked down? What about the security of those personal digital assistants, which continue to proliferate and demand wireless access to the enterprise? And you can bet that the marketing push that is building behind the advent of Web services will raise questions about the security of those services. If you had to choose today among .Net, WebSphere or Java Web services, youd have a hard time evaluating those products from a security aspect. Like a lot of Web-based products, you often cant judge the security until the service is up and running on the Net.
While there is no overarching solution, there are steps to take. One, take a look at the security resources available. Spend sufficient time to learn the differences among www.securityfocus.com, www.sans.org and www.cert.org. And dont forget the sources where the likes of Rain Forest Puppy and the hackers hang out. To you, security is a task that must be constantly updated. To the Rain Forest Puppies of the world, security is a game where their wins make front-page news.
With a recent FBI survey reporting hacks being up nearly 50 percent over last year and nearly 50,000 unfilled IT security jobs in the United States alone, maybe the first place to start is figuring out where you are going to get the security professionals your organization requires. For that, you might want to go right to our recruiting article, "Finding pros for IT security". But before you sit down to read that article, remove the yellow stickies with your passwords attached to your monitor.