Sunday, March 3, 2013

Swimming with Sharks


People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.
— Bruce Schneier, Secrets and Lies


Is it ever safe to swim with sharks? Who in their right mind would ever feel safe? Yet, the security of web infrastructure and applications are least concerned in most of today’s businesses, when the Internet is full of sharks, trying to hack your application and stealing/damaging data.

It is true that most companies have spent money on security infrastructure like Firewall, IPS & IDS and fortified their infrastructure but not enough attention is paid to their most valuable asset, “people”. How many of them are aware of safe security practices in their day to day work? How committed are they to practice them?

In a time when everyone uses third party vendors for development, sites hosted with third party vendors, while the applications handshake with yours and your partner’s systems for SSOs and authentication, security should be in limelight, yet it always takes the back seat or in most cases it is an afterthought!

Most organizations don't see value in educating their employees about security and precautions, let alone taking time to think through the scenarios when developing applications. If you think it could never happen, either it's a matter of time or you never realized to see the activities on your systems, perhaps going undetected. No matter what's been spent on technology, if the awareness and the commitment across your organization are not maintained high, people will remain to be the weakest link. If you are naive, I strongly recommend you to read up on Kevin Mitnick's “Ghost in Wires”. (I couldn't put it down after started reading :)

Have proper procedure and policy about social site usage and be it known to everyone. have a process to make sure every new and old employees, onshore/offshore consultants to learn about security threats and risk and have them committed to follow precautions in their days to day job. It is a good thing to have a healthy amount of paranoia!

No comments:

Post a Comment