Our research shows rules are written this way not because administrators are lazy but because they don’t know any better.  As a general rule it is lack of training and understanding that leads to this style.

If you are going to invest in a firewall invest in proper training on using it.  Firewalls, any brand, will do what they are told.  If you get attacked don’t blame the device.  That is like blaming the car manufacturer when you bump someone in traffic because you are texting.

http://www.xtmtraining.com/training/

If my company’s whole mission was to catch up with someone else and eventually overtake them that would be a fruitless exercise.   Because while I started to take market share, I would scare the top company forcing them to change and develop new products.  So while I eventually may overtake them in one market they would most likely have developed a new market.

Look at the example of Apple and Microsoft.  Microsoft had clearly won the battle for the desktop.  So instead of Apple constantly looking for new ways to convince us to buy a Mac they developed a new market, the tablet.  Prior to Apple’s iPad the tablet market was primarily comprised of awkward stylus driven devices that weighted a bunch and while a doctor was helping a patient it would pop up with needing to reboot.  Apple shifted the market and overnight changed how we define a tablet.  Now the latest Mac OS is acting more like the tablet only with a keyboard, the market has changed.  Now Microsoft is trying to catch Apple with Windows 8.

So if I was with Google I would say let them have that space focus on what we are better at and then spend my cash on creating the next market.

So it is my opinion that Dell and Google and other should spend less time trying to develop a better tablet and more time on what’s next.  The hot products of today will not be tomorrow. 

In the article Mr. Henry had this to say, “I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,”

I think this is an important topic for every CIO, CSO, and any technology manager to consider, what can we do differently.

http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html?mod=WSJ_Tech_TECHEDITORSPICKS_1

I think the details of the attacks are important for researches to understand, however what ground does it gain with the decision makers and business owners when it all becomes white noise?

Even worse, recently there was a major arrest of an illusive hacker group and the story remained almost hidden from the media that day.  I read it on the Fox News website and I watched how the rest of the major news media went silent on reporting the story for some time (CNN, MSNBC, ABC, NBC, Etc.).  Even an industry magazine, SC Magazine, was silent on the breaking news.

If we are ever going to experience real change and real progress in fighting network security then new techniques need to be utilized.  Otherwise the dance continues on with the same song and partners.  The security issue is found, hackers exploit it, systems are patched to plug the hole.  Wait 48 hours and repeat the steps.

In America we do the same things with our politicians.  We constantly elect the same people from the same group.  We say to ourselves “Oh this one is better.  She isn’t like the rest.”  Or, “If we give this guy four more years it will finally work”.  I suspect in other countries this same behavior exists.  We have to break this cycle if we want true change.  We have to say “Um, no.  You blew it.  Time to go home.  Bye Bye.”

We fire salespeople who don’t meet expectations yet when it comes to real issues we always want to believe this time will be different.

Everything will be different when we change our ways.  Instead of patching these devices, let’s just start over.  When a vendor’s product is found to have issues get a different one.  Forget the words or materials on the product.  This or that let you down.  You blew it, time for something different.  Take action.  Forget talk (Hint: Every vendor will give you a discount to switch to them so there are always savings).

But if the issues are caused by poor setup and configuration you need to take a different tactic.  Do the same thing with your consultants, analysts, and auditors.  Hold people accountable for their actions.  You not putting up with mediocrity will change the current tract.

But when something is working and everything is in sync.  Stay the course.  The waters are always calm when everything is perfect.

• Be well read and articulate your points.  Executives often find IT people confusing and awkward to talk to.
• Focus on learning about the business you are interviewing with.  Learn what their needs are and then match your skills to them.  Don’t worry about you forcing your talents on them.
• The typical IT resume is hard to read.  It is long with software and products most people haven’t heard of.  Focus on what you have done and what you will do for their organization.
• Companies don’t buy computers.  Computers are just a tool they need to complete their mission and purpose.
• IT is an expense to may companies.  IT need to serve the business and needs to be treated as such.

Here is what I mean by that.  Chick-Fil-A is a great company based near me in Atlanta, GA USA. Any location you go into across the country will be a terrific experience.  Friendly employees, clean and welcoming environment.  In fact the service at the one is far better than that at some places that cost three times as much.  If you take a baby in there a member of their staff will make sure you have everything you need and also give you some Cheerios for them.

Chick-Fil-A makes chicken.  They don’t make hamburgers, fish or any other protein.  There is no need for them to go away from their core values or change what they do.  If they did I think their business would dissolve away and look like any other fast food place.

They also are not open on Sunday’s or holidays.  No exceptions.  They are also very successful.  And what I love is they will not bend their principles on these things.  If you drive down the interstate and see a list of upcoming restaurants if there is a Chick-Fil-A you will see a note underneath that reads “Closed Sunday”.  They are upfront and honest about who they are.

What all do your vendors do?  Are they focused like Chick-Fil-A?

Don’t take this passive approach to network security.  Proactivity is the only way to defend a network.   You must be able to detect and respond to any threat.  Passivity is the guaranteed way to loose data.

This echo’s one of the items I teach on in our Security Practice class.  There is an increased “blindness” when companies move data and servers to the cloud.  Companies have little or no control over these servers so your security is 100% dependent on someone else’s security practice.

Don’t confuse cloud companies with being technical companies.  They are sale sbased organizations.  While a lot of the services are now and will continue to be secure.  There is a rapid adoption of new businesses popping up and without proper testing.

If you are looking to move your data to the cloud make sure you do your due diligence and properly vet these service providers.  And never give up the keys to your company without having complete access to control who has access.  Doing so blindly is playing with fire.

My advice to any executive that is responsible for IT or other digital assets, is to take time to understand all of the areas where your data resides and make sure that the data is protected and backed up.  There is nothing worse than not knowing something when you are thrown into a situation when you have to know.  These situations could be from employee turnover to employee termination.  Getting access ahead of time is basic continuity planning and needs to be as the top priority for any organization.