The real source of your security troubles

Alan Pelz-Sharpe, VP North America

It may not be a fashionable stance, but strictly controlling access and permissions to data, systems and information is the way to ensure an efficient system. It may take human effort to do this, but the cost of not doing it can be very high indeed.

It was recently reported here that 30,000 people had their credit details stolen from Experian, the credit reference agency and subsequently had their bank accounts drained, their credit ratings ruined and in some cases their identity stolen. The impact for these individuals will be felt for many years despite the ringleaders being brought to justice.

Data protection and security issues are areas of constant debate in the IT community, but the reality is that all the firewalls and fancy ID systems in the world don’t stop true criminals. In this instance they simply bought passwords and IDs from corrupt Experian employees.

Another news report of note was the complete collapse of the IT system at the Beth Israel Deaconess hospital in Boston. For almost a week the famous hospital complex had to run on paper with no IT at all. The reason for the terrible collapse? A researcher was running number-crunching experiments that overloaded the network. Despite the millions of dollars spent on data backup, generator backup and clustered servers, nothing could cope with this kind of situation – network overload.

Both of these situations highlight the simple fact that all the technology in the world can’t deal with human stupidity and ingenuity. I may be positioning myself as Ovum’s resident luddite, but over the past couple of years I have consistently given our clients and conference delegates the message that the biggest security issue facing any organisation is well-meaning but incompetent employees - not hackers or cyber terrorists from Hell.

Access Control Lists have been a staple feature of document and content management systems for years but they have remained under-used and unloved, as they rely on people to make decisions about who can or cannot access data. Despite it being a function of a business application it is labour intensive to manage.

The irony is that despite the direst expectations, the hospital actually coped quite well. To quote the VP of Patient Care, Dianne Anderson: ''Nurses and doctors over the age of 35 were very much at ease. The younger nurses and doctors were very uncertain. We were teaching residents how to write orders; we were showing nurses how to do flow sheets.''

Likewise for Experian - life goes on. The entire banking and credit system is so dependent on these types of referencing services that even when 30,000 lives are damaged, and in some cases destroyed, it will be business as usual in the morning.

Related Ovum Research

e-Knowledge@Ovum – An Ovum Advisory Service

Ovum Evaluates: Content Management – An Ovum Quarterly Updating Service

Business strategy and planning – Ovum Consulting

It's business that matters, not technology - Ovum Comments (Archive)