Breach, which is set for release in a few weeks, focuses on the true story of an FBI upstart who must investigate his boss who is suspected to be selling secrets to the Soviet Union. For those of you who read the story in paperback or in weekly new journals, a strong lesson materializes in a story early on that is applicable to the numerous breaches we have heard about at TJX and other retail and insurer organizations. Regardless of how strong and robust your physical and digital security plan is, the success or failure of the plan more likely will lie with the human capital charged with installing, managing and watching the systems.
I’ve spent nearly all my career in security related software solutions and I’ve never forgotten the important lesson taught to me as a new recruit at RSA Security a few years ago. No solution, no matter how robust and error proof will survive its goal to protect an organization without the proper declaration and focus of a security plan and the proper screening and training of professionals entrusted to manage the systems. Time haves changed a bit and RSA and other leading security companies have advanced security technologies to make them user-friendly. Still, as I listen to the news day after day, I cannot help but think how much safer consumer data would be today had the breached organizations enabled their staff with proper training and operational-knowledge?
The problem is not a technology one. One need only do a Google search to look-up tens of companies specialized in helping to protect data from RSA (EMC) to Symantec to more specialized firms like Application Security and Ingrian who offer the capability to secure databases with industrial strength encryption and user provisioning. Even my sister product here at Ipswitch, WS_FTP, which revolutionized the way data was transferred from point A to point B has introduced new versions featuring strong encryption and security features to protect the integrity of data in motion and rest after customers and prospects demanded such with strict audits and business rules changing their business models for data sharing. Yet, all of this technology is worth ZERO unless there is a commitment to the proper training of staff that runs these systems.
You might be asking why does the product manager for WhatsUp Gold care so much about security and specifically breaches. First, I like you am nervous about personal data integrity and I have seen first hand in my travels the impact data breaches can have on persons and organizations. Second, I see a strong convergence happening between the security duties and the network duties at organizations around the world. After all, your certificate server, your firewall and your anti-virus boxes are only effective if they are up and running and WhatsUp Gold has the out-of-the-box ability to manage all of the different elements you have running using native SNMP and the related OID’s. For example, in 2006 RSA Security released a version of its flagship ACE Server with SNMP capabilities. Administrators can now monitor the ACE server for common characteristics like up/down as well as other counters for performance. The same is true for SonicWALL, Cisco, Fluke and Adtran equipment to name a few.
Security is an on-going road of progress and never a destination. The marriage between security and network management will ensure the journey has less stops and detours along the way.