The War Beneath the Floor

It takes skill and experience for a security leader to convince everyone else that information security can coexist with efficient business systems

Too few people in the C suite have any idea what's going on among all those wires under the floor and in all those closets scattered everywhere. And because no business can long survive without its executives having such knowledge, it's time to shed light on the matter in a forum read by people who can make a difference.

Most IT people today, even those in network design and management, will agree that security is a good thing. The problem is, with no accepted definition for "network security," that's where the agreement ends. And given the constant pressures on the IT department to deliver and maintain a reliable, fast network, there is little time for much discussion. The CIOthe network manager nobody remembershas set the tone since the company's early days. When security leaders try to initiate change, it often leads to fights with the majority who think security gets in the way of business performance.

Today we know more about efficient, secure networking. But the hardliners are often too senior in rank to be swayed. It will take a good number of scandals and even prosecutions before people see that network data, unprotected, might as well be printed on paper and dropped from airplanes.

We need to recognize that there is a culture gap in network management today between network operations and network security that strikes at the core of IT culture. Only then can we act to fix the problems that culture gap creates.

Think of a recent high-profile network breach. Take your pick. We can imagine the scene back when the company was being formed: Our business model needs a network and a database that can handle the load and rapidly expand to meet customer demand. How fast can it be up to speed? How many IT people does the company need to run it? Make it a minimum number now; we're not building a computer empire here, ha, ha. Security? Not part of the business model, right? Slows us down. Any legal requirements for security? Get Washington on the phone. What we don't want is some well-intentioned staffers mucking around in our business. The IT space doesn't sit still long enough to make legislation meaningful. Yadda, yadda, yadda. Build the company, take it public, live the dream.

I have just one thing to say to such businesspeople: YOU IDIOTS!!

When are you going to learn that the Internet is like the Wild West? Nobody in charge, no rules. Sadly, everyone wants to use this highway but doesn't want to hear about safety, security or even drivers' training. Everybody just wants to rock and roll and cash the checks.