Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Security Isn't Just Avoiding Microsoft

May 7, 2007 12:00 PM ET

Computerworld - We’ve all heard IT professionals imagine how secure their networks would be if they just didn’t have to use any Microsoft products.

I’ve had to listen to clients kvetch for hours on end about how Microsoft makes their lives miserable and how everything would be better in a Microsoft-free world. Tony Bove wrote a whole book with that theme, Just Say No to Microsoft, and plenty of blogs have taken up the cry.

It’s time for all the people who have entertained this fantasy to stop deluding themselves.

How would life without Microsoft be different? It wouldn’t be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system.

Networks in a world in which Apple had won the operating systems wars would still be insecure. What’s that, you say? The Macintosh has had far fewer bugs reported and patched than Windows? That’s true, but it’s a consequence of the minuscule market penetration of Mac OS. If the Mac had enjoyed a market share of upwards of 80 percent for the past couple of decades, it would have been the focus of every hacker and script kiddie on the planet. And you might be lamenting the minuscule market share of that scrappy operating system vendor in Redmond, Wash.

If you put computers on a network and open that network to the outside world via the Internet, you’re going to have security problems, regardless of whether you’re running Windows, Mac OS, Linux or an operating system you created in your spare time. By all means, we need to run the safest operating system we can, fortify our networks and police the whole thing. But once we’ve done all that, we’re left with one unalterable fact: Users will still make errors galore. Training can help. But for a bit of perspective, consider commercial air transportation. The hardware is about as safe as possible, and pilots are trained as thoroughly as surgeons. But accidents happen, and they’re usually the result of pilot error.

User errors have long been the bane of security. In a sense, true security requires a paranoia honed to a fanatical edge, but sometimes even fanaticism isn’t enough. After all, no one has surpassed the Nazis when it comes to fanatical paranoia. Yet even the well-trained German soldiers of World War II broke a fundamental rule of cryptography and reused the same keys. That mistake might be the only reason this article wasn’t written in German.

So, what needs to be done? You must require users to attend formal information security training and awareness programs. No one should be left out. Set minimum security training and awareness requirements that all workers must meet -- even janitors and others who have no system access. Step up the requirements for those who have access to corporate information systems (most workers would fall into this category), and establish exhaustive requirements for employees in computer-related positions of trust, such as security staff and systems programmers.



Jump to comments

Microsoft

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...