I suppose me being someone involved in “security” and it being the sixth anniversary of 9/11 (I guess 9/11 has become a noun now, like Christmas or Easter), I’m supposed to put out an obligatory post on my thoughts on the matter related to IT Security. Well, what I would ask of all you IT security folks, similar to Reagan’s campaign pitch in 1980 is “Are our networks and computers more secure” now than pre-9/11 (again, we need a word here for dates before 9/11 and after 9/11, how about B911 and A911). Have we learned anything from this? Well the short answer is yes and no. We’ve certainly learned there is an industry in IT security. B911, IT security was a niche of former hackers and current geeks putting out stuff for only hyper paranoid companies and people could appreciate. Granted this industry was going to happen anyways, because of the rise of the internet and ecommerce, but 9/11 gave it a shot in the arm, certainly in the government and regulated industries end of the business. We also learned that you can’t legislate good security though that hasn’t stopped the government from trying. Laws make for great headlines and good election fodder, but poor computer security measures. Look at HIPAA, the set of laws that was supposed to secure our private health information. What did we get? More forms to fill out when you go to the doctor and you can’t call in for your test results. Remember that Can Spam law of a few years ago? It sure worked great, didn’t it? Why I cant remember that last time I received a spam.. it must have been like 10 SECONDS AGO! But mostly, our government went back to same old tired way of doing business, IT Security wise. Doing the CYA IT security things and neglecting the important stuff like training and enforcing policies. The next time I see a government employee get fired for violating an IT security policy will be the first. In fact, the first time I find a rank and file civil employee who can tell me anything about the IT policies, I’ll eat my hat. No, all these gyrations are mostly to make the higher ups feel protected (politically, not computer wise) and satisfy the auditors/regulators/insert bureaucratic functionary here. Many government and military IT system are still woefully insecure as we’ve seen from the spate of cracks, hacks and info breaches over the last few years (remember the VA?, the Los Alamos Labs?). And that should have been the one important lesson to come out of 9/11. There are other areas that need to catch up too. I’ve blogged long and loud about the weakness in our national banking system and the havoc that could be caused there by an organized force. So it may take a digital 9/11 to wake the companies and government into implementing real IT security that doesn’t just inconvenience people but actually keeps out bad guys. So in short, the IT security lessons we have taken away from 9/11 are, well, not much. But at least a lot of IT security venture capitalists are wealthier and wiser.
Join John Savill for 30 hours of training plus live Q&A and master the complete Microsoft solution stack! All sessions are available on demand the day after the live broadcast, and all sessions will be available on demand until March 2014. One live class remains for Semester 1 and Semester 2 begins in January 2014. Click to learn more.
Coming up next.... -- December 12: System Center 2012 & 2012 R2
-- January 23: Implementing a Private Cloud for Your Organization
-- January 30: Become a PowerShell Master
This class will first introduce you to PowerShell, after which you'll learn the basic SMO object model, how to manipulate data with PowerShell, and how to use SMO to manage objects. We'll then move on to creating Policy-Based Management policies, working with the Central Management Server, managing your system inventory, and gathering performance data with PowerShell.