Why Is IT Security Such A Big Problem?

August 30, 2005

Why Is IT Security Such A Big Problem?

Why Is IT Security Such A Big Problem?

by Robin Bloor, Partner

One cannot help but look at the wide array of IT security technology and wonder. There?s antivirus software, anti-spyware, firewalls, VPNs, encryption technology, biometrics, email filtering, intrusion detection, data audit and quite a lot more. Indeed there is a vast array of security technology. Go back twenty years and most of this technology simply did not exist, and there was little need for it. Even ten years ago the requirement wasn?t particularly great. Nevertheless there can be little arguing with the need for such technology now, given the number security incidents and threats. It is worth considering how we got ourselves into this situation, as it may help in finding a way out.
A Lack of Definition
The first thing to understand is that, historically, computer systems never had security designed into them at the ?atomic? level. The mainframe computers of the 20th century were very secure, but the security was all ?perimeter security?. A security fence surrounded the computer and only legitimate users could get through. PCs for many years had no security at all, and no-one seemed too concerned because almost no important information was held on such computers ? but that changed.
If we look a little deeper into this, we quickly discover that none of the fundamental elements of a computer system; users, programs and processes, data and computer hardware were ever defined in a standard way. They would be different on different operating systems and usually they were poorly defined. If you have never worked closely with computer systems, this information will probably come as a surprise. Nevertheless, it is so.
This is why identity management systems, software systems that thoroughly define users and provision their capabilities, and IT asset management systems, software systems that record and provide information on all the IT assets (programs and processes, data and hardware), have both become important products in the last few years. Together they solve the problem.
Very few such products (if any) even existed 10 years ago. They are all very recent developments. As well as providing useful capabilities for other purposes, Identity management and IT asset management are the foundation of IT security. Ultimately the management of IT security comes down to the management of access, authorization and authenticity. Unless users, programs, data and computer resources are well defined, it is very difficult to ensure their authenticity and because of that the management of access and authorization deteriorates. And that?s where and how the bad guys get in.
It can be surprising to discover how little some organizations know about their full compliment of IT resources. Many, indeed most organizations would simply not be able to provide an accurate list of all the programs that run, all the computer and network hardware that exists and all the information resources associated with them. Of course, an organization will have some knowledge of these things and indeed it will probably have accurate knowledge of the important systems that run, but very few organizations will have a complete picture. 

The Full Picture  

In order to implement comprehensive IT security, the full picture is required and it needs to be kept completely up-to-date. Once this issue is buttoned down, it becomes possible to build a comprehensive IT security capability. This then, is why IT security is such a big problem. We are only now beginning to implement the foundations of IT security.



Newsletters 2005
About Robin Bloor

Leave a Reply

Your email address will not be published.