If you could physically jump onto the virtual transportation network with your next packet stream that travels the Internet, I wonder, would you ignore the thieving, viral-infected, or misguided companies that will eventually cause Global Internet failure? I can imagine that your information packets are most likely sitting alongside a sticky-fingered scam artist cloaked as an old friend or a disease-ridden virus monster with intoxicating breath or maybe even a scantly clad e-mail waiting to be the personal lover to two million readers. This reminds me more of a scene from a fantasy movie than the Internet Highway. If I had a golden ring that would grant me five wishes for Security I suspect they would be something like:
I wish. . .
. . .that ISPs would enforce a security framework for our businesses and subscribers.
I see ISPs as a common starting point for all Internet users and, thus, best suited to enforce security requirements. ISPs are in a position to set a certain level of virus protection, network and firewall security requirements before allowing IPs to be active. If a company cannot adhere to the security requirements, their service should be SHUT OFF. What does this mean to business? Mid- to large-size businesses most likely have the budget to purchase sufficient hardware and receive up-to-date education, so this type of requirement will be administrative. Small-business administrators scare me: They are often too burdened with daily tasks to update patches and maintain proper security, and their manager would prefer a voodoo performance than provide the finances to properly run a network. So currently, dirty packets stream beside the clean packets, and those less informed are basically targets for the nefarious "Crackers." ISPs can and should establish security requirements from their clients prior to allowing access to the Internet.
. . .that ingenious new licensing plans included a mandatory Viral Protection tool.
If software vendors don't get it, they should: Virus protection is the single greatest global IT concern. It wouldn't be very difficult at all for existing primary OS vendors to include a mandatory Virus Install as part of OS configuration. Every, yes every, Internet networked business has installed virus protection. If a business doesn't have virus protection installed, they shouldn't be allowed on the Highway. This is for our own common good! If OS programs are sophisticated enough to determine that I've swapped a video card and a hard drive and the Icon to join AOL is nearly mandatory, why can't virus protection be so as well?
. . .that security staff become as important as a Finance Department.
There are some 600 new viruses per day -- this is just sick. You cannot operate a network effectively if you have more than 500 employees and no one dedicated to IT security. Security is a full-time position, with duties that range from managing virus updates and Firewall configurations to staying abreast with hardware innovations (PKI) and VPN solutions. It is time for management to appreciate this fact and grant MIS departments the budget to support a proper security staff.
. . .that accountability existed for Software Vendors.
Here's an amazing thought: Why did the Justice Department believe that Bundled Software was the best legal grounds against a huge software company and not Bungled Software? I'm no attorney, but some of the products out there appear to be liability lawsuits waiting to happen; it seems nearly malicious to me the holes that have been presented regarding certain products (if you need me to point out which ones, think Redmond). If we could visualize the havoc that some production errors have caused to businesses, it would make some recent auto liability cases appear tame. I wish that Software Companies accepted true 'Accountability' for their products and delivered fully secure products or face liability lawsuits (gulp).
. . .that monitoring for attacks wasn't a nightmare.
I realize there are a number of products that boast the ability to sift through log files and tell us who is doing what where, but frankly, I have yet to see a multi-platform economical solution to Monitoring. It is so important for security administrators to see what is at the firewall banging on the wall to come in; yet at this point, we mostly only find out after the fact. It is nice information, but somewhat useless if you're busy rebuilding your network. I would like a visual representation of what is coming at my network, not what has passed through.
It's a bummer that most complex wishes don't come true. So, I suspect that with the exception of my last wish, I will have to envision the New World in the confines of my imagination.
About the author: Scott Baetz is the director of MIS for TechTarget, an IT-specific multimedia organization. He enjoys unveiling the mystery of IT problems with a business focus. You may contact him at firstname.lastname@example.org.