posted on Wednesday, August 12, 2009 3:45 AM
Back when I was developing GIS data translation software I had to fight security all the time. My desktop was so locked down I couldn’t compile the code because I didn’t even have appropriate permission to access the file system. Why? The guy in charge of 
security was so paranoid about someone doing something they shouldn’t that he completely missed the other half of his responsibility: ensuring people had access to data and information and systems to which they legitimately had a need to access.
The potential impact of a data/security breach is so high these days that security folks are tending to over-focus on stopping breaches and data theft and forgetting about the need to provide access to the right people at the right time to information and data they need to do their jobs.
Information security isn’t just about protecting information from being stolen, it’s about ensuring that information is available to the right people at the right time. Focusing on access makes it easier to remember that some people should have access while others should not. And in the end, protection of data and systems is really just making certain those who should not have access, don’t.
You’re either the castellan of the data center, or merely a gate guard. It’s up to you how you view your role, and ultimately how the rest of IT and the organization treats you and your job.
Technorati Tags:
MacVittie,
F5,
information security,
infosec,
security,
application security,
access,
WILS,
web,
internet,
blogWILS: Write It Like Seth. Seth Godin always gets his point across with brevity and wit. WILS is an ATTEMPT TO BE concise about application delivery TOPICS AND just get straight to the point. NO DILLY DALLYING AROUND.
Related blogs & articles:
