Tech, Gadgets, Photography, Social Media and Poor Spelling
Yes, that is right you heard it here first, IT security is a joke, but not the funny kind, no one is laughing, the users are not laughing, the IT department isn’t laughing, the company management isn’t laughing.. And lets admit it it’s about as serious as a heart attach out there..
The simple truth is however no matter how secure you make your IT, it becomes unusable, awkward and counterproductive and a simple equation presents itself where usability declines as security increases.
Let me give you an example of where i’m going with this, there was a recent story of a journalist Matt Honan who got hacked and around the same time in a blatant PR attempt started to push it’s dual factor authentication. On paper a really great idea to enter your Google Account you need both a password and a text number sent to mobile device you own. Google setup a known list of Apps which can access this which you manage and they are tagged within Google back end infrastructure.
This is on paper a good idea, it sorts out your password, and means that if mile Mr Honan someone does try and access your gmail or google services you get an SMS and should twig that something is up..
The problem comes however in this mobile connected world, when you start to realise just how many of your services connect to Google, and how for each of these services you need to SMS entry the first time and for some of them every subsequent time you want to connect as the app is not quite implemented right. Or the battery has died on your phone, or you are in a foreign country and can’t get the SMS message..
This is an example of usability vs security and as stated above as the security increases the usability decreases because life becomes more awkward.
This is a consumer example, the corporate model it gets harder as you start to get into the world of standards and security consultants who truth be told are doing a good job and are needed however boy do they make usability hard.
If you think your personal PC is a potential battle ground times that by a few hundred users all of who have differing IT skills and user levels all with differing internet needs and requirements. All under pressure and all needing to “get the job done” they need usability, they need to have access to tools most of which are web based these days.
The company however has a need to protect its data, its IPO, and actually it’s users too..
And trying to get this balance is the joke, the work safety balance is a very difficult one to get right, users don’t set strong passwords, they don’t change passwords, they write passwords down, they double click on exe files despite being asked not too, they open files, and just quickly pop onto website xyz.com at lunchtime for a few seconds..
Companies however don’t make it easy for users however, they put up firewalls, they block social media, they make the users change passwords every 30 days, they implement token access, and lock down PC’s to protect and serve..
So the question is where does this stop? Do we sandbox each users PC on it’s own VLAN with routed/fire-walled access out to the web? Does this make it any easier for users? Does it make the PC’s any easier to use for the IT department? in reality no it doesn’t..
The problem is at some point one side has to give..