The Internet has changed the attitude of the human population in the western world. The rest of the world is quickly catching up and in some cases will shortly overtake us. The only barrier to the flow of information created through the Internet is language, and that is changing just as quickly.In world war two (WW II) the Americans used the Navaho language to communicate on the pacific front because it was only spoken by about 300 people in the whole world. The Americans went to extraordinary lengths to make sure that their Navaho codes were not broken as well as to make sure that no Navaho was taken alive.The business world is facing similar problems, the Internet is a totally hostile business environment. Protecting your lively hood from the speed of light and speed of business environment that has been created by the internet in the last 10 years keeps CEO’s awake at night. The addition of always online technologies and the social media blitz and I am quite surprised that more of them are not gibbering wrecks.A business can no longer reach over and crack a thief’s hand for stealing something. The reasons are numerous but the two main ones in this technology world are you don’t know who it is and it could of happened months or even years ago. Furthermore in an Intellectual property world, a swift copy of your core business IP and you could be out of business. In a prosecution sense, none of these scenarios are good for business.
So how do you do business in this hostile environment of no borders and constant threats? Softly softy and carry a big stick will no longer work, not that it worked really well before, because the stick seems to have shrunk to the size of a match stick. Anominity is also not a solution!
So we have to start looking at the business architecture and building a security framework based on this understanding. The principle question is – where is my cheese?
What is important data, where is the data, how does it move around the business, who has control, who needs access and when is control passed to someone else. Furthermore you need to make sure that there is also an audit and compliance component so that of something fishy is detected, in time for the business to do something about it.
For instance; A critical piece of information and data is here – the bad guys have been attempting to access it for the last 4 days, and after 4 days they steal it and then deleted from your location. The auditing component of your framework would have told you that you were (a) under attack, (b) what they were after and (c) allow you to do something, anything about it.
So although we are border less we still have the security principles that should have been enforced when we were not.