Keeping data and the networks it traverses secure
Computer and network security are big news and probably also big business lately. With credit cards being passed around the Internet for the sport of it by any number of organizations willing to pay for the information. What can the unsuspecting public and the businesses they frequent do to ensure the security of their data? Be extremely cautious and choosy for one thing.
The path to safe data has two starting points, businesses on the Internet processing information and consumers shopping with those businesses both in stores and online. With the volume of data breaches occurring over the past few years, the hardest hit area for data breach is actually brick and mortar stores. The theft however, isn't gum and t-shirts, it is customer information and the extremely valuable data that the store collects about their customers.
Now that I have painted a picture of some of the data security problems happening lately we can ask the question: Are all routes to your network secure? In that I not only include traditional network access, like workstations, switches, and edge routers, but also the point of sale and card processing devices that connect to a company network just to handle transactions and, by association, customer data.
If you have watched any major news lately there has probably been talk of a hacked something or other and a severe customer data loss. When this starts happening the online properties in question batten down the proverbial hatches to prove they are as secure as they can be, but the data leaves through some other means, possibly by an unpatched or unsecured credit card terminal or device connected to the network.
These things should cry out to computer security professionals in a very real way. This affects everyone, and when credit cards or identity records are being compromised, the affected businesses and all of their customers need to take notice. Working with security professionals and organizations to help tighten the edges of corporate networks everywhere should be a top priority—after all the customer is the hottest thing a business has. With coming changes in the US, including chip and pin, stolen information will cost money as the retailer (or entity who took the credit card) will be responsible for the safety of that data; not the banks backing the transaction. If this is what it takes to get serious about security, then I'm all for it; as consumers we all deserve it and as a technology professional, I expect it.
Keeping networks and data secure is not rocket science, but until all organizations see all data as an asset that is at least as important as the products they produce or sell, there is a lot of work to do. This security starts at the .com property or the front door and goes all the way back to the datacenter.