Recently, I embarked on a quest to locate an old business associate. We worked together in the early 1990s for several years, and I was interested in tracking him down. I didn't have much to go on other than a general knowledge of where he'd been living about five years ago. Although it wasn't much, I was confident that with the wondrous tool of the Internet, I'd be able to accomplish my goal fairly quickly. I gave myself a week.
Figuring that I'd start the preliminary research, I blocked out a few minutes between phone conferences one afternoon. I started with a straight search on his name. That didn't bring up anything relevant in terms of a direct link to him; but it did start me down a series of links to Web sites that provided a range of free information from the public domain and a few sites that provided additional, targeted public domain information for a small fee. I was encouraged, but figured I wouldn't get much farther since my next teleconference started in just 15 minutes.
About eight minutes later, I was standing at our printer, somewhat dumbstruck. It was the strangest mixture of triumph, astonishment and fear I think I've ever experienced. In those eight short revolutions of the minute hand, I had gathered every pertinent record of my long-lost friend's life. I knew where he lived, where he worked and a tremendously worrisome amount about his personal life. As I pulled the printed copies of his contact information from the printer, I wondered how many Americans know about the vast quantity of their personal information that is available via the Web.
While privacy is a huge political hot button today in America, in many respects, we are well behind the curve on this issue. Europe has had a very strong privacy law on the books for years, requiring strict notification and controls related to public and private consumer information. Meanwhile, just about anything related to our public and private lives is available for a small fee from a wide variety of online vendors. I believe the vast majority of Americans slumber peacefully in their beds, deluding themselves that their financial, medical, public and private information is securely locked up in a mythically secure information Fort Knox.
Most business leaders, IT leaders and business intelligence (BI) system managers share this delusion. They all believe, to one extent or another, in the myth of security. Most believe that their data warehouses, data marts and BI systems are as secure as humanly and technologically possible, beyond reproach and unassailable by any means. In this view, they are as sadly mistaken as any blissfully ignorant, snoring citizen.
The sad fact is that while untold millions are spent on security technology, security audits and security consulting, very, very little is spent on educating the organization as a whole on the weakest security link there is: the human resource.
In a recent interview with Yahoo! Internet Life, Michael Mitnick, perhaps the most notorious hacker alive, said, "No matter what technological solutions people use firewalls, encryption, limited dial-in access or strong authentication devices such as biometric identifiers you can always find somebody who has legitimate access to the information you want and trick them into giving it to you."
To drive that point home, the most relevant and valuable security advice I've ever heard is that any site is as secure as the nearest Xerox machine, floppy drive and briefcase. Or, in the words of my grandfather, "Locks keep honest people out." The lesson here is that no matter how much you spend on hardening your technological system, if your user community is not educated on the value of security, basic security processes and especially the vulnerabilities of the "human factor" that Mitnick refers to, your cause is most certainly lost.
Because we all are responsible for the design, implementation and sustenance of the BI systems that hold the most precious assets of the organization its information we are saddled with the greatest security challenge there is: easy, powerful and flexible access coupled with ironclad security. As we are increasingly mandated to open these resources to our customers and partners via the extranet, this challenge becomes even greater, because we must now contend with the general Internet hackers as well as the ones targeting internal corporate networks.
The myth of security runs deep in our corporate cultures. The blind faith I see corporations having in that myth is, I believe, the greatest danger we face. In his interview Michael Mitnick added, "It's naïve to assume that just installing a firewall is going to protect you from all potential security threats. That assumption creates a false sense of security, and having a false sense of security is worse than having no security at all."
To succeed, you must ensure that the most vulnerable point of attack, your human resources, receives the same level of attention and investment as your technology. If you don't, we all might be stumbling across your company's most precious assets while on a Web quest for a long-lost friend.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access