Protecting Data a Lot Like Raising Children

By Hans Holmer, Intelligent Decisions on April 19, 2016 | |
Security Industry Association (SIA)

Having a computer-based infrastructure is a lot like having kids. Both are very smart—too smart for their own good in many cases—and need a lot of planning to keep them safe and secure. You child-proofed your home before your child was born, and you probably still worry for your kid even now when they are bringing up their kids.

Odds are that the entire security infrastructure you build or own is based on embedded and free-standing computers. You, however, are just beginning to realize that all these computers can be misused if not correctly configured and maintained. And you are going to come to grips with that.

Like child rearing, the first step toward running secure networks is to define what you are protecting and who is responsible. With children, you are responsible and you are protecting the physical and mental capabilities of the children to allow them to prosper in the future. Your computer networks are the same. You can delegate responsibility for their security but you are the executive. What you are protecting is the data, processes and cash flows that rest on and transit the networks.

Before your kid was born, you probably read Dr. Seuss or some other eminent writer on how to bring up kids. Based on what you learned from those books, you decided what you wanted your kids to be like as a result of your parenting. Once your kid was born, you discovered that they were born with their own personality and appetite for risk. Different kinds of computers also have their own personalities, called operating systems, and different vulnerabilities, or risk appetites if you please. As the parent of a network, your job is to ensure that those vulnerabilities do not harm your kid, to mix the metaphors thoroughly.

You have told your kid the same thing in many different ways at many different times, constantly struggling to make something you consider obvious equally obvious to your kid. Then, suddenly one day, you hit on just the right formulation that your kid is in just the right place to internalize and you are done – until you discover that their perspective changed. Computer networks also can be secure and then turn insecure as the network topology changes or a new vulnerability is discovered. Being a parent never ends.

Congratulations on your new found acceptance of your responsibilities as the parent of a computer network which will give you days of security and nights of worry about whether you are doing the right thing. The SIA Cybersecurity Advisory Board will be the Dr. Seuss of network security and will frequently say and write things which sound just as weird as a Dr. Seuss book. We aim to provide you with a structure that allows you to define what you need to do and how to do it, just as we all do with our kids. It all begins with a plan.

Last week, the SIA Cybersecurity Advisory Board published a Beginner’s Guide to Product and System Cyber-Hardening.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association (SIA).