Friday, January 11, 2013

Security from salesmen



 Why do security break-ins occur?  From my experience, it's because someone didn't do their due diligence.  My company hasn't had a security breach.  But we've had plenty of knuckleheads that want us to open up a port on our corporate firewall so their widget can offer some amazing service.  As sales people, they are trained to say whatever it takes to make a sale.  Sometimes, the argument gets a little contentious.  

The problem is, I was trained by people who understood security as a life or death matter.  They took it all very seriously and fought to the ends to prevent anything whatsoever from happening.  The effects of a security breach are always dead friends.  Those people did their due diligence because they instinctively knew that seconds after the breach, someone would be trying to put a bullet in their brain.  In everything they do, they were absolute professionals. 

Transitioning to the civilian world, it's no different.  In a corporate environment, a breach can mean the death of your company.  Encrypted data, unencrypted data... it doesn't matter.  Perception is the truth, no matter how wrong the perception is.  If nothing else, my study of media has taught me that you don't have to be right, you just have to scream the loudest for the longest and put together the right graphics. 

With that in mind, I know that a breach would destroy the company I work for.  It wouldn't matter what really happened.  The entire town would know we were broken in to and no one would ever shop there again.  And I'd be out of a job.  And I'm especially not giving up my livelihood because some knucklehead salesman that doesn't even know what parts of IIS need configured on Windows Server 2008 to make their product work hasn't got the ability to think around corners. 

Luckily, I can think around corners.  And in the end, no ports have to be opened.  If it's an email campaign, then realize HTML email is just a series of links and formatting sent in plain text.  The interpretation layer of your web browser does all the real heavy lifting.  So why not store all those images that "required" me to open port 80 on my corporate firewall with our offsite, 3rd party webhosting service?

Open port 80?  Are you out of your mind?

Learn your job and learn how your equipment works before coming to me with a ridiculous request.  
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)