Network Security and how profit margins that kill it!
You read in the news almost daily
about data breaches and users personal information being sold on the scary dark
web. As an IT specialist who assists in managing many environments I always
think about this. I read these stories and wonder if I would know if my
customers data was slipping away before it reach the auction block.
If this does
not make me paranoid enough I then begin to think about the rest of the team I work
with. Are they taking security as serious as they should?
Well from my
perspective such as it is I want to point out where I feel we are failing as
network administrators in most cases. I say most because I know there are some administrators
and security experts out there who build a fortress around there networks and
are exactly what is needed in the coming days.
The biggest
hurdle with security will always be the budget. Getting any money to fund
something that is not visible and has not happened yet is a lesson in futility
in many cases. This challenge is hard enough when you are employed by a single
company and are on their payroll where your salary affords a fair bit of time
to manage and implement these types of projects. However if you’re an MSP or an MSSP you can
pretty much throw this out the window and start searching for the holy grail.
This has a higher chance of success in many cases.
First off even if you do manage to score additional hours or
funding for a project more often than not it somehow never ends up being
utilized for the project. The big push as an MSP/MSSP is to close tickets and
projects in the shortest amount of time possible. This is what drives profits
so I get it. However everyone is so worried about getting every cent and then squirrelling
it away that it makes it very difficult to achieve a desired end goal.
The sales team closes the deal and then hands it off to the
technician to implement. Often this is done with limited plan time in front of
performing any work. The project is often cobbled together on the fly. Then it
is being pushed along at a fast pace leading to corner cutting and not always
fully implementing all of the elements of the project that would have led to a
full solution. As an example I see all the time the purchase of an enterprise
level firewall with full UTM features and it gets deployed like an 80’s edge
firewall with none of the next generation features configured. The reason is
simple. It has an initial impact on the customer as things are adjusted and
adapted to the customer’s specific needs while providing the highest protection.
This drives up setup and implementation time thus reducing profits.
The reason this
happens is because often there is a trust by the customer that there getting
the full feature setup they paid for and often the job is completed and just
quietly begins working. Or so it seems from the customer’s perspective. They often have no idea until someone comes
along and tells them the truth or something gets compromised and everyone is
scrambling to find out why.
If your profits margins drive your security model then one
day you’re going to end up in the news painted in a bad light. I believe in your
network you start with security as the first priority. Then build the rest of
your infrastructure around that. Including your staffs feelings on difficult
passwords and browsing wants. If your breached even once you’re going to pay
significantly more than it would have costed you to do the job properly in the
first place. Second if your contracting your IT to an MSP/MSSP you need to
educate yourself enough to audit the work performed or pay someone independent to
do this for you. Everyone is responsible for ensuring the security of the data
there collecting. Ignorance will not save you if your caught negligent in
protecting your customers data.
So my final thoughts are to the people doing the work. Whether
you work for a company as an IT or your there as a contracted MSP/MSSP you need
to have integrity. Don’t be afraid to say no to a job if it means compromising
your final product. In the end its your name that will be in the front of the
pact if things go bad. Consider how much that extra couple dollars is worth to
you in the long term if your work is rushed and sloppy. Treat every job like you’re
going to put it on display for scrutiny by your peers.
Always challenge your mind!