by Bryon D Beilman
How good is your security? Do you know where the entry points to your network are or where your vulnerabilities lie?
There is comfort in knowing where your vulnerabilities are and having the ability to make decisions about what is important to your business. While some things are important to one person or company, they may not be important to another. It is also more dangerous to think you are protected while you are not. As an example:
I could come up with a list of questions that would stream down this page, but my real points are the following. Security by Obscurity is not real security and you should know the state of your network security so you can make decisions about what is important to you. We have consulted for a number of clients where we have take over for another IT company or person. When we do the transitional analysis we find that they have ports open that the previous IT company opened up for convenience that bypassed the VPN. We have also found that some people make technology overly complex and the security appears to be in place, but it is so complex, that it is difficult to determine the functionality and when you do peel the onion, it is not secure at all, but complex or obscure.
As a business owner or someone responsible for the business, you may have contracts that state that your customer data meets some criteria that is now being violated and you are not aware of it. On the other side, you may know that some security issues are present, but your budget does not support the improvement of this situation, so you have made an informed decision.
Simply put, most good solutions are elegant solutions and not overly complex or obscure. It is important that you know the state of your network and data security and that the vulnerabilities or entry points can be explained and documented. Hiding or obscuring this information is dangerous to you and your business. Make sure you understand your risks.