Nonsequittal Rumblings

When more and more data are exchanged between the different parties in digital format, especially over some networks such as the Internet, data security becomes a big concern. My entry about phishing is one of those concerns. And to better protect the confidential information, some systems implement a system that lets password expire every so often, unless you change it to the new password before that expiration data.

Such is the case at where I work, and this includes all the passwords used within business applications embedded in them. And we had a fiasco because of it this morning – 1 password expired, and that broke one of the main pages on our extranet site, as well as a part of the intranet. It took about 2 hours to fix it all. Since it is relatively low profile web site (we only got under 30 inquiries while it was down *sigh*), the impact is somewhat small. I can’t imagine such thing happening to a major sites that we ALL might be using, such as CNN or BBC…

So, a question : would it be better to take the security as top priority, or take the smooth running of business application?
For example, from my view point, Microsoft took better application was picked over the security. I saw this in their Office application – they put more ways to automate tasks, and to integrate different systems together. Including their Visual Basic macro system, integration of HTML in the e-mail system, better coupling of Internet Explorer with Windows operating system as a whole, etc… This just opened up a whole bunch of security holes. (The lack of security awareness on the end users also is a concern, but we won’t talk about it here.) In the beginning, it all makes sense – you can automate things better, things run faster, and you get to be more productive. And more productive you are, you’re doing more good to the entity you are working for.

At the same time, if all those things you’ve worked for also leads to security compromise, that’s a problem. If the lack of the security system loses the trust of your business partners, what would happen? Lost business opportunities, lost revenue, all those bad things. So, the answer is simple – the security must come first, no exceptions.

That’s why the expiring password, in this case, is actually a good thing.

Still, having one of the major communication device also hurts our business. We can’t just say we just have a good security system. There must be a well-established business practice to support such scheme to prevent any system outages – better communication, better documentation, better process streamlining, etc. Yup… that’s what I’ll be working on today…

This entry was posted on Monday, September 27th, 2004 at 2:08 pm and is filed under PC. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.