June saw the final round of the TDX Group cake bake off – the show-stopper round, and the celebratory afternoon tea. Now, I’m all for celebrating but it comes at a price; my diet app doesn’t like it!
Over the past 10 years I’ve been a slave to my weight. Like many people I’ve been on a range of diets, some successful and some not. I’m under no illusion and realise that the main blocker to my success is usually me, after all, most diets are simply a controlled way of restricting calorie intake while promoting exercise. The similarity I’d like to draw between dietary habits and information security is that applying them both successful is a tricky balance between control and manageability.
During periods of over-indulgence, I’m without restriction and, quite frankly, anything can happen… Imagine a world where nothing is controlled, colleagues are left to get on with their day without security controls or restrictions. No content filtering to slow down progress, no anti-spam software to get in the way of legitimate emails that sometimes get blocked, no policies, procedural controls or anti-virus, etc. Viruses would quickly and easily get into the network, information would soon get lost or become compromised and our business would fall over; the weight gets piled on.
At the other end of the scale you could imagine something from Mission Impossible; security through ultimate control. To access a system you enter a fort by passing through a guarded barrier with a photo ID proximity pass, you move on to another secure door with retina or fingerprint scanning, and then through a final secure door with a key-coded lock. Once inside you access a standalone system with no internet or network connectivity and use multi-factor authentication to log on to a PC which doesn’t permit removable media. Nice and secure and there are no ways for a virus to get in, or data to get out, but the day job is impossible and the user will soon start to look for cheats and workarounds. Those 500 calorie a day diets have such strict controls in place that it seems impossible to stick to them while retaining your sanity; losing weight is guaranteed, but it’s unfeasible as a long term solution.
So, we apply a risk managed approach which compares what colleagues want to do against the long term risk of them doing it; too much control and they can’t work effectively and look for insecure alternatives, too little and things start to fall over…
My best dieting successes have come from a blend of control and balance; everything in moderation. Losing control and having that big slice of cake won’t help with weight loss, and watching everyone eat while you stay in ultimate control may well send you crazy, but just a small slice will keep you happy and is unlikely to scupper the long term plan.
By Vicky Clayton – Information Security Officer, TDX Group