June saw the final
round of the TDX Group cake bake off – the show-stopper round, and the
celebratory afternoon tea. Now, I’m all for celebrating but it comes at a
price; my diet app doesn’t like it!
Over the past 10
years I’ve been a slave to my weight. Like many people I’ve been on a range of
diets, some successful and some not. I’m under no illusion and realise
that the main blocker to my success is usually me, after all, most diets are
simply a controlled way of restricting calorie intake while promoting exercise.
The similarity I’d like to draw between dietary habits and information security
is that applying them both successful is a tricky balance between control and
manageability.
During periods of
over-indulgence, I’m without restriction and, quite frankly, anything can
happen… Imagine a world where nothing is controlled, colleagues are left to get
on with their day without security controls or restrictions. No content
filtering to slow down progress, no anti-spam software to get in the way of legitimate
emails that sometimes get blocked, no policies, procedural controls or anti-virus,
etc. Viruses would quickly and easily get into the network, information would
soon get lost or become compromised and our business would fall over; the
weight gets piled on.
At the other end of
the scale you could imagine something from Mission Impossible; security through
ultimate control. To access a system you enter a fort by passing through
a guarded barrier with a photo ID proximity pass, you move on to another secure
door with retina or fingerprint scanning, and then through a final secure door
with a key-coded lock. Once inside you access a standalone system with no
internet or network connectivity and use multi-factor authentication to log on
to a PC which doesn’t permit removable media. Nice and secure and there are
no ways for a virus to get in, or data to get out, but the day job is
impossible and the user will soon start to look for cheats and workarounds. Those
500 calorie a day diets have such strict controls in place that it seems
impossible to stick to them while retaining your sanity; losing weight is
guaranteed, but it’s unfeasible as a long term solution.
So, we apply a risk
managed approach which compares what colleagues want to do against the long
term risk of them doing it; too much control and they can’t work effectively
and look for insecure alternatives, too little and things start to fall over…
My best dieting
successes have come from a blend of control and balance; everything in
moderation. Losing control and having that big slice of cake won’t help
with weight loss, and watching everyone eat while you stay in ultimate control
may well send you crazy, but just a small slice will keep you happy and is
unlikely to scupper the long term plan.
By Vicky Clayton – Information Security Officer, TDX Group
No comments:
Post a Comment