Friday, 10 September 2010

Consumerisation of IT

There’s been a lot in the press during the last week about IT consumerisation, and how IT departments might become extinct if they continue a line of ‘command and control’.

In an ideal world, we’d let users buy whatever hardware and software they see fit to do their jobs. In certain environments this may actually work, but I imagine that for the most part, this would be a costly nightmare for the average IT department.

Is there a compromise? I think for the time being, allowing users to choose which software to use to process company data is something only the big players are likely to be able to achieve. If we let users buy their own hardware, you could consider providing a list of authorized devices.

If you don’t want to remove admin rights from a user’s PC, consider deploying a virtual desktop where you can comply with regulations and business needs for securing data. This way, you get the best of both worlds. It doesn’t have to be all or nothing.

Monday, 6 September 2010

A Strong Password Isn’t the Strongest Security

Great article over a the New York Times on password security.

“Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics.

Least Privilege Security, as part of a defence-in-depth security strategy, can help to keep keyloggers and other malware off users’ systems.

Herley continues by adding:

Security advice simply offers a bad cost-benefit tradeoff to users.

And according to the research:

“If an account is locked for 24 hours after three unsuccessful attempts,” they write, “a six-digit PIN can withstand 100 years of sustained attack.”