Information Technology Reference
In-Depth Information
proper VPN solution and 1995 was not that long ago. Today it is standard and there is a
standard of due care. This standard involves the administrator of a large organisation
whose main concern is to do whatever is considered good enough. This means you have
to install an anti-virus not because you think that an anti-virus actually prevents a virus
from coming in, but you know you have to install it to safeguard your job. Because if
someone breaks into the organisation and it turns out that you did not have an anti-virus,
then you are in trouble. So you did what you could, you installed a firewall. However,
80% of the firewalls that I have seen are not protecting anything. This is still within a
standard of due care because you as the administrator did whatever was necessary. If
someone manages to break into your organisation, you fire the person responsible for
configuring the firewall. Now do you have to deploy more serious security measures?
Well today no. In the near future I am sure you will have to, because it will be
considered a must. Do you have to include an intrusion detection component into your
organisation today? No. We do not do any intrusion detectors, so I am not trying to
promote that, but will you have to include these in the future. I am sure you will, for it
not, you are taking the minimal responsibility as an officer of the organisation.
If you look back at the level of security that existed in organisations not so long ago
and at organisations that you see today, you see that certainly it is growing at a very fast
pace. The budgets for security are growing even faster knowing the economic situation.
When I visit large organisations, there are a lot of people that are paid for dealing with
security. Whether I am always happy with their choices or not is a different matter but
there are large budgets for those who have to be concerned with it. Do you have to
encrypt all the information in an HR department of your organisation? In my opinion
you do, but it is still above the standard of due care. Will it be above the standard of due
care in a couple of years from now? I think not. I think that the various regulations that I
spoke about earlier will force people to use it. I think that if you go to a hospital today
and you see a doctor apply some medical care to someone and afterwards just scribble
something, in a couple of years that transaction will have to be digitally signed. And
when you try investigating who authorised that transaction you will be able to trace
exactly who did that. As a small comment, I do not believe that people are worried about
entering their Visa or Mastercard numbers on the Internet. I think that it has been proven
in the last couple of years that people are not afraid as various remedies allow people to
feel more secure. There is now a very successful initiative by Visa called visa-secured or
TRIDSSL that has been gaining momentum very quickly recently. We sell a certain
component for visa-secured TRIDSSL, so I know the demand for it. Suddenly all the
financial organisations that I know of are asking for visa-secured TRIDSSL solutions
and, by the way, is it secure? From a professional point of view it is a very non-secure
algorithm. But I think it is a very good approach even though we know it is not secure,
because this is a reaction to the set standard. If you remember, we had users, merchants,
financial organisations and keys where exchange was properly done and everything was
signed properly, but there was a problem which was so complex that no-one actually
went ahead and implemented it. So Visa declared it did not care that it was not as secure
as it could be; it was good enough for its business. It would take a calculated risk as it
knew how to manage the risk and would go for a slightly less secure system that was
much easier for merchants, financial organisations and users. And Visa went ahead and
defined visa-secure Mastercard. By the way, they are following through with a very
similar standard and within a short time we will see that this has been deployed by many
organisations. Just because I mention visa-secure I also feel it is my responsibility to tell
Search WWH ::
Custom Search