10 Things That Used to be Good Ideas in Data Security

By Mike Winkler

Data security has two objectives and only two: To keep our company’s assets safe from improper users, and to make it available to the proper ones.
We continually make the same human nature mistakes again and again in pursuit of these two deceptively complex objectives. In 10 Things that Used to be Good Ideas in Data Security, author Mike Winkler discusses how we let old ideas, some of which used to be good, keep us from making the right decisions; social inertia meets the pace of unending change. Data sec is a huge puzzle; a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.

• Language: English
• Publisher: Mike Winkler
• Release date: Jul 30, 2014
• ISBN: 9781311371751

Mike Winkler

An engineer by day, Mike Winkler spends his free time creating new universes, imagining “alternities,” and crafting truly original characters. His adventures are large-scale and centered on human relationships, even if the characters are very tall lizard men, immortal warriors, or ultimate weapons at the end of time.When not constructing stories, he’s building solar power systems, practicing yoga, chowing down on a hamburger while surrounded by vegetarians, or off playing games with Meg. His writing portfolio includes a variety of fiction and technical works.Mike has been photographed with the likes of fellow author and partner Meg Winkler, various people in costume, and the Rosetta Stone. If he could meet any person, living or dead, he’d travel back in time to meet Winston Churchill on his worst day.

Book preview

10 Things That Used to be Good Ideas in Data Security

by Mike Winkler, CISSP

10 Things That Used to be Good Ideas in Data Security

Mike Winkler

Published by Brainy Babe Micro Pub at Smashwords

Smashwords Edition on the next line.

Copyright © 2014 Mike Winkler

Cover Design by Meg Winkler

Cover Image @kraft2727- Fotolia.com

All rights reserved.

Smashwords Edition, License Notes

This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to your favorite ebook retailer and purchase your own copy. Thank you for respecting the hard work of this author.

Foreword

There is a misconception that an informational book or document must be written in a very formal (boring) way. Scores upon scores of technical books line the shelves of bookstores that present authors’ opinions and advice in stanch sentence structure and in a commanding tone. The reader is often instructed about what to do and what not to do in dry fashion, but this is not how things have to be.

The Internet age, bloggers, popular media outlets, and even social media have changed the way that we communicate via the written word. So, while you may be expecting a very formal book, what you hold in your hands is something more along the lines of sharing a conversation with a friend over a good cup of coffee. The author’s suggestions are merely that: suggestions. He offers them to you in order for you to consider them, edit them, and ultimately make them your own.

10 Things that Used to be Good Ideas in Data Security is an invitation to explore other options in data security, in the way that you relate to customers, coworkers, and auditors. This publication is designed to provide accurate and authoritative information in regard to the subject matter, but with the understanding that the publisher and author are not engaged in rendering psychological, financial, legal, or other professional services. I ask that as you read this publication, you use your best judgment regarding its suggestions. I sincerely hope that you find it as enjoyable as I have.

Megan Winkler, MA

Brainy Babe Micro Pub

10 Things That Used to be Good Ideas in Data Security

Who are you talking to here, Mike?

Am I wasting my time if I am not a CISO? Or am I wasting my time if I am?

The answer is no either way. I know every author of every book claims it is perfect for all readers. Nearly all of them are lying, or at least fluffing a bit to increase sales. Instead of claiming that I have written the universal business book I want to suggest that data security is a puzzle. It would be bad enough if it were just one of those horrible 10,000 piece table-puzzles my uncle used to do. What we have is a puzzle in which the edges keep moving, the shapes of the pieces change, and no matter how good or fast we are, the puzzle will never be finished in time, because it is never finished.

What I hope to bring to you is a guide to your piece of the puzzle. The newest system admin has fresh eyes and can see what the CISO cannot. The Security Director sees how much work things are to manage in a way that the higher ups can’t see. The CISO can (hopefully) see the big picture in order to use it in guiding the company.

In a constantly changing puzzle, we are all trying to achieve two things: 1) keep our company’s assets safe from improper users, and 2) make them available to the proper ones. Those two simple concepts are the job. Many of us often lose sight of this primal fact: data security has those two objectives and only those two. I am aware I am far from the first writer to talk about needing the balance between them. My objective here is to teach a little to each of us, whatever our job function, about how to do this without falling into the pitfalls of old ideas and old techniques.

In the modern world to be an educated IT consumer, you must understand the motives of your suppliers and manufacturers. A lot of what we talk about here is about insight (no pun intended) into what is motivating the vendors. It would be easy if the whole argument were the price wrangling in the finance offices at the end of the deal cycle. The truth is that there is a complex web of forces acting on them (and us) that forms their offerings and alters the way they deal with the buying public. Sun Tzu talked about the value of knowing your enemy. I would never go so far as to say that your vendors and service provider are the enemy, but knowing what drives them will never work against you.

Good communication is hard work; an old boss taught me that, and it took me years to internalize all that it means. The nuances in the case of 10 Things are a bit different. The trusted experts in your environment have very likely gotten myopic on some topics of their expertise: you can depend on that fact in every network of any size. It is a basic human trait to find a comfortable niche in an ever-changing world—it is also what will get you malicious outage or a data loss. Depend on it. If each of us can communicate about our view on the metamorphic (and metaphoric!) puzzle we have, maybe we can do a better job of solving it.

The presented problem should come with a presented solution

This is true with marriage, a company, or a lunch decision. Any time you present a problem you should be prepared to present a solution to the problem you brought, even if this is just brainstorming with the team about what the next set of answers is. For each of the problems presented here in 10 Things, I will present at least one way out of it. Solutions are what we should be looking for every day; otherwise we are just griping. As you will find in the reading of this work, one of my least favorite things in the whole world is the griping that goes on for the sake of griping.

A thought on name dropping, rants, and product recommendations

Anyone looking me up will see I have been on the vendor side of the tech industry for a long time. No vendor or service provider is giving any input (other than their public Web pages) or is compensating me in any way for my words. When I recommend people, they are from my heart and my experience. When I talk about products that solve problems, in no way do I imply that they are the only brand and only solution in that space. If I recommend VMware ACE, I am not saying anything bad about the competing Citrix product, just that I have used the VMware and it performed well.

There are places where I slam products and product philosophies. Poor Microsoft has become a target for this; they are part of what is a growing group of criticism magnets. As is true with my