Security is often an afterthought…this is the case with programmers, network and application administrators, end users, business owners and executives. It is understandable to some degree; people are busy with trying to produce, make money, meet a deadline. So, then most people are focused on other things, completely unaware of the danger that lurks in the virtual world. This is why there are so many security breaches today. The breaches occur because we have not thought about how we can make it hard for people to do bad things. We have made it easy for ill-intentioned peoples to perform such nefarious deeds.

It is not likely that we will soon be able to cleanse the earth of such bad persons. You may ask then what is our recourse? For the most part, the people that perform such nefarious deeds are lazy. If we make their job a little bit harder, they will go elsewhere to make their money. If everybody makes the job of hacking a little bit harder perhaps these people will find a legitimate job? We could only hope.

Most organizations, small and large, have some sort of IT system in place. Some have a few computers and perhaps a local “tech person” that has some primary job and then also performs whatever IT functions come along. Then there are others; they may have large and dedicated IT divisions with hundreds of dedicated staff and even dedicated security staff. Both of these types of organizations seem to suffer from breaches and often find themselves in the news. This ought not to be so.

The cause for the small companies is usually the lack of awareness and knowledge. The cause for the larger companies is the lack of a different type of awareness and a different type of knowledge. Coupled with this is an intrenched way of doing business from processes and procedures to cultures that are hard to change in order to properly implement proper security.

There is a solution to this: Iterative education and iterative implementation of Security Principles. Follow along in this blog for more understanding of Security Architecture and how it can provide a strategic view and tactical solutions to the security problems we face today.