Everyone has a heighten awareness of security these days, or at least they should have. Working in the manufacturing industry sometimes it seems that security is being sure you fasten your seat belt when you get in your car to drive to or from work. That’s where security ends for many.
Seriously, it’s not as bad as that but it is a lower priority then perhaps many other industries. As an I.T. Manager I’ve ensured all the normal security precautions to safeguard our network and data. Physical security, firewalls, frequently changing passwords with minimum number of characters, secure wireless, encrypted https communications, anti-spam, anti-virus, automatic patches pushed out to our clients, and a number of other measures are utilized as required. However, convenience still out weights security in certain matters. Many employees are using USB flash drives to transport presentations and to take work home. While I love how handy those devices are, as an I.T. Manager who’s concerned about security they scare me to death. I know that people are carrying data back and forth that have no business doing so. We do have rules about these devices, but these rules leave the management and control in the hands of local departmental managers. So in reality it’s not being managed. Any effort by I.T. to eliminate or tightly control these devices company wide at this point would be met with strong opposition and little true support.
There have been some hopeful signs as of late with a newly formed Information Security Project being strongly pushed from headquarters. I’ve been volunteered as project leader for the North American sites. The brightest point of this project is that it’s not an I.T. project. Facilities, Management, HR/Legal, Education/Training are equally involved. Someone, somewhere, finally realized that security is not just about I.T.
The hardest part of this project will be trying to change the mindset of management and employees at each of our sites. Security is not something you can talk about in meetings then ignore in your day-to-day operations. Security has to be built into the work flow process and there has to be discipline to follow this process all the time. There is also a real cost to security. Some measures require the proper tools, manpower, or addition steps, to identify, monitor, and safeguard, conditions. Unless management sees security as a priority they often are unwilling to invest where there does not appear to be a direct payback. It’s a game of defense, preventing something bad from happening that could cause damage to the company or worst to an associate of the company. It’s often a slow process and a matter of changing people’s priorities. You have to keep grinding the importance into peoples heads. You have to keep telling them it’s a priority!
I think those USB flash drives will be restricted from the company…but it may be two years before it happens.
Technorati Tags: Business, I.T., Manufacturing, security, Work