Friday, 3 July 2009

Cheap as chips, safe as... chips.

I'm constantly amazed at how little strategy there is in most organisations. It doesn't matter how big or how small, I have rarely come across an organisation that has a fully joined up security strategy, which makes sense.

If you think you are one of these people, please set me straight, invite me in. I might stay.

I have been speaking to some people recently who have a large say in standards throughout financial services. I'm not going to name them as it would be embarrassing for them. They have created products in the past which are poor to say the least. Now they are backing an even poorer choice. I wonder how much of this is based on a friendship between directors, or a financial reward already spent.

Sadly there is still far too much of this going on in security. When will people learn that the cheapest solution WILL LET YOU DOWN. There are project processes like Prince, RUP, etc. for a reason. You NEED to know requirements before you install a product. Just because you get the licenses for a pound, doesn't mean it's the best solution to your problem.

I'm shaking my head whilst I write this, because that looks even more ridiculous when I write it down, and yet that's exactly what Safeboot did to the NHS. The NHS was using PGP for Whole Disk, now they are using Safeboot because it was £1 a license. Of course the support budget next year will make up for the massive losses they made, when they jack the prices back up again + the extra for license costs.

The sad thing - the NHS now needs secure email, which would have cost them just another £10 per seat with PGP, and they're stuck having to go back through the whole process again, back to tender, and will come out with another product, probably one which is the cheapest, and it won't do exactly what they want.

OK, I know it's easy to point out mistakes after the event, but is there really any excuse for this sort of behaviour from so-called security companies? Is this really the way to encourage "strategy"? Wake up people... the government of this country is already a laughing stock, don't feed them ammunition.

No comments: