re: Anonymous Vs. DNS System: Lessons For Enterprise IT
Kudos to the DNS Root Servers Team!
People keep whining about groups like Anon but it really is true that you have to own your own system and it's daily needs. I have seen far to many companies rely on vendors who don't write clean code. The companies cry ignorance, and the vendors cry it wasn't their fault it's still just delusional. This problem is epidemic and the implications are deadly to business. There is a cure though, SELF RESPONSIBILITY!
I know it's a quaint old concept, but if a system is compromised, someone has not done their job. Yes it is that simple. Either a software vendor released code that was not Properly tested (ahem Apple, Microsoft, Cisco, Adobe to start with) or a Network Administrator did not keep up with updates/configurations/testing or a business owner has attempted to "Outsource the Responsibility" for their IT presence. (You do know the "cloud" is not a magic miracle fairy land of IT solutions, but more like the worst nightmare for securing sensitive data/resources? Really?)
The basics of security have not really changed since the first human wanted to keep a secret from another human. The basics of IT are the same since it's birth, people may change the tools they use and the form of the data, but the challenge is the same.
"Make my data available to me wherever I am, whenever I want, no matter how big the bulk, using or abusing any tool I want, instantaneously. Oh, and as an afterthought secure it from everybody else unless I want them to see it until I change my mind."
Heavens forbid these people are forced to take responsibility for the un-sane desires fulfilled. Groups like Anon and LULZ are a mixed bag, when they stand up and shout "The emperor is Nekkid!" that's one thing. We point and laugh. But when they start poking the emperor in the vulnerables, then it's not so funny because we must look at ourselves and see the state of our own clothes (or lack thereof.) The warnings are there and have been delivered, business intrusions are close to being UN-insurable losses because vendors, manager, and owners are implementing at "no feature show-stoppers" versus "no security show-stoppers." Vendors please have some real pride in your product instead of releasing beta code and using the public to debug it for you. Owners realize that you now are holding a machine with more power that a super-computer mainframe of the 70's... as a phone. You are responsible for what it does, how it is treated, how it is secure and safe. Don't lose that feeling of awe. You are indeed a teenager learning to drive dad's car. IT staff, you have a tough job. The business really does believe in you, but they don't understand the implications of their demands. And no don't try to explain it to them, they really don't get it or even want to. So take the stand, say "NO, not Yet" when it's clear the desire will endanger the company. But at the same time, find a solution for the board room that Will work. If that means they must give up their i-toys for another vendor that has security and stability as a higher priority, then that is what they get.
When pressed, all you have to say is "Sure you can use your i-toy here as long as you sign this document making you personally financially responsible for the business losses that will occur due to your decision, standard company policy. I am happy to assist you in this matter." Your insurance company will love you for it.