Tech & Work

Tech Tip: Why companies must share the responsibility of security

Find out why Jonathan Yarden says software developers aren't the only ones who should bear the responsibility of security.

By Jonathan Yarden

I recently read yet another press release criticizing the IT industry, specifically the software industry. This time, the report came from Business Roundtable, an organization composed of the chief executives of the largest U.S. corporations, who are collectively responsible for 10 million employees and $3.7 trillion in revenues.

In other words, these are the leaders of industry in America. But the same people who are criticizing the technology and software industry as a whole often remain utterly ignorant of the complexity of their own technological demands.

Obviously, we all are aware of the problems with reliable software; some exploit or worm hits the Internet on an almost weekly basis. Frankly, the "state of computing" in the United States is rather terrible, but is the software and technology to blame, or is our perception the problem?

The CEOs of America certainly have legitimate concerns about information security and the usability of technology. And I agree that software producers should bear the responsibility for making software more secure and reliable to the best of their abilities.

However, I would also argue that companies demanding secure software products that require minimal maintenance show a lack of true understanding of information security. Whether commercial or open source, all software has flaws.

Like an automobile, software requires maintenance and repairs, and support costs money, even if the software itself is free. Twenty-five years ago, the Internet was a research network, Windows didn't exist, and we relied predominantly on mainframes. Times have changed, and so must the corporation.

Companies might argue that their business is not technology, but they can't dispute the fact that most are completely dependent on technology. And being dependent on something that you don't understand is a risk.

Information security is not simple, nor is it cheap. The corporate boardrooms of America must realize this and begin to focus on technology education and information security for their companies as a whole.

As one person so eloquently said at an Internet security discussion I recently attended, corporations often spend considerably more money on office coffee than they do on information security. But perhaps spending more on information security would result in more long-term benefits and even help save money on coffee.

After all, IT pros can drink a lot of coffee when working long hours to fix problems that shouldn't exist in the first place had the corporation focused more on its own information security.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

Editor's Picks

Free Newsletters, In your Inbox