Tag Archives: network security

The Dark Side of IT

There has been a lot in the news lately about spying and the associated technologies used to aid said spying. Because of a leak by a contractor, it has been revealed that the US National Security Agency (NSA) has used a number of different technologies, including e-mail and phone surveillance, to spy on enemies of the state as well as regular citizenry identified as potential terrorists.

Technologies

In a recent New York Times post, author Vikas Bajaj suggests that “consumers have traded convenience for privacy”. We have the technology already to track the Internet activity of an individual. This includes e-mail archives and digital phone records, including conversations. With the advent of digital consumer technology, storing 1’s and 0’s is easy and increasingly more affordable with efficient data storage. The tools around big data make it easier to sort and pinpoint a particular thread. It is easy to capture, easy to store, and easy to sort. As an Internet consumer, is there more that we should know about these tools to be informed of our privacy and dealings?

Responsibility

When it comes to digital surveillance, what is our responsibility as a consumer? What is our responsibility as an IT practitioner? As a consumer of all things digital, I think it is our responsibility to understand the extent of which our presence is being tracked and understand that our activity on the Internet is not as private as we think. Think before you share all of your deepest, darkest secrets on Facebook. The old adage applies—“never do anything you wouldn’t want your mom to read about in the morning paper.” As IT practitioners, we may be called upon to gather data or turn over records to comply with a subpoena or court order. It is our responsibility to understand to what extent our customers and employees are protected in terms of privacy. Do you understand your company’s privacy policies? Are your customers and their records protected to some extent?

Solutions

The first solution is mentioned above and that is: be a smart consumer. Understand your presence on the Internet. Understand which sites provide a basic level of security and understand how your information moves about the Internet. The second is to understand and employ encryption techniques. This is especially important when handling customer personally identifiable information or PII. Make sure that this data is encrypted within your systems and while traveling across the network. Keep your own personal information secure and encrypted as well. Also, as an IT professional and a citizen of the cloud, you need to understand some of the techniques for preserving data such as private networks and private cloud computing.

Thoughts

Be aware before you share. Of course, all of the technology in the world is not going to stop your information from being extracted via a court order and, hopefully, you are never in that situation. For us upstanding citizens, it is imperative that we know how we are protected and how private and confidential our conversations and data really are or are not.

Do you stop to think about your privacy? Let me know your thoughts.

 

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.

Am I in Heaven Yet?

shutterstock_127066418Cloud computing has been a buzz-word for a number of years now. Perhaps because it is such a nebulous/ethereal term (cloud?) that has been used to describe a number of different configurations and scenarios. You are most likely using some sort of cloud computing already but it is worth asking the hard questions to make sure you have the basics covered.

History

Cloud computing refers simply to the fact that your application or data is no longer on a computer that you can touch. It is hosted in a remote computer room in another city, another, state, or another country. In the “cloud”. What brought about this change, and why haven’t we always done it this way? One of the big reasons is the rising abundance and speed of networking. It used to be that your computer or terminal was tied directly to the computer in the computer room. Through better networking technology, the machine in the computer room and the computer in your hands became further and further separated until it was no longer necessary to have a dedicated room in every building. Better network security schemes has also increased this geographic gap.

Is cloud computing all tea and roses or are there still some lingering concerns? Think about these issues when creating or expanding your cloud computing strategy:

Security

If you contract with a large service provider such as Google or Amazon or IBM to host your application or data, your confidential information will be sitting in the same data center as another customer or perhaps even your competitor. Is the “wall” around your data secure enough to keep your information confidential. When your information is traveling to and from the data center over the network, is it secure? Has it been encrypted for the trip? Do you trust all of your information to the cloud or just the non-critical pieces?

Scale

Is your application and data usage large enough to warrant cloud computing? If you are a small company or non-profit agency, the setup for hosting your applications and data may swamp your entire IT budget. Some application service providers only cater to large customers with millions of transactions per month. If you don’t fall into that category then perhaps your IT person is just what you need. At the other end of the scale, some small companies or agencies use free services such as Dropbox or Google Docs. If this is the case, then check your assumptions about security.

Applications

Some applications such as customer relationship management (CRM) or simple e-mail or backups may be easily offloaded to another provider. Other applications may be complex or proprietary to the point where it makes more sense to keep them closer to the vest. They might still be a candidate in the future as you peel back the layers of legacy and move toward standard applications.

These are all questions to consider when formulating your cloud computing strategy. It can be a real cost savings to offload your computing to another provider but without careful consideration, it can become a complexity you did not bargain for. What keeps you up at night in terms of your cloud computing strategy?

 

About Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.