|
|
|
|
|
 |
|
|
By Daryl Lim - Jan 23, 2007 Digital Life, The Straits Times RON MORITZ
According to Mr Ron Moritz, that is the chief reason why security is still very much built upon knee-jerk reactions instead of the age-old adage that prevention is better than cure. Mr Moritz is no stranger to the computer security industry, having helped found security firm Finjan before moving on to Symantec in 2000. He then left to start his own company, Moritz Technology Corporation, before signing on with CA in 2002. He's also a Certified Information Systems Security Professional (CISSP) - a coveted qualification for IT security practitioners. Today, as the chief security strategist of the world's fifth largest independent software company, Mr Moritz oversees the business planning and strategy for CA's security solutions unit. In town last week to keynote Frost and Sullivan's Secure Enterprise Summit 2007, Mr Moritz told Digital Life about the need for corporate leaders to take responsibility in ensuring strong compliance within their organisation on security issues, and how home and small business users can protect themselves. Why has information security traditionally remained a technical issue that has stayed out of the corporate boardroom? This is partly the fault of the technology people. The industry and individual IT departments have always worked separately from the rest of the firm, with their own technical language. That hasn't helped executives understand what the security department does. Another problem is that good security systems are designed to be transparent to the user. That means IT security isn't a job with high visibility and so the boardroom generally doesn't pay too much attention. We can change this. Security needs to be seen not as something that protects an organisation, but rather as something that helps and enables an organisation to perform better. Things are improving, though. I can say it's much better to be a security professional today than it was 20 years ago, when I started out in the business. What about smaller firms, like home businesses, who can't afford the expensive solutions security firms provide? I think that's a question of what it means to afford. I once bought a product online from a one-man business and paid by credit card. When I received the goods, I noticed the invoice was a printout of a webpage. So I got on my computer and typed in the address at the bottom of the printout. Amazingly enough, my invoice appeared on my screen. So I got to wondering, what would happen if I changed the invoice number in the web address? Sure enough, someone else's invoice appeared! This example just illustrates what kind of damage poor IT security can do to a small business. Someone could perform data mining to extract your customer information or study your company's sales figures without you knowing. There are many smaller consultancies geared towards offering more affordable packages for small businesses, and there's no excuse not to seek their help. You have a CISSP qualification. How much do paper qualifications count for in the security business? Well, there are those who believe testing is a skill, and some people just don't test well. But I've also met my fair share of people who collect qualifications as if it were a hobby of some sort. Qualifications are part of the hiring process, and it's possible to hire someone with the right letters behind his name but who's a bad employee and has little practical skill. But I don't believe the industry excludes skilled practitioners who lack paper qualifications. How does the imminent release of Microsoft's Vista operating system and its foray into computer security through its OneCare service affect the market and consumers? There have been many consumers who've always wanted to have a service to secure their computer that is integrated with the operating system, and an equal number of detractors that argue the security should be external. I think many tech industry people have underestimated the kind of impact that Microsoft has on the markets it enters. A move into the IT security market and making Windows more secure through Vista will definitely gain traction with those users who want their security applications simplified. So I feel the impact will be more greatly felt on companies like Symantec and McAfee since they have large shares of the home consumer and Soho market.
|
|
|
