Personalizing Data Security Part 1

The problem with data security is that it isn't personal. Those who have the responsibility for security often don't have a personal stake. Sometimes, the issue is with jargon. So, let's have story time. What if your environment were a car? What if it wasn't someone else's data, but your child?

Let’s say you are a concerned parent. Your only daughter has just turned old enough to have her first car. You have shopped around for the right car to meet your needs and your budget, and you’ve bought something. But, now you need to make sure it’s safe. Not only does the law require you to meet certain requirements of auto safety, but would you feel terrible if something bad happened to your only daughter because you chose poorly? What about all of her friends who ride with her, and all the other people on the road?

Being fairly independent, you take what measures you can without consulting anyone else. You buy a book about what cars should look like, then you use it to look over the car you bought without going under the hood. The car has doors and tires. You know the car has an older engine that might or might not have problems. You aren’t sure, because you aren’t running the car or looking under the hood, you’re only eyeballing it. You know the car has some flaws, and that one of the headlights is shattered. But, while it’s clear the vehicle has been in at least one accident, there are plenty of cars running just fine on older engines, even some that have been in accidents before. It’s not really clear what the impact of any of this would be to your daughter. Besides, you have a very limited budget, and you can hardly afford to bang out every ding, paint over every scratch, and replace the engine with a newer one.
This is your basic vulnerability scan.

Now that you have a general picture, you know you’re going to have to spend some more money. The question is about where you should focus your dollars.

Now, you reach out for help. You decide to take the car to a mechanic, someone who knows a little more about cars than you do. You want the opinion of someone who deals in practical matters of automobiles, not just theoretical concepts of how cars drive. This person sees broken cars every day and helps people fix them. The mechanic offers you two services: a thorough once-over of the car, and a test drive. The thorough once over, he explains, will examine each part of the car individually and identify each issue where that part is not performing its individual function, but he won’t make any comments about how safe the vehicle is for your daughter over-all. The test drive, he explains, won’t find every flaw with the car, but he’ll set up the car on a test track that is designed to drive the car to its limits and he’ll run it through several situations that are all considered unsafe, and tell you what happens so that you can better understand what your daughter’s experience might be if she drives this car. 
On the surface, you think the more thorough approach is better. But, he tells you that it might be wise to have both services done, because even if he goes through a thorough check and fixes what he finds, there’s no good way to predict whether he’s gotten it all right unless he spins up the motor and gives the car a once-through. You see, each part works independently, but the overall function of the vehicle relies on those parts working successfully together. And it’s difficult to understand whether things are working together as expected without spinning them all up at the same time and using them in ways that realistically show danger.

What do you do? Explore further in the next post.

No comments: