I am thinking a lot about security now, since a discussion last week on security in the 2.0 Enterprise – where the conclusion was that we need to get away from perimeter security and over towards something asset-based, i.e. securing what really matters and not faking security by having showy and inconvenient moats and drawbridges.
This funny but deeply serious article in The Atlantic takes on the example of airport security with all its symbols and holes. As Bruce Schneier (a real security expert) repeatedly has pointed out, hijackers can no longer get into the cockpit. Furthermore, passengers would attack hijackers on sight, rather than cooperate with them. Hence, the bluff that got the 9/11 hijackers in control of four airplanes will no longer work.
But we persist in implementing security that does little but increase the cost of flying, inconveniencing everyone, and, ironically, making flying (or, at least, turning up at the airport) less secure. As the article points out, the most dangerous place in the airport is where many people are waiting closely together in an unsecured area. In other words, in the security control line, perfect in case somebody wants to repeat the Lod airport massacre.
I am an information manage from Shanghai China , this article caused my strong resonance.
Sometimes, especially, in the budget season, we need convince company Board Committee to approve flying investment for security consideration. As the company management principle, if something related to security, the thing definitely will be listed as top priority. So on one hand, even as the head of information management department, I cannot 100% guarantee the huge investment is properly and no over investment here. On another hand, even so significant cost has been pour into the information safeguard, we so still in the fear state of the malicious attack all days. Numerous audit to policy, process, procedure, operation, and audit to audit
Another major concern is, sometime I feel we seem to plunge into the dilemma, one side is, with the technology rapidly advance, the innovation play more and more important role in the competition advantage, Ironically, due to the security concern, the limitation of new technology become more and more stringent. The technology application has been strict contained and limited.
How to balance the security and efficiency and reach the harmony state are the hard challenge we face currently indeed.