electricfork.com: Security Through Functionality

Security Through Functionality

Posted Jan 21, 02:10 PM by ben

I was flipping through my aging moleskin this past weekend when I came across a one liner I had written.

A disadvantage [most security groups] face is the fact that we do not lead architecture changes that improve both security and functionality.
-10/07

It’s easy to lose sight of the ball and focus on restricting of data and permissions instead of enabling technologies securely. Security orgs should be quicker on the uptake instead of challenging every move IT or the business makes.
An easy example would be revamping remote connections to the network. Your company use OWA as the primary connection? Citrix or Terminal Server? SSL VPN? Delve deeper into the setup and find out if it’s meeting employees expectations. Then build a case for a better solution (VPN, Outlook over https, nfuse, whatever!).

// :: rant/ productivity

Comment

Commenting is closed for this article.

This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

about

charmsec

I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.

You can subscribe to my blog via rss , or if you're looking for older items check out my archive of previous posts.

I organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.

RSS