There’s a scene from the “Weird Al” Yankovic movie UHF where a child wins a contest and as a prize gets to drink from the fire hose. The hose is opened, and as expected, the child is blasted across the stage. Many of us may feel overwhelmed by the challenges presented by our jobs — but few of us face the exploding challenges presented to a modern-day network administrator. I find both the phrase “drinking from the fire hose” and the resulting blast across the stage appropriate descriptors of the challenges our network administrators face.
Way back in 1999, I had the opportunity to work with some highly talented network administrators at a public global telecommunications company. I learned about honey pots, open ports, hidden network and software backdoors, you name it. I was blown away when a lead administrator told me he logged more than 10,000 independent unauthorized network queries every day. Mind you, this was 1999, when a 56 kbps dial-up modem was “fast” Internet access and downloading songs took all night.
The general public and corporate managers often demand total security. They believe that with the software tools, firewalls, and other security apparatus available, our data and networks should be perfectly secured. They’re also woefully unaware of the dynamic challenges presented by hackers and careless users. Our network administrators are wearing themselves too thin attempting to plug every gap and secure everything from corporate trade secrets to Internet favorites.
As a slightly educated member of the public, I understood the problem but had no idea of any possible solution to the challenges — that is, until I had the opportunity recently to hear Theresa Payton speak at the Professional Liability Underwriting Society (PLUS) Cyber Symposium. She brilliantly surmised that perfect security is a fool’s errand. Rather, she said the goal of network administrators should be to identify critical assets they must secure and then do the best they can on all other aspects of the network.
Prioritizing tasks and duties could benefit all of us, but it’s especially important in technology security. All businesses, large and small, should identify the data assets that are essential and design systems and processes to protect them. They should be ready for the digital “fire hose” and ensure that its powerful and sudden data stream stands little chance of taking out their business.
Please email Shawn Dougherty at sdougherty@iso.com if you have any questions. Also, make sure to follow Shawn on Twitter @doughertyshawn.