Untitled Document

	Professional I.T. Services
about nimble • services • case studies • Cost Effective IT • careers • investors • home

Cost-Effective IT: Security Part I

Cost-Effective IT: Security Part I, by Richard Sonnier

Houston Business Show "Advisor" Richard Sonnier, of the Information Technology Services firm Nimble Services, Inc., provides weekly information on our show about business technology issues. He can be reached at 281-445-4800 x250 or rsonnier@nimbleservices.com.

This week I will discuss IT security.

What is IT security?

IT security is complex, but you can summarize the concept as follows: IT security means that you can trust the information maintained by the IT system. Most of IT security involves the notion of trust. This trust includes the following ideas:

Only authorized people can enter, change or see the information.
The system will not corrupt the information.

Authorized Access

For IT security, authorized access is the key. Authorized access is the definition of who can access what information on the IT system. At this level it is really simple. The problem is that computers make access really easy and it takes a lot of effort to restrict access to just the appropriate users.

The most critical part of authorized access is making sure the users are the persons they claim to be. This is usually accomplished with the all too familiar password, and passwords are the great weakness in authorized access. For example, an unauthorized person can guess simple six character passwords in a few hours by simply trying every possible combination of numbers and letters using a fast PC. Therefore, many IT systems require longer passwords. However, this results in a race as computers get faster and faster the length of a safe password gets longer and longer. Even worse, the longer and complicated the password is the more likely the user will just write it down on a little PostIt note stuck to the computer monitor defeating the whole point of having passwords. Finally, passwords can be a double-edge sword.

Once, I had to recover some password protected Microsoft Word documents. An employee who had left the company had encrypted all these company documents with passwords that no one else knew. It required one PC running 24 hours a day for 7 days for each document to recover the passwords. This illustrates two important realities of IT security:

The password protection of your IT information is limited to a certain amount of time so you should change passwords often.
If someone loses a password, the protection becomes a liability.

More generally, the more security you implement in your IT system the greater you can trust the information; but the greater the initial cost and potential liabilities.

Next week, I will continue this discussion of IT security.

Home • Services • Case Studies • Whitepapers • Forum