IT Security, Still a Long Way to Go

It is hard to believe that a full decade has gone by from a time when fear, angst, and anxiety across many aspects of the channel was focused on the “what ifs” of Y2K. You would be hard pressed to pick up any publication and not see something about the Y2K situation. Here it is ten years later and, yes we survived Y2K, but there is a similar media storm these days about security as more vendors, channel partners, and end-users turn to the “cloud” for everything from storage/back up to financial apps and even every-day office applications. The more we see things being put in “the cloud,” the stronger the case becomes for IT Security to be at the forefront of every discussion.

Even if IT security is at the forefront of many discussions, does that mean that it is truly turning in to an actionable item? We frequently hear about security breaches and incidents that make one wonder how safe the cloud really is. How often could breaches have been avoided if just a few simple steps had been taken? I am always amazed to hear about users that have not updated their anti-virus software in weeks, months, or even years! In this day and age how could anyone make any online transaction, access email or conduct online banking, without first making sure that the latest security updates are in place?

Just the other day I ran across someone with a serious laptop issue as their system had been slowed to a near halt with some nasty malware. My first question was, “what anti-virus/Internet security software are you running and when was it last updated?”  Their comment was, “of course we have something, but have not updated it since it expired in 2008.”  Yikes!  And to think they use this machine for everything from online banking and email to storing family pictures and more…..it was only a matter of time before disaster struck! Preventable? Yes, but troublesome nonetheless.

As we see more and more things move to the cloud in our Internet-enabled world, the need for IT security becomes stronger every passing day.  For everything we read about cloud, SaaS, and more, we need to place an even stronger emphasis on proactive IT security measures. We need to ensure that every user is aware of the dangers awaiting them when not taking the necessary steps to apply the latest security updates to their systems, whether at home or in the office.

It is up to all of us in the IT channel to take the lead in educating and enlightening our customers, colleagues, friends, family, etc. about the importance of protecting every aspect of the online experience. Just as we see public service announcements today for things like seat belt use and drug/alcohol abuse prevention, I look forward to the day when we see regular reminders on the importance of updated anti-virus/anti-malware protection and ongoing educational efforts on how to make the online world even safer.

It is with this type of public service focus that we can come up with programs and initiatives for CompTIA’s IT Security Special Interest Group. During our past calls, there has been significant discussion involving the need for security education programs. In the coming months, CompTIA will deliver channel-focused on demand educational presentations that will address the key foundational elements of IT Security. The first session will focus on “The Fundamentals of Security,” stressing the importance of following security best practices.  The second session, “How to Implement a Security Plan,” will show how to not only develop, but more importantly, execute a thorough security plan for IT providers and their clients’ businesses. The third session, “How to Communicate the Value of Security to Your Staff and Customers” will educate technology business owners on how to effectively communicate the urgency of IT security to both customers and your staff.

These programs were developed based on feedback from member surveys but we would like to know what other topics you would like CompTIA to cover. Your input and ideas will drive future educational content, in 2010 and beyond.  I look forward to hearing from you and contributing to the ongoing discussion on this important topic.

Bob Biddle is Director of Member Relations for CompTIA and the organization leader of the IT Security Special Interest Group. Feel free to contact him at [email protected].