The IT road to hell
by Calum McLeod - VP of EMEA at Lieberman Software - Monday, 21 October 2013.
The past several months have been an unending nightmare for the US government and its allies, as one disclosure after another has caused unimaginable damage to relationships, and has potentially compromised Western security to an extent that we cannot even begin to imagine.

We all have our opinions regarding the extent to which government should be allowed to know what we are doing, or what our entitlement is to have full disclosure, but it’s probably safe to assume that the majority tend to assume that what is done, and how it is done, is ultimately for our own good. And the same holds true in business. We trust our employers up until the point that we discover that our jobs have been transferred to some offshore company, or have been outsourced to one of the many service providers who appear to offer investors the best ROI.

Although this article is primarily intended to look at the IT security implications of the Snowden and Manning affairs, the question that I believe needs asking is whether the incessant drive to reduce costs and increase shareholder value is ultimately resulting in the demise of our economies, and the destruction of our infrastructures. The days when employees could be sure of their long-term future are long gone. History shows that once any organization becomes dependent on outsourcing and off-shoring, will sooner rather than later cease to exist.

People cost less than technology

One of the trends over the past several years, has been the move to outsource the day to day operation of IT infrastructures. IT has traditionally been seen as a cost center, and by eliminating this cost, organizations stand to make more bottom line profit since they eliminate the costs of staff and infrastructure.

The competitive nature of the outsourcing business has meant that companies are having to offer bottom dollar pricing to win business, and they in turn try and reduce costs. Frequently work is subcontracted to countries where the labour costs are so low that organizations will not invest in automation technology because it costs less to hire an army of IT staff than it does to invest in the appropriate technology.

In many cases, work is carried out in countries where it is neither possible, nor legal, to carry out adequate security screening of staff.

Technology often flatters to deceive

We live in a society where fame and fortune appears to be in everyone’s grasp. And the IT industry has very often been the victim of the corporate “get rich schemes” afforded by Venture Capitalists who will invest in technology companies with any eye to their eventual acquisition or public offering.

The result is that far too often, the technology doesn’t quite do what it claims “on the tin”. And we live in an industry where hype is frequently more important than substance, where marketing machines offer Nirvana when the reality is much more sobering, and where staff option plans offer instance gratification, and where far too often the investment is more focused on delivering a good looking dashboard rather than something that actually is useful!

As a result, most organizations end up going the “people” route simply because the technology is simply not fit for purpose. 2013 is the year of APTs, 2012 was BYOD, and who knows what acronym 2014 will bring, but one thing that the buyer can be sure of; whatever the latest hype will be in January, we can be sure that there will be hundreds of vendors claiming a cure.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th