We’re Living in Mud Huts

/by

In the modern world, we depend on so many standards to protect us in our everyday lives – without even realizing it. For example, when we walk into a building we expect it will not fall down, even in an earthquake.  But before we walk in, we don’t demand to see the drawings, the engineering, or the credentials of the builder and inspectors.  We don’t even want to see the final certificate of occupancy: we just assume that the building has been constructed according to good, complete standards.

Regrettably, the networking world is not quite to this standard of design and implementation.  Yet, today we completely depend on the networks for business and assume that they are generally well architected, built well, and up to whatever standards of protection and compliance there are.  However, we continually read warnings about doing banking online on a public WiFi network, or change our passwords because people can steal them from company directories, and so on.  Yikes!

hut1You see, networks have been built by so many people over decades, largely without standards for design, inspection and operation, and have grown so large and complex, that basically it’s as if we were living in mud huts from 2000 BC.  Is that any way to conduct your critical business? In a mud hut, that is easily brought down, vulnerable to natural and man-made disasters, and not very comforting on the security front?

I wouldn’t live in a mud hut.  And I doubt you would either.  So, if your network is large, complex, and built by many people over a long period of time, there is a good chance that it may not be as secure as it should be for your business.  Ask your CISO what standards have been used in building your network.  PCI? FISMA? HIPAA? These are just a few, but they are a good start to addressing the needs of good and proper network architecture and design.  But these standards have to be repeatedly checked because the network in which they are implemented changes all the time.  In reality, there aren’t any great standards.  And until there are, and networks are rebuilt in accordance with them, every CEO needs to understand the risk of running his business out of a mud hut.