The great thing about my new job… I get to talk about security all day. Whether it is talking about VMware vCloud Networking and Security or the security of the hypervisor or even security requirements or just sitting around with co-workers… security is my game and I am here to play
Recently though I got to talk to people about security with regard to storage. But as we were discussing their concern over the risk of tools they were using, I noticed that the laptop/desktop in the office was unlocked. Completely open for anyone to access and to manipulate. Email was up and active on two screens, appointments showing on one of them. Now of course I couldn’t sit back and let the irony pass. I mentioned to them how interesting this scenario was. That here we were, talking about the risk associated with a tool that allows you to see the storage and the Director’s laptop is not locked. He does not log into critical applications was the response.
This is where I shook my head. This is where I inform the customer that who cares about the storage when I could easily manipulate everything with an unlocked system. It is the email that lets the attacker in. It is the end user system that creates the havoc on the network. If you can’t teach your teams… your employees that have titles that require them to have offices, that security starts with them… then what is the point in doing all of this. Yes maybe the fact that everyone leaves systems wide open is why they were concerned about the security but lets remind ourselves what the problem is that we are trying to tackle and lets do it across the board. Security starts with everyone.