Page 39 - Cyber Defense eMagazine April 2023
P. 39

Another thing to consider is: what happens when something breaks, a key piece of software becomes
            obsolete and unsupported, or a trading partner changes their standards? When the poop hits the fan ten
            years after the guy from IT who wrote the code left the company, where do you go for support? It’s a lot
            to ask someone to try and solve a miasmic puzzle of code, bug fixes, extensions, and inexpertly bolted-
            on changes. Furthermore, in-house solutions lack features necessary for ensuring file security and for
            proving compliance with any applicable regulations. If a file goes missing and you can’t prove that it was
            encrypted, the assumption must be that the data are compromised.



            Make Security Easy

            And finally, even when a commercial managed file transfer product is picked, there  may be inherent
            complexities that make it difficult to implement and confusing to use. Too many customizations, both of
            features that should be standard and of some that are unnecessary, increase the chances of getting
            things wrong, either through omission or commission. And then there is the all-too-common bottom-up
            implementations that require vendor-specific “pseudo-coding” language to navigate to ensure you are
            getting all the functionality that is needed to do the job instead of intuitive top-down implementations
            consistent with the no-code ethic.

            When the goal is to deliver a product that is supposed to help an organization conduct their business
            securely, it doesn’t help to undermine those efforts by delivering a product that is difficult to use. A cynic
            might wonder if the complexity is not a bug, but a feature designed to get the customer to buy into costly
            support contract and, ultimately, fall victim to the sunk cost fallacy. That may be a good (if short-sighted)
            business strategy, but it is not a sound approach to cybersecurity.




            We are All Security Stakeholders

            The White House’s recent  National Cybersecurity Strategy states that, “To counter common threats,
            preserve and reinforce global Internet freedom, protect against transnational digital repression, and build
            toward a shared digital ecosystem that is more inherently resilient and defensible, the United States will
            work to scale the emerging model of collaboration by national cybersecurity stakeholders to cooperate
            with the international community.”

            We believe that every technology vendor is a stakeholder in strengthening our national cybersecurity. As
            such, every technology vendor should work to make products that are secure by design, and that includes
            designed to be easy to install and use. Security should not be frustrating to the user. We are the ones
            with the skills to make the security experience integral to our products and easy for the user by using
            things like process automation to tackle essential steps that might be skipped or forgotten, to backstop
            the  customer  with  alerts  and  documentation,  and  to  not  only  streamline  the  functions  our  products
            perform, but to make the people and organizations who use our products more productive.









                                                                                                              39
   34   35   36   37   38   39   40   41   42   43   44