Trust But Verify Or Your Security Will Suffer

Those were telling words when spoken by Ronald Reagan during the waning years of the cold war. What was president Reagan talking about and why was trust so important? Reagan was dealing with security issues also. He was worried about ultimately global nuclear war. He was in the midst of negotiation of arms reduction treaties with the Soviets. So the stakes he was dealing with was the highest.

He was dealing with a foe that was talented, duplicitous, persistent, and never seemed to stop. Sound familiar to anyone? I could have used those same words to describe the enemy we are facing every day in the war to protect our data. Sure the risks may not be as severe. But they certainly are just as real. And these risks do have consequences.

Reagan Knew What He Was Talking About

If you ignore his words you ignore them at your very own peril. This is not a discussion of politics. And I do not care if you are republican or democrat. And neither does the cyber criminals trying to get their hands on your data. All they care about is what is in it for them and how they can exploit your weaknesses. They are like a spider creeping and crawling around in the background, just waiting for an opening. And Reagan’s words once again are right on point. He is talking about trust.

We all need to have trust in our business. It is the life blood of business relationships. But we also need to know that the people we are going to trust can actually be trusted. This is a big but; the kind that can get you into trouble. Reagan knew that previous negotiations with the Soviets had not gone so well. Because we did not verify what we were agreeing to, thus rendering the agreements essentially useless. So he imposed in the negotiations an entire verification regime in order to build the necessary trust.

Verify What?

So how do you verify your own data security? First, you must have the policy structure in place to account for security verification. You must spell out in that policy that each security measure will be verified in an acceptable way before being considered in compliance with your security posture.

Many companies use verification tools and techniques along the way. They are already out there and are waiting to be taken advantage of. But they are only used sometimes and inconsistently. Remember we have to be right all the time. The bad guys have to be right only once. And that will be the time when you forgot or neglected to verify something. Verify so you can then trust in your own system.

Leave a Reply

Your email address will not be published.