How Security Measures Have Impacted Project Managers
We all know that security is a significant concern. What’s surprising to me is how much more complex security requirements for large systems have become, as this document from Oracle on data security challenges shows.
For project managers and system architects who are required to take into account security needs, it’s likely that they might think of the security plans and checklists they are asked to review as being an administrative drill that stands in the way of getting a system built and implemented.
However, increased vigilance and thoughtful risk management are the price that must be paid in our increasingly interconnected world. For example, this recent news story about compromised systems in hospitals reminds us that bots (or web spiders) mindlessly look for and exploit weaknesses wherever they are found.
To the embarrassment of many organizations with a web presence, stories of compromised data are common although the recent Nvidia hacking incident reminds us that secondary measures, like encrypting user data, can take the sting out of the events.
As technology evolves, authentication measures that were once sufficient can now be quickly overtaken by the more clever mice who figure out how to bypass our mousetraps. All of this points to the need for a more thoughtful and rigorous assessment of security risks for our systems. Is this going to bog down development? Yes. Is it necessary? Yes.
Increased attention to security appears to be the price we must pay for the power of our widespread access to information, addressing the responsibility we have to our organizations and our customers. As Spider-Man’s wise uncle once said, “With great power comes great responsibility.”
We need to remember that people don’t want systems; they want the services that systems provide. When envisioning those services, the people—customers or business users—requesting often don’t think about security and business continuity; instead, they envision the business value of making the service available.
Users rely on system professionals to worry about the details of implementation, including security, reliability, ease of maintenance, ease of use, and compatibility with other existing or planned systems.
I’d like to hear from other professionals out there about how each one of you is handling the increased security protocols we now face. Feel free to leave a comment.
