Issue No. 04 - July/August (2005 vol. 22)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MS.2005.101
Convenience vs. Security
I found Warren Harrison's article "Constant Connectivity: Just Because You Can Doesn't Mean You Should" (Mar./Apr. 2005) quite interesting. Harrison asked, "Do we really need to be as connected as we are?" Although a computer without an Internet connection would be less dangerous than a connected one, we have to think about how useful it would be. Technology these days has taken the gathering of personal information to a new level in which companies can collect data from a variety of sources, especially online. People are concerned about cyber crimes such as stolen credit card information, their systems being hacked into, leakage of personal records, and so on. How to find a balance between convenience and security is a real issue. Would it not be far better to have both?
As we know, a computer without an Internet connection is simply a standalone computer that you can't do much with. Nowadays, people use computers to pay their bills online, to order products, or even listen to music or watch movies (I'm wondering how soon computers will completely replace TVs and stereos at home), thus saving enormous amounts of time and undoubtedly providing a lot of convenience. In general, computer security isn't as vulnerable as some might imagine—I believe that paying bills by credit card at a shop is much riskier.
A successful information security manager should manage security from a business perspective. It would be easy to lock everything down, but this would curtail productivity and reduce efficiency, which would be a large problem. In fact, Web searching is very useful and a common way for users to gather information. Email is also a critical part of work for most people. It has become even more important than the phone at many companies. Other Internet-related functions such as Web access to company emails and files offer services anytime and anywhere. This perhaps explains why "virtually every computer I use has a persistent connection to the Internet."
Implementing information security effectively is an art. We should try our best to find a balance between giving users great tools to do their jobs properly and assuring executive management that their corporate assets are well protected. Therefore, to Harrison's statement, "I challenge you to find a computer at your workplace that doesn't have an Internet connection," I reply, "No, I can't," because we want a successful marriage between security and convenience. As technologies move forward rapidly, they should be more united than ever before.
Hong-Lok Li, Information technology manager, University of British Columbia; email@example.com