Friday, May 08, 2009

TIME IS NIGH FOR SECURITY SHARING

For the past two decades we have been witness to an electronic revolution. Social functions as we used to know them have been radically turned inside out by technology. Records from bank accounts, tax returns, property registers and shopping transactions have become electronic.

Of equal importance are the mundane everyday systems that have discreetly been automated. For instance burglar alarms are no longer the sirens of yore that woke up the whole sub-location. They instead send silent messages to security control rooms. Locks are no longer mechanical affairs. They are now swipe cards or remote controls.

All these developments have a common fabric. Technology has permeated nearly every sector of our society. Computer security will suddenly mean more to you when almost every electronic device that affects your life is connected to the Internet.

Computer security systems frequently break down and the same elementary mistakes are repeated in one organization after another. These systems apart from failing also just don’t work well enough.

Instances of credit card fraud, identity theft, DSTV pirating and other cyber crimes will become commonplace in Kenya once we get connected through the submarine fibre cables.

Most failures of security systems (computerized or otherwise) can be prevented if security experts had a bit more knowledge of what had been tried, and had failed elsewhere. ICT security technologies (eg. auditing, encryption, access controls and others) are relatively well understood in themselves.

The problem lies in the knowledge and experience of how to apply these technologies in a nascent ICT sector like ours. The rapid computerization that is happening has not given Kenyan ICT security professionals enough time to learn and exchange these lessons.

As a result the same old security square wheels are being applied in most local organizations. The companies that have managed to understand that exchanging security incidents and lessons have been able to reduce their vulnerability.

Within a few years there will be more mobile phones, lifts, refrigerators, electricity meters, burglar alarms and CCTV cameras on the Internet than personal computers. This will require security professionals to think differently.

Knowing what works, and more importantly what has failed, in other organistions is a great help in developing good ICT security practices in Kenya. It is therefore imperative that ICT security professionals develop a forum for exchanging ideas and good practices.