On TV.com: Is DEXTER a Little Boring This Season?
BNET Business Network:
BNET
TechRepublic
ZDNet

April 3rd, 2006

IT Commandment: Thou shalt not ignore security risks when choosing platforms

Posted by Richard Stiennon @ 6:51 am

Categories: Spyware

Tags:

it_command.gif

I am joining my fellow ZDNet bloggers this week in posting this Security Commandment:

 

Thou Shalt Not Ignore Security Risks When Choosing Platforms

 

Although for most of us it is already too late and we are doomed to the purgatory of continuous updates, windows of vulnerability, and increased exposure there are still opportunities to adhere to this Commandment.   

 

Over the last ten years organization have foolishly listened to the argument that it was cheaper to standardize on platforms.  The argument went that first of all you would not need separate groups of people to handle desktop and server maintenance.  And secondly, anyone can manage a Windows environment; there are no crazy sounding command line arguments to learn. Just pop in a CD and follow the instructions from the Wizard.  Remote management? Don’t worry that’s coming. Software distribution? User controls? All coming. 64 bit support? Anti-virus, anti-spyware?  Availability? Reliability? That is coming too!  

 

So, it’s too late to move away from Windows Server platforms. You have invested way too much. You have written all of your applications to non standard HTTP and are married forever to Internet Explorer.  What can you do?

 

Next time you are rolling out a new service either internally or for public consumption evaluate your platform choices taking into account the following:

 

  1. Cost of frequent updates for security patches.
  2. Cost of continuous Anti-Virus signature updates.
  3. Exposure to next mass propagating malware regardless of updates.

 

Keep in mind that if you have dedicated personnel to manage the new project it is not necessarily more expensive to have a Linux expert instead of a Windows expert.

 

By doing this you will discover that if you include risk in the equation standardization is not always cheaper; especially when your standardization is the same as everyone else’s standardization.  There is lower risk in diversity.

 

This may also prevent you from using Windows for your PBX applications, media applications, cell phones, gaming devices, ATMs, manufacturing controls, SCADA networks, traffic lights,  and medical equipment choices.

Our IT Commandments:
  1. Thou shalt not outsource mission critical functions
  2. Thou shalt not pretend
  3. Thou shalt honor and empower thy (Unix) sysadmins
  4. Thou shalt leave the ideology to someone else
  5. Thou shalt not condemn departments doing their own IT
  6. Thou shalt put thy users first, above all else
  7. Thou shalt give something back to the community
  8. Thou shalt not use nonsecure protocols on thy network
  9. Thou shalt free thy content
  10. Thou shalt not ignore security risks when choosing platforms
  11. Thou shalt not fear change
  12. Thou shalt document all thy works
  13. Thou shalt loosely couple

Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 17 Talkback(s)
Keep the propaganda out, pls
I'm sorry, I thought I was reading a respectable publication. Turns out, I'm reading the Jim Phelps of the *nix world.

If you're going to bash windows, please get your facts straight, and be willing to admit that unix is an absolute administrative nightmare.

Jackass.... (Read the rest)
Posted by: rfjason@... Posted on: 05/31/06 You are currently: a Guest | | Terms of Use
Security isn't about platforms  george_ou | 04/03/06
Sheesh  RStiennon | 04/03/06
Oracle makes MS SQL look like a choir boy  george_ou | 04/03/06
Agreed  RStiennon | 04/03/06
Who still exposes anything to the Internet?  george_ou | 04/03/06
Even internal firewalls don't protect you  george_ou | 04/03/06
SQL vs. Linux  rrusson_z | 05/08/06
About Zone-H  dragosani | 04/03/06
Those are not annual stats  george_ou | 04/03/06
I see and yet stick with my point.  dragosani | 04/03/06
Real security...  Martin.Taylor@... | 04/04/06
Enough rhetoric  george_ou | 04/04/06
Your right  Rjakiel | 04/17/06
My Right?  rrusson_z | 05/08/06
Unix zealots tend to have one thing in common  toadlife | 04/03/06
Unix zealots tend to have one thing in common - corrected  toadlife | 04/03/06
Keep the propaganda out, pls  rfjason@... | 05/31/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    Favorite Links

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    Enterprise Applications

    • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
    • New Online Dashboard
    • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline