Information Security, ITs Abused Step Child

Many of us grew up with one version of Cinderella or another. The step child that's horribly mistreated by the new parent is a scary story. In the Disney version, everything works out fine. However, if you read some of the original Grimm versions of the story (and there is more than one version), not every Cinderella gets the prince. I think, far too often, information security gets treated like Cinderella by IT departments.

We've all been on the project where the proof of concept gets released to production. How many of us are thinking about security while we're doing that first sprint? I sure don't. I'd be surprised if many of you did. Yet, if we get that MVP, minimum viable product, it can go straight to production. When someone calls out, "hey, we should secure this," the answer is usually "we'll get to it later." Like Cinderella and the prince's ball, later would never have arrived without the intervention of the fairy godmother. I think you'll agree with me, there are very few fairy godmothers running around fixing IT projects with their magic wand.

So what we do? Well, I'd say you need to be your own fair godmother. You're going to have to try (note, try) to push the security on your projects. It's going to have to be you. Why you? Cause you're the one who knows that you need the security. Sadly, there is no magic wand to make it happen. Instead, you're going to have to do hard work. It won't be easy to convince the powers that be that the MVP still needs some work before it gets released. You'll have to convince people that, in addition to functionality, the security of the information is a fundamental part of what defines "minimum."

Grant Fritchey

Join the debate, and respond to the editorial on the forums

This article describes the principles of using Flyway migrations to build a database from scripts, to a specified version, and to track, manage and apply all database changes.

      Easiest way to find something in a database is using LIKE keyword. I want to find the names starting with Mich% or I want to find all...

One of the challenges of cloud computing, is what ...

Consider the above illustration of two data visualizations.  A histogram is on the left, and to the right is a bar chart (also known as a bar graph). Histograms and...

Ben Weissman gives us an example of running data c...

In this article of the series, Pamela Mooney explains the architecture of SQL Server under the hood, including some query anti-patterns to avoid.… The post DBA in training: SQL Server...

Phil Factor explains how to get started with Flywa...

Quite a few years ago, I wrote a post about SELECT...

Every server, database, storage appliance and netw...

Rock Sale While I was answering a question, I had to revisit what happens when using different flavors of recompile hints with stored procedure when they call inner stored...

Import vs. DirectQuery vs. Live connection. Which ...

Total: 0 Average: 0Are you a T-SQL developer learning the basics of MySQL? Then, one of the things you might want to learn is MySQL CREATE TABLE. Besides, the...

Google finds use of bogus Twitter, LinkedIn profil...

Click to learn more about author Amy O’Connor. I...

Stu Bradley evaluates his 2020 predictions for fra...

Sure you can – parameter sniffing is everywhere. Anytime that you have one piece of code that needs to handle a varying number of rows, you’re probably gonna have...

Click to learn more about author Rob Chapman. How much would you pay to prevent a security breach rather than having to pay to fix it after the fact?...

Low speeds enabled Starship to launch its service safely and quickly.

The DG1 only works in special motherboards—no support for the enthusiast market.

Click to learn more about author Ravi Shankar. 2020 is a year that will not be forgotten quickly due to the global pandemic and its impact on billions of people...

How does this epic rally end? And can it be repeat...

Gwendoline Christie and Charles Dance join Tom Sturridge as Morpheus.