• ABOUT
  • Leadership
  • Careers
  • Events
  • Contact
  • Did You Know
• SERVICES
  • Managed Solutions
  • Compliant Solutions
  • Cloud Solutions
  • Colocation Solutions
  • Professional Services
• CASE STUDIES
• SERVICES PLATFORM
  • Data Centers
  • Services Platform
  • E3 Promise
• BLOG
• RESOURCES
  • Fact Sheets
  • Certifications
  • White Papers
  • Case Studies
  • Webinars
• PRESS ROOM
  • Press Releases
  • Articles

Security or Complexity? Don’t confuse the two.

So, I recently learned of an organization that is imposing new password parameters.  You might want to sit down for this: the password MUST contain 3 uppercase letters, 7 lower case letters, 2 numbers and 5 special characters.   Secure, right?  Wrong.  It’s this kind of password policy that guarantees you will find each user’s password on a sticky-note under the keyboard.

Or, how about this; client A sets up some very convoluted access policies for their systems at HostCo.  Keys to the cages where their servers are kept are in safes that require a combo lock and a key to open.  The armed HostCo guards have the safe combo while the HostCo SysAdmins have the safe keys.  Sounds pretty secure, yes?  Not really – it only takes compromising one employee of one company to get to the systems (you can probably figure out which one).

I am certain that you have also experienced “security” measures that give the illusion of security but really are only overly complex.  This is a real danger to your data’s security.  The more complex you make a process or procedure, the more likely someone will find a way to circumvent it while creating the illusion of compliance. 

Let’s take the password example - according to their standards, the following is perfectly acceptable:

ZXCasdfghj12!@#$%

According to Microsoft’s password checker, this is a very strong password and it’s easy to remember.  But, is it really secure?  Not if everyone uses it or if someone is looking over your shoulder (the key strokes are VERY easy to follow). 

According to the same checker J@ySm1th25896! is just as strong.  If I am Jay Smith and my ZIP code is 25896, it’s easy to remember and is not as easy to follow if someone is looking over your shoulder.

The point is that security measures can be strong and not involve the Headless Chicken Dance.

Write a comment

• Required fields are marked with *.

Name:
Email:
Subject:
Comment: *

Help prevent spam - enter security code above:
 

Showing comments 1 to 4 of 23 | Next | Last

jnytudmuj
Posts: 23

KlDmxbMJACuQYUVT
Reply #23 on : Fri November 30, 2012, 07:44:50

---

mBfpl2 <a href="http://ygixbwsvqums.com/">ygixbwsvqums</a>

nlgwaztzybv
Posts: 23

hIdYDAdVirkgUJjhrE
Reply #22 on : Thu November 29, 2012, 15:18:51

---

JwdoD0 <a href="http://wbuakdfggnxm.com/">wbuakdfggnxm</a>

Turan
Posts: 23

CyDBPEZCKosUwibGx
Reply #21 on : Wed November 28, 2012, 11:01:08

---

Hi SlavikThis has come up on Twitter (and in private emalis before as well). UKOUG last tweet on the matter .@alexgorbachev – We are aware of the issues with the current system and are in the processing of sourcing a new tool for next year. You probably know this but the error you got (and the page extension!) only tells you the front end technology. You have to get database error message to know it's not an Oracle DB. Unfortunately I've had one of those as well.

wcwruqd
Posts: 23

tMUXCLykXLicztpcUK
Reply #20 on : Thu October 11, 2012, 14:17:55

---

AXBW7e , [url=http://fhohdjiqvczy.com/]fhohdjiqvczy[/url], [link=http://wqxmipyohxhf.com/]wqxmipyohxhf[/link], http://nmtbadpxauqm.com/

Showing comments 1 to 4 of 23 | Next | Last

[ Authors ]

• Jon Greaves (44)
• Brian Winter (2)
• Carpathia Hosting (17)
• Paul Roberts (3)
• Teejay Riedl (5)
• Tim Burke (1)
• Rich Thompson (2)

[ Categories ]

[ Archives ]

Archives