With the first wave of holiday travel behind us and the next big wave around the corner, many of us will be suffering through endless airport security lines. I couldn’t help but draw a comparison between airport check points and firewalls. When you think of it, both serve the same purpose – allowing trusted traffic (be it human or network) in and out of a facility, and both have policies in place to identify and keep the risky stuff out.
Anyone who used air-travel in the USA has suffered through the TSA’s poorly implemented security policy. Bruce Schneier summed it up nicely in an interview last year by saying – “the only real worry is that we’ll scare ourselves into making air travel so onerous that we won’t fly anymore.”
There is an important lesson for CSOs and IT security departments here, as poorly implemented firewall and network security rules can negatively impact the business process. Just as there are obvious dangers in simple “check-the-box” security compliance, so too are there concerns of alienating users or rendering applications unusable with poorly implemented security solutions. The best security teams know that implementing an effective security strategy requires striking a delicate balance between protection and usability – a practice the TSA has yet to completely understand.
Let’s look at some examples:
Safe travels, and as always, we look forward to your feedback.
Receive notifications of new posts by email.