“Feudal” and the young employee
In respect of Schneier’s article on “feudalism” in security (pledging “fealty” to a company/platform, and relying on the manufacturer/vendor to keep you safe), I’m sitting in a seminar for an ERP product from one of the “giants.” The speaker has stressed that you need an “easy to use” system, since your young employees won’t attend or pay attention to training (on either systems or your business): they expect things to “just work.”
We’ve also just had a promo video from a company that uses the product. Close to the ideal of a “virtual” company: head office is in one country, manufacturing in two more, and most of the user base shops online. It is easy for the security professional to see that this is a situation fraught with peril: online access to vital business, manufacturing, and customer information, privacy issues with a diverse customer base, legal and privacy issues with multiple jurisdictions, and the list goes on. This is not a situation where “plug and play” and turnkey systems are going to be able to address all the problems.
But, of course, the vendor position is just “Trust us.”