Assign Blame

Tom Smith charges, "Failing to develop, implement and oversee sound security practices is like building a bank with no vault locks."

July 29, 2005

3 Min Read
Network Computing logo

Recently, my bank notified me about some of its sensitive customer data getting "lost" in transit. It had fallen out of the truck! Evidently, an employee hadn't properly shut the door.

When the story hit the paper, bank personnel and the police were reported as saying no one was to blame--mistakes happen. Wrong, wrong, wrong.

Someone is responsible for information loss. Failing to develop, implement and oversee sound security practices is tantamount to building a bank with no door and vault locks. Nonadherence to security policies is no different from leaving the door unlocked and the alarm off. Hey, why not just invite the thief in? Better yet, why not pile the money outside the front door and save him the effort?

Granted, the threat of customers taking their business elsewhere is a powerful incentive for companies to keep personal data more secure. However, it is usually people, not systems, practices or policies, that fall short. Failure to hold those individuals accountable for their negligent handling of private data serves only the ineffective employees.

From "I got hurt breaking into your house" to "I put the hot cup of coffee between my legs, but it's your fault and I'm going to sue," we've apparently lost the belief in personal responsibility.Tom Smith
Company name withheld by request
[email protected]

Thwart Evil

In his column "Defense Against the Dark Arts" (July 7), Jonathan Feldman recommends building in penalties for poor performance when contracting with vendors. But how do you do that? Large vendors usually won't allow changes to their standard contracts, and small vendors often are too untested to entrust with your critical business needs.

Justin Michael
Managing Director of Technology
Company name withheld by request
[email protected]

Jonathan Feldman replies: Try pitting vendors against one another. Typically, a vendor rep will ask, "What do I have to do to earn your business?" Now, an evil-type sales dude is probably waiting to hear you say, "Treat me to a strip club and a lobster dinner." But instead, tell him, "Put penalties for poor performance in the contract." If he's less than cooperative, ask one of his competitors to do better.

Here's another tip: Toward the end of the quarter, sales reps are much more willing to negotiate. After all, they want to make their numbers so they can stay in favor with their "dark lord."

CorrectionsIn "BPM Rules" (July 7), we should have given Pegasystems' PegaRules Process Commander 4.2 a standards-support score of 5.0, resulting in an overall grade of 3.1 (C+).

In our introduction to "BlackBerrys and Treos and iPaqs, Oh My!" (July 21), we should have identified the vendor of Mobile Suite as Intellisync Corp.

Tell Us How You Really FeelSend e-mail to [email protected], fax to (516) 562-7293 or mail letters to Network Computing, 600 Community Drive, Manhasset, NY 11030. Include your name, title, company name, e-mail address and phone number. All correspondence becomes the property of Network Computing.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights