Posts Tagged ‘zombies’

The Password Spreadsheet

February 16, 2011 Leave a comment

Is a company’s efficiency worth the loss of its security?

Companies exist, for the most part, to make money. The more efficiently a company can run, the more money it has the potential to make. It is management’s responsibility to lead this efficiency, and to decide how this efficiency can be achieved. Often it is through simple streamlining of existing processes, but occasionally decisions are made that can lead to compromises in other areas.

One such compromise is the Password Spreadsheet, common to a large number of companies. Safe enough in small companies, which are driven by trust and talent, but a danger in large ones.

The reasoning behind the spreadsheet’s existence is simple enough, and is generally caused by the strength of the security that exists within the systems that the company is responsible for. The MD of a client has phoned to complain about an issue with their system and needs it investigating immediately; unfortunately, the person taking the call has no access. This is flagged as an issue, and (as with all problems in large companies) heads upwards throught the management chain with all the speed that a zombie attack lacks.

Eventually, it arrives at someone who realises that this might be a wider problem; after all, the company has a number of different client systems that different people might need access to in the future. Security takes second place behind ensuring that the business is kept as efficient as possible, as the decision is made that all user accounts for all systems should be stored in one location for everyone to access.

Next time the call comes through, the company may be able to react slightly faster. But the cost of that ability is security; not of the company’s own systems, but of those that are entrusted to it.

Categories: Security Tags: , , ,