Don’t be your company’s lone security hero – form an A-Team

Many of you will remember the A-Team and how their crazy team was able to overcome impossible challenges. Well, web security is a next to impossible challenge and organizations can’t expect a single lone actor to protect your organization from attacks.

One person working in isolation cannot be expected to be an expert in all aspects of Internet security, it’s just too vast. This area of expertise that is simply changing too quickly.

The software that is running our central infrastructure has simply got too complex. Managing the back-end server security is going to be different than managing the front-end security of your Content Management System (CMS). Sure, your CMS sits on the web server, but it leverages very different libraries.

Most organizations aren’t going to have a security team, but there will often be an individual who is tasked with this responsibility along with many other things. Fortunately, there is the Internet, so you don’t actually need to rely just on those within your organization to help flesh out your team.

Whoever is tasked with security should be getting ongoing training so that they can keep abreast.  Where your company relies on open-source tools like Drupal, it is important to keep engaged with the security community there as well. There are many people in the community who have experience that they are willing to share with those who are engaged.

Obviously you’ll want to ensure that someone is on the mailing list to see that your organization receives updates of the latest threats to the code that you use. You can usually get updates from a traditional mailing list or RSS feed. Many now have announcements via Twitter and of course there are updates posted on the project’s website.

Someone needs to be aware of when the updates are usually announced and be keeping an eye out for those like Heartbleed Bug, which aren’t released as part of a regular cycle. When issues this serious are announced, you don’t want to have the only person who can address it be on vacation.

Participation in open-source communities can effectively leverage the knowledge and creatively flesh out your team. By giving back to the community and helping others learn about web security it will also help to demonstrate that your team knows what they are talking about.

Your security team will need to bounce ideas around and look at what others have done in order to find solutions to today’s complex security problems. Engaging with open-source communities is a great way to build trust with others who can help see that the right plan comes together.

Mike Gifford
Mike Gifford
Mike Gifford is the founder of OpenConcept Consulting Inc, which he started in 1999. Since then, he has been particularly active in developing and extending open source content management systems to allow people to get closer to their content. Before starting OpenConcept, Mike had worked for a number of national NGOs including Oxfam Canada and Friends of the Earth. As a techie at heart, Mike likes to get into the code when he gets the chance. Being ultimately concerned about the implementation and implications of the technology, he is able to envision how your website can become a much more powerful communications tool for your organization. Mike has been involved with accessibility issues since the early 1990's and is a strong advocate for standards based design.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.