In a world of constant security struggles, insurance companies are throwing their hat in the ring. Companies will now have the option to take out a policy on their IT. What effect will this have? It could be big. Remember, insurance price is based largely on risk. This could be bad news for companies with software known to be insecure.
Read the article here.
This could be bad news for admins forced to secure companies running software known to be insecure, or employees they cannot control. I’m willing to bet that any company taking out such a policy has their admins under the gun, and in turn these admins have all users under the gun. I’ve heard of cases from colleagues where people have been fired fired for installing kazaa. Where I work we have frequent packetstorms on the network from our IT dept. scanning all systems, and spyware installed on every user’s system (to the point where developers cannot change their IP addresses or install software on windows without someone ‘coming over to help them’ from IT). I bet this will only get worse all over the place. Thank god for for self-managed labs and departmental firewalls to protect oneself from big brother. 😉
I can’t see insurance companies doing complete code audits. But I can see them charging higher premiums for IIS users. Higher premiums for companies that allow use of Outlook Express, etc. Obviously OSs would be a factor here to.
Can’t wait until they make it mandetory, by law.
Laws are the best thing we can make today. They protect us better than anything and give insurance companies lots of money. Laws are better than insurance. But insurance is good. Because we’re not really concerned with security, what concerns us is losing our money.
if this forces people to actually take the time to secure their systems… this may be one of the best things to happen to computing! but i could be totally wrong…
Can’t wait until they make it mandetory, by law.
Laws are the best thing we can make today. They protect us better than anything and give insurance companies lots of money. Laws are better than insurance. But insurance is good. Because we’re not really concerned with security, what concerns us is losing our money.
You are kidding, right? Mandatory insurance laws suck big time…do you know how much New York State residents have to pay for auto insurance thanks to the mandatory insurance coverage laws?
My fear is that the consequences of these policies will be a lack of good admins…”the insurance will take care of things, we can lay off half our IT department”
Another concern is that insurers may only be interested in insuring certain platforms, and excellent, but often overlooked operating systems (FreeBSD, OpenBSD, NetBSD, OpenVMS) and servers will be unable to be considered for future deployments.
Just some thoughts.
bytes256L:
I think he is being sarcastic.
Forced computer insurance is yet another way companies can freely dip into our wallets & pocket books. If they are going to force insurance then they will have to force testing & licensing (just like a drivers license.)
However I do agree with you about NYS insurance.
My parents priced up auto insurance for my 18 year old brother. He took drivers-ed & drives a 1984 Pontiac Fiero. The cost for minimal auto insurance for this car & driver???
$3,600 a year.
My parents policy for 4 drivers with 4 cars is over $5,000 a year.
I was being sarcastic. I bet insurance will be yet another excuse to continue with our current dilema proprietary vendor lock-in, supporting monopolies, and being insecure in general.
But security through obscurity is good enough for some folks, as long as they got their money. So I don’t care either way. In fact, I hope laws do get passed, because it will bring about a revolution in the way we do business much quicker, IMO. Perhaps even a Linux revolution.
Hi Kon, what you are describing is an IT Dept gone overboard. However having someone fired over installing Kazaa, may have been fully justified, (when in accordance with both state and federal law), you just don’t know the facts. (And I’ve seen it personally, well the person wasn’t fired, just had all network access removed from them, and relocated to another department).
But IMHO if the IT Dept is port-scanning the internal network and has spyware installed looking for trojans and user-installed software, don’t know how to do their job, and should be replaced.
Well, the spyware and port scans seem over the top, but being fired for installing Kazaa could be completly legitimate if they signed a contract which states they aren’t allowed to install Kazaa on their computer.
Would you expect your employer not to fire you if you skipped over the clause in your contract which says you have to come into work everyday, or have a damn good reason not to?
…will be insurance companies following reports from organizations such as Gartner, who in my opinion have proved to be rather wishy-washy when it comes to security. We might very well end up with a situation where software is chosen based on insurability rather than merits. This is a bad thing, and I want no part of it.
What is so hard visiting windowsupdate.microsoft.com and downloading all the citical patches? Although I no longer use a PC, I still can’t get over the number of lazy and stupid administrators who think that the network will magically update and take care of itself.
We might very well end up with a situation where software is chosen based on insurability rather than merits.
Which is what happens when we make it mandetory. First it will happen for government funding or VC funding, like the public libraries..
But I hope it happens. I love watching my country shoot itself in the foot, over and over again. Maybe if our economy slips significantly we might begin to question our authority.
Parental authority only works until their child becomes an adult. Our society needs to grow up.