What is Internet security? Is it preventing virus attacks from emails? Or trying to stop phishing? Blocking web sites or particular browser plug-ins? How do you know if your security infrastructure is doing its job? Breaches don't exactly announce themselves. It doesn't do any good to put up technology fences and then have users leave the doors unlocked.
As I travel around the world meeting with Axeda customers and prospective customers, we spend a lot of time discussing security. This conversation is made more difficult because there is little agreement on what security really means -- or how it is interpreted or measured. Wouldn't it be nice if there was some international standard or validation process that could earn you the good housekeeping seal of security? Unfortunately, it's not that easy. Lacking a standard, we rely on the experts at VeriSign to review our technology and provide their stamp of approval.
Security is a living thing. Threats and the response to them are always changing. You do your work, think you have things figured out, and then something new comes along that changes your perception of being safe. Most IT departments seem to take the approach that the way they are doing things is "safe," so they say No to anything that doesn't fit neatly into their way of doing things.
IT departments are right to have policies and procedures for accepting remote service technology. But, just saying No to everything often eliminates great opportunities to improve business operations. There is business value in security. There is business value in improving operations. The challenge is having the vision and agility to serve the business while protecting what needs protection.
If you are an IT department, have a documented review and acceptance process for remote access. When approached by a vendor, provide them with the process and have them work through it. This will save both of you a lot of time.
If you are a vendor deploying remote access, be ready to answer what you are doing, why it is necessary, and the business value for the customer. Its not about you, its about helping your customer make their business run better.