Security in our heads

I often joke that we should have no secrets and that we should share all information. that this would be the answer to security issues. I was thinking about identity theft the other day and realized that those with more secrets are bigger targets than others. When you think about it a person who can not get credit is never going to be a victim of credit theft. Like wise a person with no health record does not need to worry about a HIPAA violation.

The reality is that all of us have some medical record or some credit, however small, and businesses have information to protect. But have we inflated security so big that it is self perpetuating. Are we making targets for the bad guys.

My wife watches those gossip TV shows on all of the celebrities. They are always complaining about the privacy of the mega stars, Tom Cruze, Meg Ryan and the others. (Point to note I do not know who is hot these days. I don't even know the last flick that I saw. I know it was rented.) I understand not wanting to have every aspect of your life on camera, but these people perpetuate the drama and we, as consumers, perpetuate the market for that drama.

This is the same cycle that exists for other information that people try to protect. Big businesses put major fortifications around their most critical data. Yet they provide public access to portions of that information for research or on-line sales. If a company wants to protect their information why not keep it secret, remove access to it, bastion it off in its own silo away from the public. I understand that you need to pull information from the outside in and from the inside out. There can be conduits for this, channels that still protect the sanctity of that inner silo. Build a VPN to your internal network that connects the outside facing network with the inner network.

There are simple ways to protect what we hold most valuable. I think that we sometime make things bigger than we need to, more complex. Are we building our own security threats? Are we compounding our our security vulnerabilities? Are we enlarging the complexities of our security solutions? All of these are questions that we need to ask. Most of all we need to ask is the security target in our head? Are we trying to protect something that is not even there?