Trust, But Verify

Technology is a powerful tool. So is integrity.
This story appears in the November 2006 issue of BizTech Magazine.


Photo: Hot Shots Imaging
Jim Shanks
Executive Vice President and former CIO of CDW

Technology combined with integrity is powerful, aiding businesses to prosper and individuals to create, collaborate and explore. Unfortunately, technology in the absence of integrity is still powerful. And its misuse at the hands of information technology and non-IT professionals alike captures an ongoing bevy of press attention: databases compromised for financial gain; privacy rules ignored; IT needs overstated to dupe wide-eyed buyers.

And then IT ethics — rightfully so — are called into question.

That’s where you come in. How well your organization combines technology and integrity is up to you. You set the standard for how IT power gets wielded among your employees, your customers and their customers.

Many security experts believe that it won’t be long before IT professionals with access to systems containing sensitive, private or confidential information are required to verify the security of their systems and data. This would complement, not supplant, signing legally binding company policies to do the same. Think about the fallout of the accounting scandals of a few years ago. The results: federal regulations requiring executive officers to verify the veracity of financial results coupled with severe financial and criminal penalties for misrepresentations.

Certifications may help separate the ethical wheat from the unethical chaff. For example, the SANS Institute, a Bethesda, Md., cooperative with more than 165,000 security professionals, offers classes in IT ethics for those seeking certification in network security. It also stresses privacy in its code of ethics. Those joining SANS must agree to respect the privacy of their co-workers’ information, vowing to “not peruse or examine their information, including data, files, records or network traffic — except as defined by the appointed roles, the organization’s acceptable use policy as approved by human resources, and without the end user’s permission.” They also agree to obtain permission before probing systems on a network for vulnerabilities — a step many security professionals tend to ignore.

This key step is critical for any organization serious about IT. Knowing who has access and who has accessed a system is critical to determining the risk exposure level.

Another option to consider is conducting an independent audit on a regular basis. For most small businesses, that level of scrutiny isn’t affordable or even necessary. Yet to the degree that your company collects nonpublic personal information (NPPI) from customers (basically any information beyond what’s available in a phone book) and engages in e-commerce, it’s worth considering. Call it IT insurance. It’s a step that numerous firms can’t afford not to take.

“It removes the monkey off your back,” says William Cook, a partner and security expert at Chicago’s Wildman and Hartman. “It shows that as an IT professional, ‘I am exercising due diligence and being honest and meeting security standards. Check me out.’ ”

When hiring new personnel, examine backgrounds carefully and know who’s working for your business. “There will always be certifications and oaths, but it’s who is holding those credentials and taking those oaths that really counts,” says William May, CEO of Work Software Systems, a Charlotte, N.C., developer of retail point-of-sale software. “We put a lot of weight on strong personal references when hiring anyone, but particularly IT specialists.”

Which approach works best? All of them help. But none replaces communicating to your employees the high ethical standards that are demanded of them.

Indeed, information technology is too powerful and important to do otherwise.

Jim Shanks is executive vice president of CDW, a $6.3 billion technology services firm, and a former CIO.
Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.