We’re all familiar with the old adages about the Cobbler’s children having no shoes and the dustiest part of the house being the top of the Hoover. So it’s not surprising to find that some security companies don’t run a tight ship. A good recent example is Guidance Software, a top user vendor of digital investigation products. They’ve just settled a case brought by the FTC. It looks pretty damning. They failed to look after customer data to their advertised claims. And they’ve naturally and perhaps rightly attracted some mocking snipes from security pundits.
But does it mean that the products they sell are not secure? Not necessarily. And does it mean their operations are not secure now? Probably not, as they’ve had to make formal assurances to clean up their act. They’ve also taken on some very high profile non-executive directors who now have their reputations on the line, including George Tenet an ex-CIA Director. The interesting question is whether they are that much different from other security vendors. Were they unlucky to get caught? Hard to say. Will it happen to others? Absolutely. We can expect more of this type of case because there are a lot of insecurities out there and the compliance noose is tightening fast.
So there are some lessons here. Firstly, if your business is security then you need to maintain very high standards. Secondly, watch those assurances on your web site – they might come back to haunt you. Thirdly, if you’re a customer, don’t assume that just because you’re dealing with a security company or bank that everything will be completely secure. All of them are likely to have their weak spots. And fourthly, don’t write a company off because of one bad incident. Because – think about it – would you rather trust an organisation that had been found out and put its house in order, or one that you knew nothing about?