Computer Weekly readers have their say
RFID needs to be handled responsibly
With regard to you article on the use of RFID chips in passports (Computerweekly.com, 3 January), RFID is a worthy technology and one that has many business or security merits. As your piece shows, it is certainly something that will become more commonplace in the future and will infiltrate the everyday life of the average Joe, not just tech-savvy boffins.
With the growth of this technology, however, needs to come an understanding of just how powerful it is and how dangerous it would be if used in the wrong way.
RFID chips allow a mass of data to be collected, which of course has data protection implications. If data is handled in an irresponsible way then it may infringe on people's civil liberties as well as breaching the Data Protection Act.
Watertight contractual agreements need to be drawn up in order to minimise the risk of any data leaks or breaches. Companies need to be careful to incorporate RFID into their data protection and security strategy now, rather than dealing with these issues when a problem occurs and the damage has been done.
Vin Bange, Addleshaw Goddard
PCs are not quite so crackers after all
I write in reply to Anthony Youngman's letter (Computer Weekly, 10 January) in which he states that he is horrified that modern PCs do not have a physical power switch.
Some PCs do have a power switch, but for those that do not, there is usually a switch on the socket on the wall. Those who are aware of the consequences of unauthorised remote access will probably already have also realised you can pull out the plug.
Youngman does make a fair point though, and all PC manufacturers ought to provide a physical power switch.
All patches are not created equal
Cliff Saran's article (Computer Weekly, 10 January), rightly raises the patch conundrum that businesses face in light of zero-day exploits. However, Jericho Forum's Paul Simmonds' comment that "an unofficial patch, wherever tested, adds another factor of risk to the equation" is missing the point.
All patches carry an element of risk to implement. Even official supplier patches are not created equally and carry an element of risk if the IT manager does not have a clear understanding of their network infrastructure and how the new patch will affect it. The focus needs to be on mitigating the risk of the vulnerability being exploited.
While temporary policy lockdown is the only true protection against known zero-day threats, it is not an option for most businesses. Consequently, unofficial patches offer IT administrators an alternative option to mitigate risk in the case of zero-day exploits, rather than adding another factor of risk to the equation. If, of course, the patch is verified and tested by a reputable security organisation.
Alan Bentley, PatchLink
Outsourcing will be merely a footnote
Danny Bradbury's article on meeting skills requirements (Computer Weekly, 10 January) quoted David Flint of Gartner pointing to the future decline of demand for in-house technical skills in favour of more business or general management skills.
This all seems to me to be a self-fulfilling prophecy in the making. Even allowing for the drive to make IT more business-oriented and the rise of outsourcing, we are failing to see the wood for the trees if we believe we can take the technology out of IT.
Yes, it's true that there are some very talented technical people in India and the Far East who will work for less that UK IT professionals, but the superficial view that cost-savings are everything could come back to give companies who put too many eggs in the outsourcing basket a very nasty shock.
The idea of a company being nothing more than some small co-ordinating group, with all the work farmed out to people with no strong reason to be interested in that company's success other than a paycheque can get, cannot provide a sound basis for long-lasting business success.
In 20 years' time, outsourcing will be seen as just another management vogue that had its day and ended up as a footnote.
Focus on doom and gloom a bit too neurotic
I enjoyed Bill Goodwin's article on business continuity in the aftermath of the giant oil fire in Hemel Hempstead, but am I alone in feeling that the constant focus on "worst case" scenarios is getting a little out of hand?
The article pointed out that small companies came off worst, with an implication that small companies in general are taking a lackadaisical approach to preparing for potential disaster.
But are the risks so enormous as is often made out, and is it really helpful to be constantly anticipating the worst scenario?
A good householder will install some decent locks, take out some affordable insurance and then sleep easy. Only a neurotic will live their life on the basis that whatever can possibly be imagined is likely to happen.
The same should apply to small businesses - take reasonable precautions and then get on with your business.