Imagine a world where both nation-states and criminals are able to compromise e-commerce traffic, steal banking details and access your private information at will, and yet at the same time that the criminals themselves and their activities are completely protected because, well, they’re criminals, and they don’t follow the same laws that compromise the privacy of law-abiding citizens. This is the utopia that many governments, law enforcement agencies and now even Interpol want us to live in.
With the current trend towards moving data and services into the cloud, what happens to the old infrastructure that once housed this data? Even with your own personal data set-up, how do you minimise or eliminate the risk that once you have disposed of your equipment, its content has already been securely erased, destroyed or made non-recoverable?
As IT professionals, we can sometimes, without realising it, limit our focus to a particular process or solution, rather than the desired outcome of our customer. This can be an easy trap to fall into, especially if you are working in an IT role that has some customer-facing element (which is the majority). Especially prevalent in larger and/or more mature organisations, technology platforms and processes have often existed for a significant period of time and have evolved to a point that they are often viewed as ‘cookie cutters’… requiring no additional consideration.
You wouldn’t think it, but when it comes to IT, security and safety aren’t always synonymous. Sometimes, the measures that increase technical security also remove the ability to provide safeguards for users. Firefox started rolling out DNS-over-HTTPS to users in the US recently. This is largely seen as an improvement in security, preventing alteration or observation of a user’s DNS queries by their ISP, which in the US no longer have limitations on selling this data. Governments can also use it to spy on their citizens, and ISPs (including in Australia and the UK) are often forced by law to alter DNS responses to block websites.
I was told recently, regarding my job, “Sure, that’s great, but you’re not a brain surgeon or anything”. And while that’s true (I wouldn’t let me near anyone’s head with anything sharper than a tennis ball), it doesn’t mean that the role that I, or you as ITPA members, have is not worthy of praise, or that we are not important in our society.
Many of us are in support, whether we’re supporting end users, internal users, a public facing service… our families, friends. You’re supposed to know it all, right? Until that dreaded moment, where you need to escalate to vendor support. At this point, a gnawing pit of anxiety rises from the depths of your gut as you realise the horror that is about to unfold upon you. As an IT professional, I’ve found fewer experiences more frustrating than dealing with vendor support. Even when dealing with the hallowed ‘Partner Support Channel’ you still inevitably feel like you’re trapped in an IT Crowd script, turning it off and on repeatedly for person after person, only to finally give up in frustration and just do something totally different instead. So why exactly is it so frustrating? Is it inevitable? Let’s explore some of …
It seems every week we’re learning of a new online privacy breach. The latest (as I write this) is the ‘accidental’ release of Myki user travel data. The Victorian Department of Transport released over 18 billion records relating to travel by more than 15 million users on public transport in Victoria over a three-year period, believing that they had anonymised the data sufficiently to protect people’s privacy.
One of my biggest bugbears in IT is the implementation of standards between companies, be this in job titles, procedures, iconography, conventions and so on. Now, it’s understandable that not everyone will agree on definitions, and different people have different understandings of ideas and concepts. A good example of these differences comes from defining terms used within ITIL for service management (helpdesk): What constitutes a service request? What constitutes an incident? What constitutes a problem? When does a change request need to be generated?
As you are aware, ITPA has made several comments on the impact of various visa classes on the IT industry in Australia. We have no issue at all with the hiring of foreign workers where local skills are genuinely not available and parallel efforts are made to skill up locals. But we do have concerns that the local market protections built into visa classes, which allow foreign workers to enter the Australian workforce on a temporary basis, are not enforced sufficiently to protect the local market.
It seems that every day there is yet another case of unethical behaviour related to the technology sector. Whether it is the alleged involvement of the Chinese government with Huawei or a case of an ‘insider threat’ (typically a trusted individual doing something that is ethically and/or legally questionable), bad behaviour appears to be rampant throughout our industry. Intuitively, as IT professionals, we turn to technological solutions to try to solve problems. Configuring (higher levels of) encryption, ensuring logical centralised management and updates are all part of the solution. In a perfect world, this would result in all devices being secure and very little ability for ‘bad actors’ to gain unauthorised access to things that they shouldn’t.