The Enemy at the Gate
It was 81 years ago this month that the French embarked on the most ambitious – and most expensive – security project in their history. The Maginot Line was a series of perimeter defenses that stretched over 900 miles, starting at their Southern border with Switzerland and stopping in the North at the Ardennes forest, close to the English Channel. Its grand design included various fortifications, observation turrets and machine gun posts, as well as an intricate communications infrastructure that gave the French the ability to communicate along the entire length of the defensive structure.
The Maginot Line was constructed due to the utter shellacking that the French took in World War I, roughly 15 years prior. The Germans were able to simply march across their shared border and establish occupation – the French did not have the security people, processes or technology to defend themselves at that time. In 1930, French military tacticians believed that the Maginot Line was the key to avoiding a repeat of that scenario.
We all know how that story goes.
Today we know that the Maginot Line is not what failed the French. The Maginot Line, for all of its weaknesses, was a gem of modern military design. Retractable turrets. Redundant communication lines. Flood zones.
What failed the French is a misunderstanding of their risks.
Earlier this week I was speaking with one of the largest health care insurance providers in the Northeast (nearly 1M members), and I asked the question – “how do you determine your security priorities?”. The individual that I was speaking with, who by the way seemed very competent in his own right, went on about their budget process, about ongoing security initiatives and about demands from various departments. Noticing that there was a critical component missing, I asked how the organization’s risk fit into the equation. His reply made me realize that organizations of all shapes and sizes, and security practitioners of all competency levels, are being forced into practices where risk is an afterthought.
Being in the trenches (sorry, World War I on the brain) every day, I see organizations make security decisions based on hysteria, hype, the budget, the pushy board member, the slick salesman or tradition and the way things have always been done. The result is daily data breaches and security incidents, increasing complexity in our infrastructures and a growing distrust of security – the people, the processes and the technologies. If we don’t learn from history we’re bound to repeat it.
Your security decisions, your risks. The enemy is at the gate.