I think one of the funny things with system administrators ,is that they don’t get a call to tell them that the network is working or email system was working, that users could print without glitches and that files were available all days. The phone calls system administrators (we) receive seem to always come at 5 AM holiday with the user screaming about the network being down.
The fact that we receive calls when things get bad, is a very good example of the principle of transparently .Users, unlike us, are not interested in technology at all. They just want technology to work so they can get their job done without having to ask why and how. So the ultimate challenge of Information Technology is to be completely invisible and transparent to users.
Every time users have to think about technology, it is because something is not working in a way it should be. When a manager has to think and ask about technology, it is usually because he needs to spend money on it (buy a mobile for example) or because it is not working as it should be. Users came to you to talk about technology when they want to buy an IPhone ,IPAD or blackberry device .They don’t care about technology unless they want to spend money on it !
Fundamentally, security is about spending good money to have nothing happen. Success is measured by the absence of events, not by the presence of them. If nothing happened, we are successfully protecting the network or at least we think we are.
So, how does all this relates to network protection? The problem is whereas network administration is about ensuring that users can get to everything they need, security is about restricting access to things.
As mentioned before, technology should be transparent to users which means it should be easy to use also and useful. On the other hand, the most secure system is the one that is disconnected and locked in a safe, dropped to the bottom of the ocean .And by making systems more secure, we are making them less usable and of course security costs money.
My point that I want to make clear here, is there is a fundamental tradeoff between security, usability/usefulness, and cost. It is possible to get something that is both cost-efficient and usable but it will not be secure. It is possible to get a secure and usable system, but it will cost a lot it in terms of money, time and personnel. Security requires planning, resources and awareness.
Thanks for reading !