Is security -related work that is not in the contract is the responsibility of the maintenance and operator.

Security support that continues to increase every day

　For more than 30 years, I have been in the IT industry, and I think that it has changed a lot compared to the past, especially the security measures in IT development and maintenance, especially its effort.

　In the old days when the Internet was still rare, there was no major problem, even if it was a fairly confidential system, if you managed your login ID and password properly.And the implementation and maintenance and operation of the function for that was like a "bonus".

　But now it is different.There are many things that need to be considered by login alone, such as element authentication, biometric authentication, and OAuth, and recent system development, such as encryption of communication routes and storage devices, cloud service security, and software safety.And maintenance and operation, the effort required for security measures is increasing rapidly.In some cases, it seems that it will exceed the necessary effort to implement the original function.

　In such an era, users cannot leave the security of their system to vendors.With the preparedness of protecting your own system, it is an era where the user is required to consider the necessary security measures and define it as a requirement.

　But in fact, it's true that IT amateurs don't know what to do with system security.It may be quite a hurdle to decide what to do with the vendor who requested development and maintenance and how to define what to do.

　The incidents we take this time are also a dispute over such security activities.This is an incident that happened because a user without knowledge did not specify the security activities to the system maintenance operator.It was an incident that an amateur user was responsible for the security of the company's system and what to do.Let's start with an overview.

* This continuation can only be read by members (free registration).