Changing the course of business (2023 Apr 27)

It was early in the 2000s. Secure authentication methods were standard in universities and businesses but for large corporations stuck in the 1960s, clear-text authentication methods like telnet and ftp still reigned supreme. It was the spring of that year. My director of Information Security asked the team if they had any projects to propose. The leadership team would meet that summer to discuss which priorities to fund. I suggested now was the time for our corporation to start using secure authentication methods.

It sometimes takes extraordinary effort to move what set idle for a long time. To many of us today deprecating clear-text authentication for more secure methods is common sense. Those in power are quite often not tech-savvy and must explain in non-technical terms why we need the change. It does not hurt to bring pictures. Our new hires helped push this change as well. Coming straight out of university, many scoffed at the fact we were still using telnet. Even then I had to make concessions. We started with Internet facing endpoints and accounts with administrative permissions. I heard from one of our engineering design teams that once SSH was pushed out to all endpoints that new hires and power users asked to be allowed to start using it right away. There was pent up demand for the automation possibilities that SSH provided that were not available with other clear-text authentication methods. If you believe in something strongly enough, fight for it. You might be able to change the course of business.