Spent the better part of the past week in Albuquerque, New Mexico at the National Association of Government Web Professionals (NAGW) conference. A conference designed to bring together web professionals from federal / state / local municipalities in an effort to help organize, educate and otherwise collaborate. It was a great event in helping to understand how municipalities work, but it also helped to reaffirm some of my thoughts around the challenges facing website security across all industries.
Regardless of industry, there are common points shared by each that are overly familiar when speaking to website security:
- Lack of ownership
- Lack of understanding and knowledge
- Lack of appreciation for impact
Website Security Challenges Defined
Interestingly enough, the greatest challenges the website security industry faces has little to do with the technology, evolution in attacks, hosting environments, development habits, open source, or anything in between. No, the challenges are more at the core of the mindset of the web, not just amongst the web users, but those that are deploying and managing these environments.
It revolves around two very simple, yet overly complex points, for me:
- Education and Awareness.
- Webmasters, or the lack there of.