What is security through obscurity?

By Charles

May 12, 2016

business advice, cybersecurity, data security

Security through obscurity can be your downfall.

If you do not understand your security, how do you know it will protect you?

How can you test your security if you do not know what you are attacking?

What does ‘security through obscurity’ mean?

To put it bluntly, security through obscurity is evil. It is a false hope that your safety is solid, impenetrable even.

The phrase means no one inside the business understands the security model, so they believe that no one else will be able to figure it out either, which somehow should make it secure.

Do you want to place that bet?

Do you want someone to brute force their way to find a chink in your armour?

It is not a principle that people implement. However, it is a description of how a security model looks.

If you do not understand how your security is set up or why it has been set up in a particular way, this can leave you vulnerable to attack.

Finding ways around security is relatively trivial.

There are many tools to do it for you, but breaking security is a process; as such, it just takes time.

It requires that you first understand what is in place for you to create an attack to help you achieve your goal of gaining access or stealing data.

How should you secure your systems?

Security should be simple; there is divinity in simplicity.

It should be understandable; if you do not know how it works, you will not know how it will not. It should be in-depth.

It would be best to have one security strategy but multiple levels of security to protect your business and your data.

These levels, the depth, at the very least, make it take longer to bypass. If you are too hard a target, you will dissuade the ones looking for an easy payday.

Half of the job of creating and protecting systems is trying to break them. You should break your system and make a fix before going live than letting someone else enter and leave with your data.

This is why all the large Tech companies offer ‘prizes’ for finding hacks to their systems. Even if they have 500 security researchers on staff, they know that it cannot compete with 5 million potential experts taking a peak.

Conclusion and Quick Security Tips

Here are a few quick tips you should follow to secure your systems properly

  • Design your security model
  • Use multiple levels of defence
  • Regularly test your defences
  • Understand how your security works on a fundamental level
  • Constantly make backups and create restore points to avoid calamity


About the author

Microsoft Certified SQL Server DBA with over a decades experience including work for large FTSE 250 companies amongst others. The SQL Server stack has been the focus of almost all of my career in IT. I have experience designing, supporting and troubleshooting large Data Platform deployments.

You might also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}