STE WILLIAMS

The Benefits and Significance of Private Platform as a Service

A high profile UK government cyber security campaign aimed at changing attitudes to online security has come under criticism for the poor quality of its expensive website.

Cyber Streetwise was launched with great fanfare, and much positive comment from the IT security biz, last month. The £4m campaign is led by the Home Office, funded by the National Cyber Security Programme, and delivered in partnership with the private and voluntary sectors.

Building better security awareness is a noble aim and El Reg gave the scheme a broadly positive welcome. But it seems that we might well have let our cynical guard down, judging by the criticism the cyberstreetwise.com site has received from website development experts and other observers, a perspective that stands in stark contrast to the flood of earlier praise from IT security vendors.

Developer Chris Applegate wrote a hard-hitting critique of the site, making a number of criticisms over its generally poor design and unintuitive user interface as well as pointing out that “a lot of the content of the site is just links to other sites”.

“Rather than pages, you’re presented with a set of ‘shops’ on a cartoon ‘street’,” Applegate writes. “This is not only an incongruous metaphor, but it makes it look like a site aimed at children rather than adults and business owners.”

Applegate is even more scathing of the architectural design of the website.

“Even in a Web 2.0 age, conventional wisdom for a web site that delivers chunks of static content (rather than a fully interactive web application), you deliver the majority of your content from your CMS as HTML pages; meanwhile JavaScript is used to control interactions on that content within each page,” Applegate explains.

“This site rejects that model in favour of something I’ve never seen before at this scale — it pre-loads the entire website’s content as one massive JavaScript global variable (350kB worth in the source code of the homepage. Then there’s another very large script (over 290kB and 8,000 lines) which parses outputs the relevant page or section back into HTML for the browser to render. Throw in the CSS and other scripts (jQuery, analytics etc.) and the weight of the text files alone, not including images or fonts, is nearly 1MB.”

“This is the kind of code you might write for a bet (‘Let’s replicate a CMS and HTML tree builder in pure JavaScript!’) rather than put on a production website,” he concludes.

Ouch.

Other lines of criticism include those expressed by IT consultant Paul Moore here about “shoddy content” and questionable advice.

We attempted to put these criticisms to people behind the project, who referred us to the Home Office press team. Despite numerous calls and emails over several days El Reg was unable to solicit any defence of the scheme. If this was a football match it’d be declared a walkover.

The downbeat assessment of the site by developers sits in stark contrast with the cheerleading by information vendors at the time the site was launched last month.

Matt Palmer of the ISACA Security Advisory Group described Cyber Streetwise as an “extremely useful resource for small business managers”.

Martin Sugden, chief exec of Boldon James, described it as “a great step towards helping SMEs combat the ever-present cyber security threat”.

Ashish Patel, regional director at McAfee-owned security appliance firm Stonesoft, added that Cyber Streetwise embodies the “growing value placed on cross-industry and governmental collaboration within the security space”.

Sophos, meanwhile, was keen to big up its association with the project.

The Cyber Streetwise website – www.cyberstreetwise.com – offers a range of interactive resources for SMEs and consumers to gain impartial advice on how to protect themselves online. Sophos, which has provided security expertise and content for the Cyberstreetwise site, is also pushing visitors from its own dedicated web page – www.sophos.com/cyber-street – to the Cyber Streetwise website.

As Applegate notes, “it’s not nice to call out on the quality of others’ work, but sometimes it has to be done.”

Separately, a recent survey commissioned by BT found that the UK trails other leading economies in cyber-security awareness. Fewer than a fifth (17 per cent) of UK business leaders view cyber security as a “major priority”, compared to 41 per cent of a sample of US IT decision makers quizzed in the same poll, as Out-law.com reports. ®

4 reasons to outsource your DNS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/02/14/cyber_streetwise/