Thursday, May 03, 2012
CURES For Security Challenges In Cloud, Crowd, Big Data And The Big Bad World
An industry colleague and fellow blogger/journalist Mary Jander wrote an interesting article, "Security May Be Too Big a Job for IT" on Internet Evolution. It was a thought provoking post. Though I only see two comments on it at the time of writing this article, I am, for someone often taking contrarian views, quite in agreement with both Kim Davis and smkinoshita who wrote comments there. They talked about collaboration, and where the role of Security in an organization should lie.
With the advent of Cloud Computing, and more and more use of public, hybrid and public cloud converged infrastructures, one of the questions I am asked most often is, "Oh, is the cloud secure?"
Ironically, this is common between a housewife sitting on a flight next to me and a CEO that I may be advising.
"Nothing is secure, unless you make it a collaborative business of everyone in the enterprise to make it so," is what I, sometimes to their chagrin, bluntly tell them.
The problem is how Cloud Security, IT Security, Information Security, Data Security, Premises Security, Perimeter Security, XYZ Security, are still almost islands of imagined security unto themselves. This is not so much a technical limitation as an issue of three major distinct issues.
The first is due to enterprise architectures designed for the last century, or at best, for the last decade.
The second is the human element of doing management by dividing large entities into smaller pieces for easier management. That works great for operations, project management, etc. but is a terrible approach to security.
The third is a lack of collaboration (and integration) where it counts (end-to-end enterprise security) while organizational leaders patting themselves on the back for having rolled out some collaboration platform for sharing Word documents and Excel files.
This problem is not new. It goes back decades.
In 1999, as CEO of EverTrac, a pioneer of location-aware mobile information management & security, I was privileged to speak to top leaders at the United States Space & Missile Defense Command (I still get goosebumps at that name :-) and tell people to envisage Crystal Palace in one of my favorite childhood movies, War Games) at an Undisclosed Location in Alabama :-) .
But, excitement aside, I was surprised (and seriously concerned) when they were surprised at my saying they had to worry more about the information than about how to secure the servers and data centers, as they were focused on.
Even more, I said, they had to start thinking in terms of erasing boundaries between security departments -- not just in IT but even with and within non-IT. At the level of criical importance their Star Wars program was (and the nature of information today must be even more important and the threats even more nefarious and multifarious), not only would there be attempts, I said, to break in over the network, but physically, as well as various combinations.
The advent of mobile devices, global networks, hacking tools, complicated systems with often un-patched vulnerabilities, managed by people either lacking or not interested in keeping up with the latest iterations of technology and security challenges and solutions, all touching the cloud, make for an explosive mixture.
Even in 1999, I declared to my audience that these problems had CURES™.
I said Collaborative Unified Realtime Enterprise Security (collaboration was not yet a buzzword then) would be key to solving the problem before it became intractable. Sadly, 12-13 years later, even the top companies in private sector high information value businesses do not get it.
I continue to highlight this even more vociferously the more our lives generate, use, and are governed by, floods of big data, accessible to crowds large and small, all in a cloud with nebulous threats and security capabilities. I am glad others are taking up this serious problem.
Together, we can find the CURES!