Hello world... let's talk security
Systems security is endlessly fascinating, because it is a mirror of our sloppy habits which seem to come out in force in cyberspace. Computers are merely dumb machines, which excel at doing dumb things faster, and that includes multiplying any security risks. Everything becomes magnified by the power of the processing.
The general trap we fall into is that somehow we assume that out of sight is out of mind, and not only that, but we don't realize that just because issues are invisible to us, does not mean they don't exist. When they make themselves known, it usually boils down to the fact that ease of use took precedence over proper design, which is easier all the time, because designing anything has seemingly become so easy, and skill and expertise are underestimated.
Just watch people who think they can write, and spell, because they have a word processor, and spell checking. You'll see how quickly then and than become interchangeable, and the spelling checker will miss it, because the spelling is correct.
Good security is not a thing, it is a mosaic of people, habits, and technology, and it requires your active participation.
Too often, security has been an afterthought, but security is much harder after the fact: it cannot be bolted on. It should be designed in from the outset, and the newspapers are full of stories of companies that ignored that, and paid the price, often hundreds of millions, in the case of some security breaches yielding heists of millions of credit cards. And while you may certainly need a patch or some security mechanism to protect system vulnerabilities, in the long term it pays to plan ahead, so you don't become like those people who buy an alarm system promptly after they were robbed.
The general trap we fall into is that somehow we assume that out of sight is out of mind, and not only that, but we don't realize that just because issues are invisible to us, does not mean they don't exist. When they make themselves known, it usually boils down to the fact that ease of use took precedence over proper design, which is easier all the time, because designing anything has seemingly become so easy, and skill and expertise are underestimated.
Just watch people who think they can write, and spell, because they have a word processor, and spell checking. You'll see how quickly then and than become interchangeable, and the spelling checker will miss it, because the spelling is correct.
Good security is not a thing, it is a mosaic of people, habits, and technology, and it requires your active participation.
Too often, security has been an afterthought, but security is much harder after the fact: it cannot be bolted on. It should be designed in from the outset, and the newspapers are full of stories of companies that ignored that, and paid the price, often hundreds of millions, in the case of some security breaches yielding heists of millions of credit cards. And while you may certainly need a patch or some security mechanism to protect system vulnerabilities, in the long term it pays to plan ahead, so you don't become like those people who buy an alarm system promptly after they were robbed.
Posted by Rogier at 7/26/2011 2:10 PM 
Categories: uncategorized
Tags: systems security security risks invisible security breach
Categories: uncategorized
Tags: systems security security risks invisible security breach
Comments