Whew – it has been a while. So what have I been up to?
Got my CISSP certification, started the new office space and location for Consultantgurus, hired a new Marketing Director, landed some more business, and am now tripping over myself getting through the days! 🙂
Where is the new internet world headed? Complexity begets an accompanying loss of assurable security, as is evidenced by all the unhappy digital break-in news around us. There is even lesser comfort in the fact that most of the software out today is was never designed with security in mind, and is today uncomfortably ensconced in an ostensibly protective cocoon of security devices, that seem to work more to prevent the application from working rather than prevent it from attack.
Our biggest shortfall today seems to be our lack of recognition that hat we know is not even the tip of the iceberg – and yet most leaders and managers focus on just that little tidbit and ignore the larger danger of the unknown and undefined lurking below. In this headlong rush to cut costs while maintaining operations, the easiest win SEEMS to be to automate functions and drop head count, but that is the worst thing to do in the security domain. The big losses are:
1) Loss of institutional knowledge that seasoned warriors have, that will take newbies ages to learn
2) Automated scanners and detectors can only recognize known attacks – they are helpless against the unknown or zero-day attacks and vulnerabilities
3) Today’s fuzzy logic solutions are not seasoned solutions. While they represent cutting edge technology, they still have to be field proven – and do you want to be the one providing the field test opportunity, especially with the crown jewels of your digital assets at stake?
Automated solutions can at best complement a well-rounded security team – they cannot replace them (not yet, anyways!).
Got comments? Email me at mani SHIFT-2 consultantgurus – dot – com. I gave up on all those automated solutions that promise to secure me and at some point fail miserably – or are so difficult to configure that the corresponding rocket science degrees are way beyond me 🙂 Write me, and I promise a response.