Security professionals must stop being afraid of every “new” technology that comes along, says Hurricane Labs' Bill Mathews.
One trick that “new” technologies often pull is calling themselves something they are not. Cloud computing is hardly new or all that different – it's all in the marketing. We should look beyond all the marketing bluster and acknowledge these technologies for what they are: old, repackaged failures.
The smartphone market has been around for at least a dozen years. Nothing magic, nothing special except their size. When Steve Jobs dreamed up the iPhone, he wasn't “creating a new communications paradigm.” He was simply repackaging and prettying up other people's failures and putting some shine on it. Is it amazing Apple was able to create a market where none existed? Yes. Does it mean we need to switch around defenses on our network just to accommodate yet another wireless device? Not really. Does it mean our “perimeter is dead” (my new favorite scare tactic among salepeople)? No, it does not.You can never secure something unless you understand it. You will never understand it unless you unwrap a lot of the nonsense surrounding it. You can never secure something you're afraid of. You will never stop fearing something until you're familiar with it.
The moral of my little rant here is that security professionals must stop being afraid of every “new” technology that comes along. Cloud computing is the same as the outsourced data center. The same security principles apply. The smartphone equals the small form-factor computer. It's no different.
We have to stop saying “no” to everything. It makes us seem obstructionist, even if our intentions are good. Instead, we should embrace the mantra, “Let's understand it and proceed with caution.” This attitude will fix a lot of problems in the security industry and, who knows, it might help secure some places along the way.