9/28/11

IT Security — Moore's Law Meets The Red Queen's Hypothesis

Oh how I long for the days when I would boot up my IBM 8086 PC off of the dual-floppy drives and not have to answer any security questions in order to get to my word processing program. Granted, it was slow… but it was simple. It wasn't connected to a fast Internet connection… but I was just happy to be able to see the three emails that came in each day. However, time marches on… speeds increase… software upgrades… networks expand… some idiot decides to hack into the system… then the IT world's version of the TSA begins its march to make sure "our systems" are not hacked. It's too bad we've stopped having "smoke breaks" at work, because each time we log in to our computers, open email, load a template in our word processors, or try to watch YouTube an online training video, we could go outside and light up.

I know, I know… IT Security is needed to keep the bad guys out (and it seems that there are many bad guys out there.) The drawback to this constant war on hackers is that we have all suffered the effects of the long slog against an enemy that simply won't die… won't surrender… and adjusts their tactics whenever we've had any reasonable success against the existing attacks.

It seems that every year a new layer of security is added. Here's just a few that come to me off the top of my head:

  • Username/Passwords
  • Advanced Password Requirements (where you have to add CAPITAL letters, Numb3rs, and Sp#cial Ch@racters)
  • Bio metric readers (finger print scanners)
  • Digital Codes on key chains that change every 60 seconds
  • Anti-Virus Software
  • Network Security Devices (anti-sniffer, sniffers)
  • Remote mobile devices wipers
  • Encrypted hard drives
  • Secure WiFi
Everyone of these (and the dozens or so I'm sure I didn't list) are reactions to security threats that have either happened to your place of work, or to some other place of work and your IT staff doesn't want to happen to them. Each of these is a burden upon the IT Group, the computer you're using, the network you are on, and on you and your work production. The end result is that we have a fight between Moore's Law and the Red Queen's Hypothesis:
Speeds Double Every 18 Months…
But, We Need Them To Double Twice That Fast To Get Anywhere!!
I would have hoped by now that we would have things like automated security, instant boot-ups, programs that don't move slower than their Windows 95 versions, tri-corders and food replicators… but alas, we do not. We seem to be stuck in an information world that is stuck marking time in a battle where winning is defined as simply not losing. I have to go now… my email program finished loading… and I have to make sure Postini didn't capture any emails that I actually need to read.

Bookmark and Share

3 comments:

Scott Preston said...

Greg, I agree that we seem to be moving in the wrong direction on security. However, as I see it, this level of security is a necessary evil. In the early days of the Internet you could practice safe surfing and be fairly confident you wouldn't have issues. That is not the case anymore.

There are flaws in all computer operating systems and programs (and there will be at least until computers are writing the code). Once there is a large enough market, people will take advantage of these flaws.

MaryGrace said...

Greg, We have had all of the items you list on our system for several years now. Not to mention, we have an automated scan on all enterprise pc's for rogue, forbidden applications. Boot up really takes a hit as this is running. And just recently we added Winzip Courier to encrypt email attachments (although we still don't really have encrypted email). As for what you hoped we would have by now, to paraphrase Lewis Black, we'll have all of those things plus flying cars the day after I am dead.

Hongwen Zhang said...

Its true that because there are constantly new malware and security threats being discovered, additional layers of security must be added in order to address zero day concerns. With the recent rise in data breaches targeting a variety of markets, we are learning that no industry is safe. One of the ways users can protect themselves is by ensuring network layer Data Leakage Prevention (DLP) to prevent the outflow of user data. Our company, Wedge Networks continues to lead the efforts through our Deep Content Inspection approach to prevent the good things from flowing out and the bad things from coming in.

 

© 2014, All Rights Reserved.