By Andy Marken
You may have noticed over the past six+ months or so that bad folks and evil doers have been exposing software, infrastructure and cloud service vulnerabilities with devastating results:
- Heartbleed infecting 10s of thousands of servers
- Someone burrowing into AWS management structure and wiping out a customer's customer base
- Folks building in backdoors to "handle" things
Years ago, Dave Poque wrote a piece in the New York Times about how it was amazing that computers even worked at all.
There are hundreds of different parts from a bunch of different firms put together in a device that runs on someone's platform and uses a bunch of different programs (from different people) to do work for you and they all sorta', kinda' work together, clash with each other and at times go off and do weird things no one can figure out.
Today, it's worse!
We have 100M plus computers, a few 10s of million tablets, billions of smartphones, 10s of millions of servers, several billion apps/programs, 10s of thousands of cloud services, billions of people (users) doing whatever they please, millions of interested governmental folks and 100s of thousands of bad folks.
Individual users (smart ones, anyway), companies and cloud services buy, install and use a wide range of security technologies, then cross their fingers.
But the problem is complex to explain.
Or, as Joe Enders said, "You think too much."
The fact is there's simply no silver bullet out there.
Devices Grow – The range of digital device options consumers can purchase continues to increase as people keep adding devices to their growing number of connected solutions.
We've come a long way since dinosaur systems dotted the landscape being tended by dinosaur programmers (the herd has so thinned that they're now in high demand).
Old and Running
There are still holes in those systems that were there at the beginning of time.
Now folks are finding more holes in more programs/apps--not because computers/devices and programs are better in finding them, but because people are paying more attention to security and looking for the flaws more aggressively.
Still, it seems the way most are discovered is because someone got ripped off.
That hasn't slowed the growth of cloud services (formerly referred to as outsourcing) because they only offer "good enough" security.
After that, protecting the stuff is the data owner's responsibility.
But as Joe Enders said, "I can't do my job!"
Ballooning Clouds
Because they're the biggest cloud in town, Amazon's cloud business is supposedly on track to help the company hit $6.7B next year.
Cloud Dynamics – Cloud services are on everyone's lips because they help you get to market faster, be more responsive to market changes and lower costs. Even as they are constantly penetrated, their luster continues to grow.
Their growth (58 percent) has well surpassed MS, Oracle, Salesforce, HP, Dell, you name it.
About the only one who is doing better is Google.
Why not? The cloud is irresistible – faster to market for start-ups and reduced costs for companies, enterprises, government agencies, everyone.
And it's soft, cuddly and full of holes!
Innocent – Someone was really smart to call offsite computing and storage "Service in the Cloud." It's so innocent and friendly looking that it's hard to believe it could be the source of massive destruction.
Since the basic infrastructure (hardware/software) has remained relatively unchanged since the beginning, guess where the attackers go?
Yep, to the cloud!
The problem is two-fold – code writing is tough and folks go "outside the system" to use apps on their devices.
Programming is Tough
People don't build programs/apps from scratch; they use a variety of open source or commercial software/services to build their solution and some of those things may have "issues."
Programmers add passwords during development/testing and forget about them or they add backdoors for testing and to let them add features and/or manage the stuff for you.
They trust data input from external sources like Web-based forms and databases because they need to be accepted to run properly.
Occasionally, stuff happens!
The data has to be ruggedly encrypted all of the time--no matter where it's at or how long it's been sitting there.
Programmers often don't make it as easy as possible for authorized users to "do the right thing" with built-in hurdles that seem logical ... to a programmer.
Ordinary folks devise a "unique" work-around and leave a big, beautiful opening.
Programmers forget the fundamental programming rule -- figure folks are going to introduce vulnerabilities and plan accordingly.
Devices – While some people are able to replace one device with another, most people just add to their computing/communications arsenal.
The boss may have started the BYOD (bring your own device) wave when he gave the go-ahead to use them at work, but it's the new kids that opened up the security gate.
Kids!!!
According to a Trackvia report, millennials are more likely to go out and get their own apps because the ones the company offers don't meet their needs.
To solve the problem, Joe Enders said, "You're blocking my view."
Without looking in the rearview mirror at the disaster behind them, they'll pick 'n choose the apps that work and to heck with corporate security.
Overloaded – Tell people there are free apps that will help them do more with less stress and they'll pack them on their devices and just keep stacking them up, even if they can't work through them all. Each has the potential to leave a bad taste in your mouth.
Wait a minute, folks!
Look at your notebook ... look at your tablet ... look at your smartphone.
You have apps for this, apps for that, apps for just in case you get in the mood.
Wrong!!!!
You probably haven't used half of 'em, don't know what many of them even do/don't care but you hang onto them ... just in case.
Getting stuff done, being entertained, being occupied, being productive isn't about programs, apps.
We need to fix the whole Internet/web thing.
You know, the iNet 2, Web 2 we've been talking about for years (and getting nowhere).
Something along Corning's "A Day Made of Glass" (check YouTube) would be so cool.
Glass Day – Corning's "A Day Made of Glass" videos make it feel so natural to move from room to room, location to location and simply be able to bring up your information, your content. It's so much more natural than constantly checking and recharging your devices.
Gartner calls it cognizant computing, which is based on your personal information and interests associated with you. Of course, there's already a company with that name so we'll have to buy 'em out.
I still hold out hope that one day, the Internet will be fixed, default pervasive identity will get baked in and we can hold those who do us harm more accountable, as in the real world
Programs/apps would disappear into the background ... way in the background.
You won't need your things – devices – because your data/stuff finds you at the office, home, cross town, around the globe.
Companies (B2B and B2C) would implement systems would that monitor their networks/servers, check for anomalies, call-out security incidents, patch systems and beef up firewalls.
There would be a default, pervasive Windwhisperer's identity built into the content that is uniquely you.
If someone taps into it or breaks it (hey, they're gonna' try, you know), then the security solutions would track 'em down.
Then, as Joe Enders explained, "I took a grenade, threw it in there and blew him up."
Cisco's IoE (Internet of Everything) makes sense because the system would know where you are, what you've been doing/are doing, what you had previously, want now and adapt to you rather than forcing you to adapt to it/them.
The only thing we have to solve is similar to Ben Yahzee's observation, "He wondered about cowboys watching Indians' backs. Something about it didn't seem right."
