Monday, 12 March 2007

Good money after bad?

We all know how easy it is to get carried away with spending money when you're in the mood. I went out for dinner three times at the weekend, including an unprecedented Sunday night trip out to the Passeig de Gracia, just because I couldn't be bothered to cook. So why didn't I just get a sandwich from the shop at the end of my street, which like all good Spanish shops, is still open at 9pm on a Sunday night? Bear with me, there's a point to this. The reason I didn't go there is because I had got used to a level of service, a level of satisfaction provided by the wares of the folks in the middle of town, and I thought one more dinner wouldn't hurt. I will read this post again at the end of the month when I am reduced to begging for crumbs from my workmates before the next payday.
This is something which happens all around us. Not just in our private lives, but in our working lives too. It is pretty dangerous for our security. If I keep eating out in fancy restaurants, I will just become poor and fat. My wife may leave me for a rich Spanish waiter, and I may lose my job because I am unable to fit through the door to get to my desk. This is a Worst Case Scenario.
In all seriousness however, when this happens with our IT spending, as it has done for some time, it leads to bloated networks, unable to run with the competition, unable to create new business because they are growing in the wrong direction, or putting all their eggs in one basket.
It is bad for companies not to experience a few security problems, it is worse for them to experience one. Once we start going down one road to protect ourselves we rarely want to turn off. This is why firewalls are so popular still.
I have already vented my hatred of firewalls. This is not very fair of me. Firewalls are fine, it is the marketing people behind them that are vile. Firewalls fix a problem for sure, just as anti-virus fixes a problem, load balancers, IPS, encryption, etc, etc. all fix A problem. But for God's sake don't go blowing your wad on a new one every year. It just isn't necessary.
I've already put forward my view of how we should be protecting transactions more completely. A lot of people are anti layered security. The more applications that are in one solution, the more holes are likely to appear. I've heard this put forward even this week, and to an extent this can be true. But only if you don't know what you're installing. Get a decent SI and you shouldn't have this issue.
Personally I think you should have at least 9 different vendors providing at least 9 different areas of security, plus backups, monitoring and reporting. So make that 12.
But WOW, isn't this going to get expensive? Not at all. Open source solutions are available, there are many great open source firewalls, some good IDS/IPS solutions, antivirus, even certificate authorities. Some of it you will have to pay for of course, hardware can cost a little bit, and the less well known solutions you will need to dig into your pockets for.
Open source is the way forward, that's why it's so popular. Loosely coupled, SOA Security frameworks are being developed now which will cut out the problems of integration, and the phantom "holes" in security. Keep your eye on these developments, they will transform security as we know it in the next 10 years.

No comments: