Tuesday, 13 March 2007

Same old story?

I don't know about you lot, but much as I love IT security, I love the new things, not the old things, things which make me go "yeah!" and going back over old ground every time I need to explain the new stuff is starting to get to me. I want to be at the cutting edge all the time, not going back to basics.

I've been reading the other blogs on Feedburner's Security Bloggers Network today, something I rarely get the time to do, and there's one overwhelming thought that keeps crossing my mind. Are we repeating the same stories over and over again?

Alan Shimel's RSA webcast, just posted as I type this, is typically well thought out and well explained, to the point where he sounds like an ever patient father explaining the same thing to an errant child... again. He's explaining why insider threat is more prevalent than external threat these days, something I blogged briefly about myself just last week. Although I rather think more people have seen Alan's webcast than my blog, (it's far more interesting and you don't have to read it). Haven't we been using this story for years though? I did with encryption, access controls, and more recently NAC and data integrity (and that was in the UK, it must have been even longer in the States!).

Mitchell Ashley in "The Converging Network" blog has posted recently about the death of the firewall (hooray!) as firewalls move towards UTM solutions. And about time too. This is a well written and well researched article from an uber-smart guy, not everyone could have written it. I also blogged last week about how network security has been split up into many different solutions (the opposite of what Mitchell says is now happening at long last). I'm pleased that it's moving towards UTM at the perimeter. Sadly I don't think the vendors will allow this transition to be that quick, but it puts the focus (and the budget) back in the equally important areas of user and data security. But still at the root of this, isn't there a CIA triad somewhere? UTM is surely just about ensuring the Confidentiality, Integrity and Availability of the network at the perimeter. Please correct me if I'm wrong.

Don't think I'm saying this to be cynical, certainly not about what these guys have achieved. What they prove to me is that I need to keep on trucking. We need to be telling this stuff at the right time. Security is all about hitting the market when it's ready, believe me when I say I know what it's like to miss.

Maybe this is why I love IT security however. The people I work amongst, not the explanations. We are some of the most patient people I know, always prepared to take time to explain to people, even when they are asking the "stupid questions". Something I have stated at least once a week (since I stopped working on a helpdesk) is "There are NO stupid questions, only stupid answers". This sometimes varies, "...only stupid people", "...only stupid haircuts", etc. depending on my mood, but the sentiment is the same. Sometimes now my head gets so tied up with the minutiae of security that I crave a stupid question so I can get back to grass roots and prove to myself that I do know what I'm talking about.

And actually, the market does move on. The principles stay the same, but the stories are just as relevant now as they ever were. I may feel a little bit like I'm the only person in Europe who cares sometimes, certainly there are few others in Spain, and I've worked with most of those in the UK that do. What I need to do is get out and meet some like-minded people, talk about really complicated stuff for a few days and get my security fix. See you at InfoSec.

I'll be the one explaining data integrity v-e-r-y s-l-o-w-l-y.

No comments: