Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Food for Thought Friday: REST, DNA and the Diversity of IT

by Neil MacDonald  |  January 8, 2010  |  4 Comments

Over the holiday break, I watched an excellent presentation on PBS titled “What Darwin Never Knew”

During the 2 hour show, it stuck me that all of the diversity — from the simple to the complex — of life on earth is expressed with DNA using only four types of molecules called bases – abbreviated as C,G, A and T.

Then I remembered some of the REST versus WS-*/SOA discussions I’ve been involved in over the past few years.

If four bases can express all of the diversity of life on earth, why can’t four programming verbs express all of what we need in applications — from the simple to the complex?

And just so this thought doesn’t stray too far from information security – I see far too much complexity in our information security infrastructure, many times in the name of “defense in depth”. Don’t get me wrong, DiD is a sound principle, its just that somehow the vendors and some overly zealous security practitioners have warped this into meaning spend lots and lots of money on lots of lots of point solutions. 

One of our goals for 2010 should be the reduction of information security complexity and one of the first ways should be the consolidation onto security platforms that consolidate multiple, disparate security point solutions.


Category: General Technology Information Security     Tags: ,

4 responses so far ↓

  • 1 Nick Gall   January 11, 2010 at 4:27 pm

    Neil, Funny you should mention DNA. Turns out that both REST and DNA are “spanning layers” (like the Internet and the Web). The systems biologist John Doyle has a great slide deck showing DNA as narrow waist of an hourglass labeled “Molecular Machines”. See

    The top of the hourglass is labeled “proteins” and the bottom is labeled “atoms”. The power of a simple generative grammar…

  • 2 Francois Lascelles   January 18, 2010 at 12:52 am

    Nice analogy, Neil. I think four verbs are plenty for a lot of cases.

    There is room for both REST and WS-* in the enterprise. And talking about security and REST, some standardization will help with adoption. The use of proprietary mechanisms seems prevalent out there. See

  • 3 Neil MacDonald   January 18, 2010 at 7:21 pm

    Nick – excellent link – I’d recommend anyone interested in this thread to take a look at the presentation linked to. Very thought provoking.

  • 4 Neil MacDonald   January 18, 2010 at 7:26 pm

    Francois, its the darn asterisk that kills us! That’s short for “there’s too many of these WS- standards to list, so I’ll just shorthand it”.
    Trouble is, there are too many and some of the higher level standards really haven’t taken off. Its quite possible to build completely un-interoperable systems based on WS-* which is why WS-I was created (a defined, manageable subset that is interoperable).

    Let me ask you a question, what could I do with WS-* that I couldn’t do with RESTful protocols?