Gartner Blog Network


Where are the information security hoodies?

by Joerg Fritsch  |  February 24, 2014  |  1 Comment

About half a year ago I sat in a presentation of my colleague Frank Buytendijk who said that one of the facets of this Big Data thing is the conflict between the “hoodies” and the “suits”. The suits have been doing the thing for ages and do it as conservative as it can get. Transactions, the CAP Theorem, Consistency. The hoodies are however the ones who grow up with (big) data. They are a crowd smart enough to disagree about how to process data. They are not scared of walking away from consistency, structured data and other rigidities. They are not buying every fad, because the scale that they are thinking of would not be affordable if they did.

Since this time I walk around trying to find the information security hoodies. A key factor in information security is that professionals often do not follow the notion that old has to die and should be replaced by something new. New, more appropriate, security measures frequently do not replace traditional safeguards but keep being stacked on top of existing safe guards. The question what security layer should be replaced or eliminated is not looked at until user experience tells that server latencies have become unacceptable.

On the governing and managerial side there is no shortage of information security governance and steering frameworks. Almost every IT (management) framework there is has in the meantime been adapted to cover information security as well. While they may all have significant benefit, they are probably all no match to the agility and speed that continuous deployments and DevOps have in mid. These traditional governance frameworks are steered by the suits who want to be on top of the game, not by the hoodies who are more bottom-up types of people.

So where are the information security hoodies? Back in 2006 I met a CISO from a very big and successful company who told me to throw all boxes away. He claimed that having every Internet facing server run some sort of Linux with properly configured SYN Cookies (by the time I even had to Google what that is :D) would be a sufficient defense. All I know is that this company is still very successful to date. I would like to hear more information security hoodie stories. Please use the comment button below in case you have some(thing) to share.

Category: information-security-strategies  perimeter  server-security  

Joerg Fritsch
Research Director
1 year at Gartner
15 years IT Industry

Joerg Fritsch is a Research Director in the Gartner for Technical Professionals Security and Risk Management Strategies team. His specialties include information security, data center and cloud security, big data (analytics), cloud computing, PaaS, distributed systems, messaging and event-driven systems, and very fast networks and servers. Read Full Bio


Thoughts on Where are the information security hoodies?




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.