About half a year ago I sat in a presentation of my colleague Frank Buytendijk who said that one of the facets of this Big Data thing is the conflict between the “hoodies” and the “suits”. The suits have been doing the thing for ages and do it as conservative as it can get. Transactions, the CAP Theorem, Consistency. The hoodies are however the ones who grow up with (big) data. They are a crowd smart enough to disagree about how to process data. They are not scared of walking away from consistency, structured data and other rigidities. They are not buying every fad, because the scale that they are thinking of would not be affordable if they did.
Since this time I walk around trying to find the information security hoodies. A key factor in information security is that professionals often do not follow the notion that old has to die and should be replaced by something new. New, more appropriate, security measures frequently do not replace traditional safeguards but keep being stacked on top of existing safe guards. The question what security layer should be replaced or eliminated is not looked at until user experience tells that server latencies have become unacceptable.
On the governing and managerial side there is no shortage of information security governance and steering frameworks. Almost every IT (management) framework there is has in the meantime been adapted to cover information security as well. While they may all have significant benefit, they are probably all no match to the agility and speed that continuous deployments and DevOps have in mid. These traditional governance frameworks are steered by the suits who want to be on top of the game, not by the hoodies who are more bottom-up types of people.
So where are the information security hoodies? Back in 2006 I met a CISO from a very big and successful company who told me to throw all boxes away. He claimed that having every Internet facing server run some sort of Linux with properly configured SYN Cookies (by the time I even had to Google what that is :D) would be a sufficient defense. All I know is that this company is still very successful to date. I would like to hear more information security hoodie stories. Please use the comment button below in case you have some(thing) to share.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.