Too Big to Fail

In recent years, we have become accustomed to phrases such as too big to fail. This is a notion that has been applied to once august financial service organisations, and is a philosophy that drives to a certain degree the bail out that Greece has requested.

During our team field-trip to this year's InfoSec, I started thinking about this idea in relation to the cloud, and whether it is a phrase we can look forward to hearing with respects to out industry. It seems like a pretty fanciful notion looking at the world from 2010, but I don't think it is quite as ludicrous as some of the cloud security panel members thought.

We're currently on the verge of the cloud revolution, with a great deal of players trying to assert themselves as the platform/service/layer of choice for everyone to run their apps or store their data. The big guys in the ring on this one are geared up for a massive bun-fight over their position. It's a fairly logical conclusion that, as with previous IT technology markets, there will be dominant layer providers. Therefore, it is not unreasonable to conceive of a single company, which provisions for a massive amount of data, failing. This failure could be financial or otherwise. Now, imagine this provider has the data and apps for numerous local government agencies, charities, businesses, the loss of which would have an indelible impact on national, or international, economies.

I agreed that there are a lot of what ifs for this to happen. However I get the sense from tapping on the wall of knowledge of the experts on the panel, that we're on a real frontier here and once again making it up as we go along.

Don't Listen to IT Security Professionals

There, that title got your attention. In same way the title of this interesting article manages it. It turns out that certain IT security professionals are not using anti malware/virus protection on their machines. I think that the pros in the article are talking about desktop machines, and not a server environment. One quote in particular is interesting and amusing:

"I've never used AV software and I've never once been infected with a virus."

My first reaction to that is - if you don't have detection capability, how do you know? OK, flippancy aside, there are some important things about this topic, which are mentioned in the article, and some that are not. It's not a secret that the current technologies for detecting malware and viruses has been increasingly bad at their job. We're no longer in the days where vendors can claim 99.999% detection rates, simply due to the fact that the signature-based approach has been out manoeuvred by the polymorphic nature of the malware out there. Amongst the problems with signatures are the fact that they take human intervention to be created, they require multiple databases, create massive databases, which impact on endpoint performance - it's well documented. So, in terms of the latest and greatest threats, sure, don't rely on what you're doing, and stick to best practices.

When it comes to the 'typical user' (this is an entirely different topic, and should be looked into further as it's an interesting concept- more on this later) the security pros in the article are right - keep your AV. However, I would say the same is true for them as the regular user. How do you know you're not infected unless you've been checked? The need for this software is there, as a baseline, and it should be used as part of a holistic strategy.

In terms of the weaknesses in the technology, these can be addressed in a number of ways. There's a shift going on in terms of the manner in which we provision for security with best practice, architecture, and so on. So, that's the holistic part. In terms of detection, there are some new and interesting technologies around that can take a look at behaviours, thus cutting out the need for the old signature-approach.

So, don't listen to IT security pros, as they very often don't practice what they preach.