Blogger: Diana Kelley
That’s Jack Burden, Robert Penn Warren’s aptly named narrator of “All the King’s Men.” For most of the novel, Jack tells the story of the complicated politician Willie Stark, from behind an “ignorance is bliss” façade. Over the course of the novel, as Willie’s transformation from honest citizen to corrupt politician (and almost) back again becomes painfully clear, Jack’s forced to examine his own life and reject his detachment; “It was like the ice breaking up after a long winter. And the winter had been long.”
So what’s this got to do with information security and risk management? Well, like Willie and Jack, I think we may need to go back to our past in order to make our future, to melt the hard ice that is freezing out our ability to evaluate alternatives. Specifically, I think it’s time for the industry to take a long, hard look at our assumptions about the need for fully distributed systems, ever more powerful mobile devices, and the trade-offs for risk and security. Remember terminals and centralization of data control? Have you used a Rich Internet Application (RIA) such as Salesforce.com recently? Have you really thought about what we’ve lost by insisting that every user in an enterprise needs to have a redundant copy of sensitive data on their desktop? Laptop? Phone? MP3 Player?
standing in the way of progress, let’s examine where our fantastic power of distribution has gotten us:
- A whole market-space of vendors creating products to protect content: encrypting data on distributed devices, controlling duplication of data to targets such as DVDs and USBs, content control monitoring systems policing the communication information in every packet going in or out of a network or host
- Massive amounts of consumer data going missing from stolen laptops (http://www.usa.gov/veteransinfo.shtml)
- Explosive copies of data leading to fun games such as “who’s got the canonical copy” and “where’d my customer list go?”
- Some large organizations are putting glue in USB ports (really, glue…)
- An alphabet soup of regulations (PIPEDA, HIPAA, GLBA, PCI, to name a few)
There’s more – lots more - but these data points illustrate that the distributed model has created a serious problem for content control. And I genuinely believe that quite a lot of those problems can be mitigated by returning to a more centralized model of data control. If the data is never, ever distributed, except temporarily, to a screen, the content control question changes significantly. Ask yourself, is it easier to filter content from a server to a user screen with access controls on the server or to filter that same content from hundreds or even thousands of replication points? How about application patching? Would it be easier to patch the one copy of the browser on the server that all users access remotely? Or to distribute that same patch to all of the target devices used?
Would a return to a terminal-server (or Web 2.0/RIA-server) model, solve all of our problems? To paraphrase another famous fictional character with the initials JB, “it’s pretty to think so” but patently unrealistic. There’s always a way around. There are the possible, but hard to execute, misuse cases such as cell phone camera snapshots of screen information. Really, with the capturing 4 Gigs of customer data using a RAZR, really? Much more concerning is the aggregation of risk issue, if all the data is one place, the single source repository becomes the target attack point. However, even in the distributed model, there is often a central repository that is supposed to hold the canonical copy of the data. And high-availability and data synchronization can provide back-up for central systems.
The trend points for a return to more centralized control of data are already real. Software developers have long used code repositories to maintain version control over code. SharePoint and other data repositories are bringing content together and replacing the recent past of sending multiple copies of documents around via email. Another leading indicator, the explosion of Web 2.0/RIA applications including streaming productivity applications such as Office Live and Google Office and portalized CRM applications such as Salesforce and SAP.
Sure, going terminal-server would change things. The model is dependent on persistent, always on network connectivity. With almost ubiquitous wireless access we’re closer to that reality today than we were a decade ago, but there are still many instances where network access is slow, prohibitively costly, or just plain not available – planes for instance. And all the expensive hardware and operating systems companies have invested in pose a real financial consideration. Dump them for inexpensive terminal, and portable terminal,- only devices? Oh – who manufactures those, yet? Or lock-down expensive, already depreciating hardware to make them dumb terminals? I didn’t say this was going to be easy.
All I’m saying is that - just because we have the ability to do something doesn’t mean it’s the best thing to do. Willie had to learn that his newfound Realpoliltik power to make shady building deals and have extramarital affairs ultimately caused more harm than good both for himself and for his constituents. I think our power to distribute data has hit a tipping point and may be causing us more harm than good and that it’s time to take a look at the past, melt the ice of our assumptions, and rethink centralization.
What do you think?