Go listen to Day Two Cloud 177: IT Security is Broken; Here's Ideas On How To Fix It. Great interview between Ethan Banks and Mick Douglas discussing some of the failures in approach to security in business protection.
Some key points I took from this
- Prevention is good. Detection is key!
- My security is against not only attackers, but also compliance and auditors. I need to survive all of them.
- Mono culture of OS and cloud deployments mean that the attackers have "my" container, "my" apps in their labs to test against before they get to me.
- Does security really protect the risk? Or am I spending $1M to protect $10.
- And finally... "Security is a journey and not a destination" or maybe better put "Security is a process and not a product".