Obtuse Networking

"IT Security Is Broken?"

Michael Graves -

Go listen to Day Two Cloud 177: IT Security is Broken; Here's Ideas On How To Fix It.  Great interview between Ethan Banks and Mick Douglas discussing some of the failures in approach to security in business protection.

Some key points I took from this

  • Prevention is good.  Detection is key!
  • My security is against not only attackers, but also compliance and auditors.  I need to survive all of them.
  • Mono culture of OS and cloud deployments mean that the attackers have "my" container, "my" apps in their labs to test against before they get to me.
  • Does security really protect the risk? Or am I spending $1M to protect $10.
  • And finally... "Security is a journey and not a destination" or maybe better put "Security is a process and not a product".