It's almost possible to feel sorry for security professionals. They've spent years putting systems in place to protect businesses. They've hardened the perimeter and made sure data was centralized and safe at the core of the network. They've begged people to be careful with their mobile devices.
Now, with mobility and Web 2.0, all that has been turned on its head. These new approaches are by nature highly insecure. Just as quantum mechanics is based on the idea that it is impossible to know both where something is and the speed at which it is moving, it is impossible to simultaneously make a piece of data more secure and more available.
Of course, security staffs must do just that, uncertainty principle founder Werner Heisenberg be damned. The struggles faced by businesses are outlined at Dark Reading, which reports on an Interop session featuring representatives from U.S. Bank and the University of Notre Dame.
The story portrays the bank as having a flexible strategy, with a focus on end points. The company locks down USB ports, outlaws iPods, scans for sensitive data such as credit card numbers, finds and deletes dangerous ULRs, and carefully tracks the flow of data in the organization. The piece discusses the special problems faced by The Norte Dame and other academic institutes, but doesn't describe what measures The Fighting Irish have been put in place.
This ITtoolbox posting discusses Web 2.0 security problems that were found and remedied during April. Neither of the problems -- at Twitter and Tumblr -- sounds like it was particularly difficult to fix. In the bigger picture, however, the troubling conclusion is that quality control and security may not be the top item in the agenda of Web 2.0 companies as they rushy to roll out services.
The ground-up nature of the Internet means that security follows a similar path: New platforms are introduced, grow in popularity and are exposed as insecure. The industry then scrambles as best it can to plug the holes. Wireless -- which went through several security protocols on the fly -- is the best example of this chronically inefficient approach which, at the end of the day, is inevitable in highly competitive industries in which tools are used the second they come off the R&D assembly line.
Web 2.0 may turn out to be the true poster child of the bolt-on approach to security, since the very idea of the platform is to make information more readily available.