This weblog has my thoughts on securing increasingly powerful and connected computational devices. The security situation appears to be getting worse with rising software complexity, device connectivity and the increasing dependence people have on technology. Consider the span from 1985 to 2015. In 1985 the focus was operating systems security, the first PC virus had not yet appeared and PKI implementations barely existed. In 2015 there is internet retail, banking, b2b commerce and innumerable online services and mobile devices that lie exposed to attacks from anyone connected to the net unless protected.
Because security of a system is as good as that of its weakest link, a systems view is required to understand threats and countermeasures. Connectivity implies trust on the network that one is connected to and through. The ‘system’ includes not only the technical pieces such as devices, clients, servers, applications, databases, network and storage systems but also the people involved and the operational controls around the technology stack. So security involves a collaborative effort of parties working in different areas and capacities and understanding and harnessing technologies that are changing rapidly – cloud, big data, mobile and IOT.
Feel free to look around, comment or subscribe as we look at security of different links in the chain of the connected world..