Sometimes you have to hurt the ones you love.
I'm sorry, Rich. This hurts me more than it hurts you...honest.
The Mogull decides that rather than contribute meaningful dialog to discuss the meat of the topic at hand, he would rather contribute to the FUD regarding the messaging of the Jericho Forum that I was actually trying to wade through.
...and he tried to be funny. Sober. Painful combination.
In a deliciously ironic underscore to his BlogSlog, Rich caps off his post with a brilliant gem of obviousness of his own whilst chiding everyone else to politely "stay on message" even when he leaves the reservation himself:
"I formally submit “buy secure stuff” as a really good one to keep us busy for a while."
<phhhhhht> Kettle, come in over, this is Pot. <phhhhhhttt> Kettle, do you read, over? <phhhhhhht> It's really dark in here <phhhhhhttt>
So if we hit the rewind button for a second, let's revisit Captain Stupendous' illuminating commentary. Yessir. Captain Stupendous it is, Rich, since the franchise on Captain Obvious is plainly over-subscribed.
I spent my time in my last post suggesting that the Jericho Forum's message is NOT that one should toss away their firewall. I spent my time suggesting that rather reacting to the oft-quoted and emotionally flammable marketing and messaging, folks should actually read their 10 Commandments as a framework.
I wish Rich would have read them because his post indicates to me that the sensational hyperbole he despises so much is hypocritically emanating from his own VoxHole. <sigh>
Here's a very high-level generalization that I made which was to take the focus off of "throwing away your firewall":
Your perimeter *is* full of holes so what we need to do is fix the problems, not the symptoms. That is the message.
And Senor Stupendous suggested:
Of course the perimeter is full of holes; I haven’t met a security professional who thinks otherwise. Of course our software generally sucks and we need secure platforms and protocols. But come on guys, making up new terms and freaking out over firewalls isn’t doing you any good. Anyone still think the network boundary is all you need? What? No hands? Just the “special” kid in back? Okay, good, we can move on now.
You're missing the point -- both theirs and mine. I was restating the argument as a setup to the retort. But who can resist teasing the mentally challenged for a quick guffaw, eh, Short Bus?
Here is the actual meat of the Jericho Commandments. I'm thrilled that Rich has this all handled and doesn't need any guidance. However, given how I just spent my last two days, I know that these issues are not only relevant, but require an investment of time, energy, and strategic planning to make actionable and remind folks that they need to think as well as do.
I defy you to show me where this says "throw away your firewalls."
Repeat after me: THIS IS A FRAMEWORK and provides guidance and a rational, strategic approach to Enterprise Architecture and how security should be baked in. Please read this without the FUDtastic taint:
Rich sums up his opus with this piece of reasonable wisdom, which I wholeheartedly agree with:
You have some big companies on board and could use some serious pressure to kick those market forces into gear.
...and to warm the cockles of your heart, I submit they do and they are. Spend a little time with Dr. John Meakin, Andrew Yeomans, Stephen Bonner, Nick Bleech, etc. and stop being so bloody American ;) These guys practice what they preach and as I found out, have been for some time.
They've refined the messaging some time ago. Unload the baggage and give it a chance.
Look at the real message above and then see how your security program measures up against these topics and how your portfolio and roadmap provides for these capabilities.
Go forth and do stupendous things. <wink>
/Hoff