Last week, Jim Rapoza from the ZD Enterprise's Emerging Technology blog wrote an article that caught my eye titled "Emerging Security Threats."
I popped on over to get what I suspected would be my weekly fill of Botnets gone wild and other malware-laden horror stories only to be surprised to find that the top emerging security threats were actually many of the same strategic technologies that CIO's reported to Gartner as those "...with the potential for significant impact on the enterprise in the next three years." Go figure.
Jim summarized the intent of his post thusly:
Emerging technologies can bring a whole host of benefits, often improving productivity, changing the way businesses interact and enhancing the lives of people all over the world.
And whenever a new technology comes out and gets a lot of hype, there is a lot of enthusiasm about the many benefits and new capabilities that this technology provides.
But, also without fail, there is one key thing that almost no one ever talks about. What is this hidden factor? It's security.
Over the years I've gone to lots of conferences and seminars dedicated to emerging technologies, from Web 2.0 to virtualization to virtual worlds. And the one thing that pretty much never gets covered (or even mentioned) in these conferences in security.
Of course, this is understandable. New technologies are just introducing themselves to the world. It's sort of like a first date. When you go on a first date, you probably don't start out talking about all of your illnesses and insecurities. The same goes for emerging technologies. Their creators just want to promote their good points.
But for users of these technologies, ignoring the potential security threats that these emerging technologies introduce can lead to big problems, including data theft, system compromises and the spread of malware.
I think that Jim's analogies are basically good ones; security has been shown historically as an afterthought, but in the context of my last couple of posts, by attempting to draw attention to the disruptive effect these technologies have and their generally under-capitalized security investment in the manner in which he does in effect sensationalizes an already flammable scenario.
The reality-based analog that is suitable for contrast here is the old cliche: "guns don't kill people...people kill people." As corny and over-played as that is, technology doesn't cause threats to materialize magically, the poor implementation of the technology does.
Rather than work to rationally discuss security in context and consider these disruptive technological innovations as opportunities to leverage, they are ultimately painted here as evil. This is exactly the sort of "security is a speed bump" persona we need to shed!
Check out the purported horror show of "emerging threats" below and compare them to Gartner's Top 10 Strategic Technologies for 2008-2011 to the right. These technologies possess "factors that denote significant impact include a high potential for disruption to IT or the business, the need for a major dollar investment, or the risk of being late to adopt"
- Ajax
- Google Apps
- Mobile Devices & Applications
- RFID
- Rich Internet Applications
- RSS
- Social Networks
- Virtual Worlds
- Virtualization
- VoIP
How many of either of the Top-Ten lists above are you dealing with today?
Check out the slideshow. Lovely artwork, but abrasive and vague at best. Rather than paint a balanced portrait of pros and cons as his introduction alludes to or suggest how these technologies can be deployed securely, we instead get soundbites like this:
VOIP - VOIP systems have greatly broadened the telecom options for businesses, not only freeing them from traditional phones but making it possible to easily tie voice into other enterprise applications. But VOIP systems can be easily tapped by anyone and have become an attractive target for hackers.
The reality is that any new technology has the potential to allow "bad stuff to happen." I think we all know that already. What would be really useful is a way of managing this process. I think there's a better way of communicating without relying on fear.
/Hoff