One Man’s Threats Are Another Man’s Opportunities (Embracing Disruptive Technology)
Last week, Jim Rapoza from the ZD Enterprise’s Emerging Technology blog wrote an article that caught my eye titled "Emerging Security Threats."
I popped on over to get what I suspected would be my weekly fill of Botnets gone wild and other malware-laden horror stories only to be surprised to find that the top emerging security threats were actually many of the same strategic technologies that CIO’s reported to Gartner as those "…with the
potential for significant impact on the enterprise in the next three
years." Go figure.
Jim summarized the intent of his post thusly:
Emerging technologies can bring a whole host of benefits, often
improving productivity, changing the way businesses interact and
enhancing the lives of people all over the world.
And whenever a new technology comes out and gets a lot of hype,
there is a lot of enthusiasm about the many benefits and new
capabilities that this technology provides.
But, also without fail, there is one key thing that almost no one ever talks about. What is this hidden factor? It’s security.
Over the years I’ve gone to lots of conferences and seminars
dedicated to emerging technologies, from Web 2.0 to virtualization to
virtual worlds. And the one thing that pretty much never gets covered
(or even mentioned) in these conferences in security.
Of course, this is understandable. New technologies are just
introducing themselves to the world. It’s sort of like a first date.
When you go on a first date, you probably don’t start out talking about
all of your illnesses and insecurities. The same goes for emerging
technologies. Their creators just want to promote their good points.
But for users of these technologies, ignoring the potential security
threats that these emerging technologies introduce can lead to big
problems, including data theft, system compromises and the spread of
I think that Jim’s analogies are basically good ones; security has been shown historically as an afterthought, but in the context of my last couple of posts, by attempting to draw attention to the disruptive effect these technologies have and their generally under-capitalized security investment in the manner in which he does in effect sensationalizes an already flammable scenario.
The reality-based analog that is suitable for contrast here is the old
cliche: "guns don’t kill people…people kill people." As corny and over-played as that is, technology
doesn’t cause threats to materialize magically, the poor implementation of
the technology does.
Rather than work to rationally discuss security in context and consider these disruptive technological innovations as opportunities to leverage, they are ultimately painted here as evil. This is exactly the sort of "security is a speed bump" persona we need to shed!
Check out the purported horror show of "emerging threats" below and compare them to Gartner’s Top 10 Strategic Technologies for 2008-2011 to the right. These technologies possess "factors that denote significant impact include a high potential
for disruption to IT or the business, the need for a major dollar
investment, or the risk of being late to adopt"
- Google Apps
- Mobile Devices & Applications
- Rich Internet Applications
- Social Networks
- Virtual Worlds
How many of either of the Top-Ten lists above are you dealing with today?
Check out the slideshow. Lovely artwork, but abrasive and vague at best. Rather than paint a balanced portrait of pros and cons as his introduction alludes to or suggest how these technologies can be deployed securely, we instead get soundbites like this:
VOIP – VOIP systems have greatly broadened the telecom options for
businesses, not only freeing them from traditional phones but making it
possible to easily tie voice into other enterprise applications. But
VOIP systems can be easily tapped by anyone and have become an
attractive target for hackers.
The reality is that any new technology has the potential to allow "bad stuff to happen." I think we all know that already. What would be really useful is a way of managing this process. I think there’s a better way of communicating without relying on fear.