end points: is corporate security going in the wrong direction?
Corporate security people and most security resellers wind me up. Always have.
They constantly ignore the lessons life teaches us.
Life is constantly teaching us lessons. We deal with most things it throws at us. Security guys have a seizure when anything new appears.
Take Smartphones and the iPad for example. These guys are paid to know stuff. But they’re crap at doing their job because they can’t cope with the new.
Lessons all around us
Look at that picture. It could be any bank or big retail store on the high street. Well, OK, no bank branch I’ve seen is so fresh and welcoming, but hey.
Every day, all sorts of people walk into a bank and deal with money. No problem. Strangers, regulars, old young, disabled, whatever. The system works.
Yet try to use a new device – anything new – and security people have a seizure. Why can’t they just learn from real life?
Understanding outcomes, not just methods
OK, let’s put my unmitigated disdain for our security professionals to one side, let’s take a look around us for one minute. Its all it takes.
No bank or store has any control over who’s walking in to make a transaction. That needs to be taken as the key premise right away.
So what we do in the real world is build customer interfaces to deal with just that. What we don’t do is say “Shit – you’re new. I’m not talking to you!”
Now, using security professional’s terms, customers would be called end-points. End points are bad. They’re threats and should be minimised.
You probably know where I’m going with this. Security guys have it totally wrong. Stop worrying about those new devices – tablet, Android or iPhone, whatever. Just build systems that mirror real life.
What’s more, they would actually save money. A secure back-end system is cheaper to build than trying to deal with every new end-point that comes along. Security professionals, give us all a break. Go get a life.