This is a continuation of my Security in Our Modern Times series, which can be found here and here. The story of the San Bernardino iPhone has gotten to the point where you just cannot make this stuff up. Let me give you a Reader’s Digest–type review of the story and then offer my opinion on the latest twist.
Welcome to the second part of my conversation on security in our modern times. In my lastarticle, I concluded with a mention of the US government’s court order compelling Apple to develop a solution bypassing the security on the San Bernardino terrorists’ phone.
Throughout all the years I have been working in information technology, security has been an area that engineers have striven to improve. As a result, we have make our environments as secure as possible. We have always looked to make the security of our systems stronger. Security has evolved over time. One example of this evolution is the concept of password management. IT professionals have helped drive the change from simple passwords to more secure passphrases to two-factor authentication added as another layer of security.
Dell has announced it will spin off its SecureWorks product portfolio. SecureWorks is very late to the cloud and virtualization security market, and it may never get there. EMC RSA ignored the cloud and virtualization security market and now is struggling to find a footing in the larger IoT market. VCE has no security reference architecture other than a growing list of products. When everyone is hailing Dell plus EMC as one of the largest mergers (which it is), how is security going to play as a part of the combined portfolio?
Question of the day: Will technology end up being our ultimate downfall? In the not-so-distant past, I wrote a series of blog posts on the expectation of privacy with user device tracking. If you are interested, you can check them out here. Lately, there have been a few things in the news that make it worth writing another post in that series.
What is the first step of application security? What is this step regardless of whether the process involved is DevOps or traditional silos? We have heard many answers before, such as architecture, code analysis, hardening, risk analysis, etc. But we have not really talked about the intersection of the user, application, data, and system. Perhaps this is part of architecture, but I see this as a need for all applications. Security must be able to protect the data and, simultaneously, the user. Security is about the traditional availability, confidentiality, and integrity as well as privacy these days.