Category Archives: Security

Energy, Security

Are you ready for the data innovation boom?

Leave a comment

The Economist has an interesting write-up on predicting innovation. They see things heating up specifically in manufacturing and user interfaces.

Across the board, innovations fuelled by cheap processing power are taking off. Computers are beginning to understand natural language. People are controlling video games through body movement alone—a technology that may soon find application in much of the business world. Three-dimensional printing is capable of churning out an increasingly complex array of objects, and may soon move on to human tissues and other organic material.

This analysis seems to support my guesses on why Kurzweil would join Google. Removing antiquated and disabling interfaces like the keyboard will enable more people to use more technology. Comparing the productivity of humans required to learn the qwerty keyboard with the potential of those who can use free voice and touch is a no brainer (pun not intended).

As I thought about the Economist’s analysis I started to wonder about an important element that I didn’t see them mention. They focus in a usual way at present IT trends in relation to historic trends. They offer electrification as an example.

…the idea that technology-led growth must either continue unabated or steadily decline, rather than ebbing and flowing, is at odds with history. Chad Syverson of the University of Chicago points out that productivity growth during the age of electrification was lumpy. Growth was slow during a period of important electrical innovations in the late 19th and early 20th centuries; then it surged. The information-age trajectory looks pretty similar…

echoing electrification

With that in mind, the Economist then takes their analysis down the well-worn path of productivity worries in relation to obsolescence and redundancy.

…the main risk to advanced economies may not be that the pace of innovation is too slow, but that institutions have become too rigid to accommodate truly revolutionary changes.

Fair enough, technology has a disruptive force when innovation replaces labor. That brings risk and resistance. I’ve experienced this many times. The voice-recognition project I worked on in 1997 for a hospital was overtly said by the administration to be a way to put their transcriptionists out of work. No surprises there.

But once we move beyond a focus on the balance of labor risk what other risks lurk ahead? I mean it is fascinating to look at how the lightbulb put American whalers (e.g. oil for lamps) out of business. It is even more interesting, however, to think about how inexpensive light transformed our abilities. We can see further and go faster with power.

Back to consideration of today’s tech innovation boom, the part to me missing in the Economist analysis is the sunshine effect of electrification. Electrification was really about innovative ways to create and use power. It shone a light, if you will, into dark areas and remote corners of opportunity. A coming boom in tech innovation led by user interfaces and manufacturing, if we pivot the Economist theory, could in fact be a boom in innovative ways to reach, create and use data. Yet the Economist analysis doesn’t mention data at all!

Here is a simple example of what I mean by a pivot:

Industrialized countries are like the urban areas of electrification that saw power first and saw productivity boom at a large scale. Power eventually reached a wider area on smaller scale and created a boom in productivity and markets. Non-industrialized countries are thus like the rural areas that increasingly were able to create and use power.

More people in more areas making more data and using that data is what may really be the fuel for a boom ahead. The innovation is not only in the interfaces, although that’s a crucial piece of enablement, but what so many more people will produce with those interfaces. Big data is a common phrase to capture what seems to be ahead but we could just as well call it a sunshine-like effect of datafication.

Now if I ask “are your headlights on” hopefully you might think about risk in terms of billions of people shining a bright light into darkness because they now have access to powerful data. Reduction of corruption using better data tools is the kind of innovation that really should excite economists.

Of course this puts immense pressure on the security industry. Access to vast amounts of data becomes “a one-click matter,” as a GoodData developer suggested. How safe will a clicker need to be? And this new level of visibility, like brighter lights we flip on with a switch, can shift our definition of “exposure” and privacy. Recently a “near-global view of the universe of public keys” was used to easily uncover weak random number generators. Should we plan for more risk or less as we push away darkness?

Thus, to extend the Economist analysis that suggests innovation will bring better interfaces and better manufacturing tools, the real boom may come from datafication — the process of making it easier than ever to create, access and use data.

Food, Poetry, Security

Rosasolis

Leave a comment

by Penguin Café Orchestra

In 1972 I was in the south of France. I had eaten some bad fish and was in consequence rather ill. As I lay in bed I had a strange recurring vision, there, before me, was a concrete building like a hotel or council block. I could see into the rooms, each of which was continually scanned by an electronic eye. In the rooms were people, everyone of them preoccupied. In one room a person was looking into a mirror and in another a couple were making love but lovelessly, in a third a composer was listening to music through earphones. Around him there were banks of electronic equipment. But all was silence. Like everyone in his place he had been neutralized, made gray and anonymous. The scene was for me one of ordered desolation. It was as if I were looking into a place which had no heart. Next day when I felt better, I went to the beach. As I sat there a poem came to me. It began ‘I am the proprietor of the Penguin Cafe. I will tell you things at random.’

Food, History, Security

Does your company actually need a security department?

1 Comment

Gunnar Peterson prompted us yesterday in Dark Reading with this provocative question:

Does your company actually need a security department? If you are doing CYA instead of CIA, the answer is probably no

It’s easy to agree with Gunnar when you read his analysis. He offers a false dichotomy fallacy.

Standing up a choice between only awful pointless policy wonks in management and brilliant diamonds found in engineering, it’s easy to make the choice he wants you to make. Choose diamonds, duh.

However, he does not explain why we should see security management as any more of a bureaucratic roadblock than any/all management, including the CEO. Review has value. Strategy has value. Sometimes.

The issue he really raises is one of business management. Reviewers have to listen to staff and work together with builders to make themselves (and therefore overall product/output) valuable. This is not a simple, let alone binary decision, and Gunnar doesn’t explain how to get the best of both worlds.

A similar line of thinking can be found by looking across all lines of management. I found recent discussion of the JAL recovery for example, addressing such issues, very insightful.

Note the title of the BBC article “Beer with boss Kazuo Inamori helps Japan Airlines revival

My simple philosophy is to make all the staff happy….not to make shareholders happy

Imagine grabbing a six-pack of beer, sitting down with engineering and talking about security strategy, performing a review together to make engineers happy. That probably would solve Gunnar’s concerns, right? Mix diamonds with beer and imagine the possbilities…

Inamori had interesting things to say about management’s hand in the financial crisis and risk failures in 2009, before he started the turnaround of JAL

Top executives should manage their companies by earning reasonable profits through modesty, not arrogance, and taking care of employees, customers, business partners and all other stakeholders with a caring heart. I think it’s time for corporate CEOs of the capitalist society to be seriously questioned on whether they have these necessary qualities of leadership.

Gunnar says hold infosec managers accountable. Inamori says hold all managers accountable.

Only a few years later JAL under the lead of Inamori surged ahead in profit and is now close to leading the airline industry. What did Inamori build? He reviewed, nay audited, everything in order to help others build a better company.

An interesting tangent to this issue is a shift in IT management practices precipitated by cloud. Infrastructure as a Service (IaaS) options will force some to question whether they really need administrators within their IT department. Software as a Service (SaaS) may make some ask the same of developers. Once administrators and developers are gone, where is security?

Those who choose a public cloud model, and transition away from in-house resources, now also face a question of whether they should pursue a similar option for their security department. Technical staff often wear multiple hats but that option diminishes as cloud grows in influence.

In fact, once admin and dev technical staff are augmented or supplanted by cloud, the need for a security department to manage trust may be more necessary than ever. This is how the discrete need for a security department could in fact increase where none was perceived before — security as a service is becoming an interesting new development in cloud.

Bottom line: if you care about trust, whether you use shared staff or dedicated services, dedicated staff or shared services, you most likely need security. At the same time I agree with Gunnar that bad management is bad, so perhaps a simple solution is to build the budget to allow for a “beer” method of good security management.

I recommend an Audit Ale

This style had all but disappeared by the 1970s, but originated in the 1400s to be consumed when grades were handed out at Oxford and Cambridge universities…. At 8 percent ABV, it has helped celebrate many a good “audit” or soften the blow of a bad one.

Security

Alt Career Advice: Go Make Mistakes

Leave a comment

When I was young I occaisonally received advice from friends and family, often academics with colorful and distinguished careers, to drop out of the normal paths offered to me and instead find myself before I took a job.

One particular sunny summer afternoon at Kansas State a tall lanky Anthropology professor named Harald, with wild gray hair who had a tendency to get over-excited while speaking, looked me over and asked “now that you’ve graduated what will you do with yourself”?

I forget how I answered. I am not sure I even had a chance to speak before his bright blue eyes grew wide, he sucked in a deep breath, wagged a finger and bellowed in a thick Dutch accent “you should go west to the ocean, jump on a ship as a deck-hand headed for New Zealand or Australia, and get a job working with sheep! Just be careful and make friends because if someone dislikes you they’ll throw you overboard and…”

The first thing that flashed in my mind was the irony of being told to chase my own dreams and then being given a dream to chase. I since have learned this is a clever management trick: “Bob, you’re in charge of this project. Now listen to me as I tell you how to run it.”

What Harald really meant, it soon occurred to me, was that I should use the time of my youth to explore, to discover, to make controlled mistakes, to recover and learn from them (recover being the operative word — don’t get thrown overboard). This seemed like age-old common advice and that is what I did. I would recommend the same to everyone.

This story came to mind when I read Moxie’s latest blog post. Although I found myself nodding my head a few times, he also said a few things about risk and judgement that I tend to disagree with.

More to come later…