Security is on peoples' minds. Internet pioneer David Reed, responding to Richard Clarke's recent comments, implies that the government should take its share of the blame. Software pioneer Bob Frankston says that we should learn how to take reasonable risks, and how to protect ourselves after things go wrong as they inevitably will, and security sage Bruce Schneier, in a fascinating Atlantic article by Charles Mann, explains why our traditional approaches to security are flawed.Although David has some good points, I believe that there is enough blame to go around, and that we all need to be shaken into a state of greater awareness. The government surely set up roadblocks, but technologists continue to be focused on outdated approaches, and user complacency is rampant. I've been frustrated by years of of time spent DC fighting the Crypto wars, and years of observing real-world use of the security features in Lotus Notes. I continue to be frustrated watching supposedly expert technologists pitch VPNs and enterprise "boundary-oriented" security products, seemingly ignorant of the fact that boundaries between organizations are disappearing. I continue to be amazed that we fret about WiFi's lack of effective encryption, when we've known for years that end-to-end security at the application or middleware level is the only real answer: communications systems should just worry about communications. This is what led me to a radically different, "cellular" approach to security in Groove, which is being viewed by our government customers as more of a security tool than a collaboration tool. I've been writing up some thoughts; more to come...
8:12:05 AM 
|
|
