This pace can be overwhelming to cybersecurity practitioners, and I think we sometimes cite risk as a defense mechanism against change.
Are new solutions riskier? If so, is it because they actually carry more inherent risk, or because we don't understand how they work? Is something that we haven't used before less secure than something we have worked with before? This shock of the new may be behind our perception of the risk of embracing emerging tech. Security folks don't like disruption, because disruption, like pure chaos, is hard to model, and much of our practice relies on modeling and predictability. Cutting edge technology shifts the axis, forcing us to rethink our security formulas.Some of this discomfort is understandable, but consider that not too long ago, it was considered unthinkable that anyone would use her credit card to buy something on the Internet - too risky. Amazon, ebay, and PayPal embraced that risk - and made billions of dollars - precisely because everyone else was afraid to jump into a risky business. It was madness to put sensitive data on a LAN, because it couldn't be secured. Now, a lot of our data is moving to the cloud on the open web. Is it riskier?
I think the risks are just different, but the biggest risk is standing still. Would it have been risky for Sears or K-Mart to move their businesses online? You bet it would have been! But it turns out doing nothing was even more risky. Instead of losing some data, they lost everything.
Technology is advancing - and disrupting - at an ever-accelerating pace. Jump on the train, or risk getting left at the station.
No comments:
Post a Comment