We spend a lot of time talking about what's wrong with security --
holes, issues, vulnerabilities and problems -- but given that it's
Thanksgiving, let's take a look at some things that are going right for
which we should be thankful.
Number 1: We have succeeded in making perimeter security more effective.
Most organizations have implemented firewalls, DMZ architectures and
embraced defense-in-depth. This is a huge success over the days when you
could simply run a Legion share scan and compromise thousands of
corporate systems.
Number 2: We have made great strides in the use and understanding of
encryption. Today, most users have widely accepted the ideas of SSL and
other crypto technology as a regular part of the Internet. However, if
you have been around infosec for a while, it is easy to recall when
packet sniffing was a huge risk for nearly every e-commerce transaction.
Today, not only does the consumer expect it, but SSL-based protection of
data streams is slowly moving toward becoming the norm. That is a
fantastic improvement.
Number 3: The infosec community -- organizations such as the Center for
Internet Security, SANS, OWASP and others have certainly aided us in our
jobs, given us a chance to give back to the community and made headway
into globalizing information security knowledge and experiences. Without
them, the ideas of best practices and security intelligence would be
nearly unreachable. Thanks should go to all who make these organizations
possible and effective in their missions.
Number 4: We should be thankful for the chance to do what we do.
Information security is certainly a vibrant, exciting and continually
changing career and I can think of nothing else I would rather do. I am
thankful to all of you who read the column, all of my clients and
friends over the last 15 years and all of those to come. I look forward
to more years of writing, speaking and consulting. Thanks for making
that possible.
