[Dailydave] Drinking the Cool-aid

dan at geer.org dan at geer.org
Thu Mar 20 12:18:05 EDT 2014


 | Networks are often the result of successive technological layers. As
 | organizations take on new business, face new threats, reconsider
 | security notions (e.g., insider/outsider), or embrace "new" security
 | paradigms, more security products get deployed, adding complexity and
 | increasing the attack surface.
 | 
 | The picture that emerges resembles one big security contraption. It is
 | hard to tell at what extent it will work as intended.


The question to ask your favorite CISO/CIO/General Counsel is

    Have you or would you ever decommision a security product?


With the Index of Cyber Security (which I run with a colleague),
in September, 2012, we asked a form of this question:


    What percentage of the security products you are running now
    would you still run if you were starting from scratch?

         0-20%    5% of respondents
        21-40%   15% of respondents
        41-60%   20% of respondents
        61-80%   27% of respondents
       81-100%   34% of respondents

    Clearly, there are many who seem to be happy with what they
    have, and yet there is a significant number that thinks they
    could do better.  One in five respondents reported that they
    would keep less than 40% of their current security products.
    Averaging the results, as many as 1 in 2 products at the higher
    end of the range, or 1 in 4 products at the lower end (25.4%
    to 45.6%) would be discarded if starting from scratch were to
    be an option.  The mid-point of these high and low ranges was
    35.5%, or roughly 1 in 3, which was interestingly high.


Part of the explanation here is surely that no CISO/CIO/GC wants
to stand up in a Management Committee meeting and say "Our investment
in the PushMePullMe Scanner has proved to be a total loss; we need
$X,000,000 to decommission it and buy the tIPSy-nIPSy system instead."
No, it will be to *add* tIPSy-nIPSy to the environment and leave
the the PushMePullMe Scanner up and running.


--dan



More information about the Dailydave mailing list