Security

Security means keeping the Bad Guys out, right? Locking down the system so that it is difficult to use and turning on SELinux. And forcing users to comply with security policies they don’t understand and which interfere with their ability to get their job done.

And, of course, defense in depth – which is often a code phrase for turning on every feature of the system related to security. After all, “you can’t be too careful!”

All this may be just a bit narrowly focused…

I’d like to explore a slightly different perspective on security – one that looks at it from a business and user perspective and which takes a holistic view of security as one of many threats to system integrity. Done properly, security is simply one part of keeping the business running.

Over the next several posts we will explore different aspects of security – starting with asking the question “why do we even have IT?”

We will be exploring different aspects of security and welcome feedback and suggestions.

About Russell Doty

A technology strategist and product manager at Red Hat, working on the next generation of open source systems.
This entry was posted in Security. Bookmark the permalink.

4 Responses to Security

  1. Dan says:

    Well, keeping bad guys out is certainly *one* facet of “security”…and an important one…but being “secure” is multi-faceted. The security of the information managed by a system is not simply concerned with validating access, but also the integrity and availability of the information itself – quite divorced from the concerns of boogeymen infiltrators getting their paws on it 😉

    • Russ Doty says:

      Dan, we’re on the same page. There are “evil hackers” out there – but not that many good ones (thankfully!).

      I’m going to be fleshing out some concepts over the next few weeks around integrating security into an overall threat matrix and look forward to your thoughts.

      Russ

  2. neville1973 says:

    Infiltration is a facet of security. Another facet is leaking information. Making sure user does not share sensitive information to people who should not have access to that information.

    • Russ Doty says:

      Neville, you’re right, infiltration is a major facet of security – and one that gets a lot of attention.

      Leaking information is a good point. Inadvertent leaking of information is something to address – with the understanding that consideration of Business Value (see next post) needs to be balanced with the approaches taken to avoid leaking information.

      An interesting question is how to deal with information sharing where it may be legitimate. For example, assume that Bob and Alice ask for a document and you choose to share it with them. Bob has a legitimate need for the document, but Carol is just curious. I don’t see any way to prevent someone from making a legitimate mistake.

      And, of course, Carol may have a legitimate need for the document tomorrow…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s