We have entered a new era of information technology, an era where the clouds are moist, the data is obese and incontinent, and the threats are advanced, persistent, and the biggest ever. Of course with all the paradigm-shifting, next generation, FUD vs. ROI marketing, its important to remember that sometimes we need to balance innovation against misunderstood expectations, vendor double-speak, and relentless enterprise sales guys.
Because contrary to the barrage of marketing, these technologies won’t make you rich, teach you how to invest in real-estate, help you lose weight or grow a full head of hair, it won’t make you attractive to the opposite sex, nor will it solve all your problems, in some cases they can improve the efficiency and effectiveness of your operating environment but it requires proper planning, expectation setting and careful deployment…and on that note, I give you the top 10 most overhyped technology terms over the last decade.
There is little doubt that advances in technology have radically changed many aspects of our lives, from healthcare to manufacturing, from supply chains to battlefields, we are experiencing an unprecedented technical revolution.
Unfortunately, technology enables the average person to leak personal information at a velocity that few understand. Take a moment and think about how much of your life intersects with technology that can be used to track your movements, record your buying patterns, log your internet usage, identify your friends, associates, place of employment, what you had for dinner, where you ate and who you were with. It may not even be you who is disclosing this information.
We live in a world without secrets and we must act accordingly. Realize that much of what you may think is confidential, isn’t. To borrow an old saying if more than one person knows something it isn’t a secret and if you’re alive today, you have very little privacy.
- Advanced Persistent Threats
Advanced persistent threats are real. As hackers moved from hobby-based malware and cyber-vandalism to financially motivated, or state-sponsored hacking we experienced more thoughtful and controlled approaches. APT isn’t a new class of threat that requires a whole new disparate set of technologies to address. In fact many of the technologies you have been using to identify and monitor deviations from normal operating state are suited to provide a base level of visibility into the environment.
Remember, 90 percent of all external attacks take advantage of poorly administered, misconfigured, or inadequately managed systems that any moderately competent hacker can exploit. Sure, there are some real artists out there, but when you can take candy from a baby 90 percent of the time, you rarely need expert safecrackers.
- Data Leak Prevention
Somebody put a diaper on my data. DLP was the hottest thing to not happen to protecting data since PGP was a McAfee acquisition (they are now independent again). The promise was that DLP would prevent sensitive and confidential data from getting into the wrong hands.
Of course there is a big, wide chasm between preventing leaks and preventing loss…leaks you have some level of control over and is primarily focused on negligent internal employees deviating from operational security policies like copying data to a USB and working on it at home, or forgetting that sensitive, proprietary and confidential actually means don’t send this to people who are not in the circle of trust. Data loss however – the real data problem business is facing, is not something DLP is well-suited to prevent. The main reason is simple. An intelligent, trained attacker who wants access to your data will get it.
- Network Access Control
Driven by relentless Cisco and Juniper marketing, NAC was positioned as the best approach to dealing with the increase in infected laptops that were finding their way into the heart of the corporate network and in doing so bypassing all the security technologies that had been aiming at keeping the bad guys out. The market was infatuated with NAC and many vendors came and went, however like many innovations no one seemed to bother to ask if this is the best solution?
Think about why one would use NAC, essentially it is because IT loses visibility and control of their mobile workforce, contractors, and partners that slip in and out of the network…but instead of asking how IT can gain visibility and control into these devices they revert to a giant hammer approach which blocks all access until goodness can be determined, which ain’t easy and doesn’t cover the universe of issues…anyway NAC is somewhere between the trough of disillusionment and gaining a spot on the shelf of forgotten technologies as companies look to alternative approaches to dealing with compromised devices entering their circle of trust.
- Mobile Malware
Like the flying car, no matter what year it is, it is always just about 1-2 years from being a reality. There is nothing that would make the anti-virus companies happier than mobile malware to bring their performance degrading, signature-based shakedown business to a smart phone near you. The boardroom would be abuzz with talk of record growth and skyrocketing profits. But alas, the onslaught of mobile malware has yet to become the epidemic anti-virus company shareholders so hope for.
Mobile malware will become a reality one day, but that day has not yet come. For the time being, it’s better to focus on improving assets that are actively under threat, such as endpoints, servers, and databases and when it comes to mobile recognize the biggest threat isn’t an eastern european hacker, it is instead a negligent employee that accidentally leaves a hand-held container of corporate secrets in a silicon valley bar
Don’t force us to DDoS you back to 1998 or what happens if we throw a war and no one shows up? There is much discussion of the changing dynamics and technologies of warfare but references particularly to cyber warfare have increased recently. Many people in the information security industry believe that we have entered an era of ‘cyber warfare’ and that government leaders need to go on the cyber-offensive. Although future wars are expected to include cyber-targets of some form, the hype surrounding cyber warfare created by the IT industry simply isn’t justified.
Worse still, the conjecturing about cyber warfare can lead to a distraction from an IT professional’s real concerns – responding to the less exciting but very real day to day threats.
It serves little purpose to continue communicating the misinformation, propaganda, and fear that the industry currently seems to be embracing. So many in the information security industry are not adequately informed, nor do we possess the requisite experience to decide in what fashion the military should respond to protect our nation’s interests.
Conversely there is a lack of technical understanding within the US government that can adequately inform and provide guidance to deal with the emerging threats posed by interconnected digital assets with no physical boundaries. The solution is an understanding of how to protect against real, not imagined, threats and to create a foundation of cooperation that will enable rationale discussion between public and private sector within our own national boundaries and in cooperation with our international allies.
- Social Media
I’m the mayor of ‘who gives a shit’ on 4square. Never before have so many, worked so hard, to make sure the world knows what they had for lunch and who they are friends with…Twitter is the worlds largest manifestation of Skinners operant conditioning chamber (here) with compulsive tweeting behavior driven by semi-random retweets & responses.
- Big data
Do these petabytes make my data warehouse look fat? Big data is a scorching hot topic, currently capturing a lions share of the markets available stock of hyperbole and for good reason, data is growing at a meteoric rate.
As we continue to innovate, as business accelerates technology adoption, as the line bleeds between corporate and personal computing and as we interact more in digital mediums we are creating mountains of data. Much of this data is garbage, but some of it is gold.
Unfortunately with all overly hyped technologies there is a lot of misinformation, failed expectations and the inevitable trough of disillusionment, but that doesn’t mean you have to spend months or years curled up in a fetal position, disillusioned and wondering what went so wrong. With a thoughtful approach you can venture through the murky swamp of your big data and find the insights that provide your company a significant competitive and market advantage.
I know what kind of computer I am; I’m a computer, playing a computer, playing another computer. Thanks to VMware you can barely turn around today without someone using the V-word and with every aspect of the English language, and some from ancient Sumeria, now beginning with V it will only get worse. There is no question that virtualisation holds a lot of promise for the enterprise, from decreased cost to increased efficiency, but between the ideal and the reality is a chasm of broken promises, mismatched expectations and shady vendors waiting to gobble up your dollars and leave a trail of misery and despair in their wake.
This is especially true for desktop or client-side virtualization. Hosted virtual desktops, thin-client computing models, centralizing desktop management into a datacenter and solutions that require heavy back-end infrastructure and perfect implementations of Active Directory are doomed to fail. So tread carefully when a C-level exec or overzealous IT administrator returning from a boondoggle weekend with VMWare or Citrix returns proclaiming the end of the traditional desktop is here and VDI offers nigh-invincible security and systems management attributes.
In some select situations client-side virtualization does hold promise for improved efficiencies, lower cost and improved security and systems management. It has benefits for software distribution and OS deployment models, but until the industry understands that we will not return to thin-client computing models and centralized management is antithetical to every current trend in client computing we will not see widespread adoption of VDI no matter what VDI vendors claim.
- Cloud-computing or the “cloud”
The biggest risk from the cloud is moisture. OH: Why don’t we just add ‘cloud’ to the message? The really sad part of that statement is it wasn’t only over heard once or twice but on at least a half-dozen conversations across different companies and technologies…without a doubt the term that has captured more hyperbole, misinformation and confusion is cloud-computing or even worse, the “cloud”…
I’m still wondering what Google will do with gmail once this whole “cloud” thing becomes a reality, how will Akamai handle traffic between the “cloud” and the Internet? Cloud computing provides tremendous promise leading IT towards the land of “dynamic and agile infrastructure” but along the way they must pass through the dark forest of limited to no visibility and near-zero control.