As the raging dumpster fire that is the Equifax breach continues to unfold, I find that I am thinking about identity and the way we use it in our modern life. Equifax was criminally negligent with information that was incredibly valuable to individuals. They should be penalized as an organization with fines and levies, and some of the individuals within the company who were responsible for the security of our data should face possible jail time. But when you step back for a moment, it becomes readily apparent that this is just the latest in a series of data breaches over the past decade, and despite fines, levies, and jail time; this is the sort of thing that is likely to happen again. Why? First, the monetary value of the information is high, meaning that criminal elements are willing to spend the resources to steal the information. Second, organizations are rarely incentivized to take the necessary precautions to secure data. As Greg Ferro likes to point out, as long as the cost of true security is higher than the cost of a breach, organizations are unlikely to adopt true security practices. Third, even if an organization tries to embrace true security, human beings are fallible. Applications have undiscovered exploits, misconfigurations happen, and hackers are always stepping up their game.
If there’s one thing I wish HyperConverged Infrastructure (HCI) vendors would stop doing, it’s promising that the product will be up and running “in a matter of minutes”. First of all, it’s simply untrue. Second, it’s irresponsible and sets those of us deploying the hardware up for failure. When skewed perceptions intersect meaty reality, the deployment engineer is the first to be skewered. And you know what else? Continue reading “Dear Future HCI Partner”