Tuesday, August 13, 2013

IA Must be Easy

In the early 2000's, illegal acquisition of music was rampant.  These things called MP3's were shared between computers through physical connections like CD's as well as the virtual, like torrents on the Internet.  You know who solved the problem, though?


And you know how they solved it?

They solved it by doing a few things VERY well.

  • Apple made music easily accessible
  • Apple made music easily searchable
  • Apple made music cheap

You combine those three things in any business where there's a demand and you will have yourself a winning strategy.  If people can get to it, find it, and get it at a price they deem reasonable and acceptable, they will happily pay that price instead of obtaining it through ... err ... alternative means.  What one word do we sum these three traits up into?


Computer and network security is the same way.  There are plenty of studies out there that show us clearly that YOU are the weakest link in security.  Ok, maybe not you specifically, but you as the human factor.

People are generally lazy.  Not necessarily a bad thing.  Laziness can bring out people's innovative and efficient TTPs.  Laziness can skip the Rupe Goldberg Machine and just <spoiler alert>pull the paint gun trigger on OK Go...</spoiler alert>

But it takes a special something to get a person to go beyond being lazy (music video money for OK Go).  And when it comes to computer and network security, very few see the immediate need for complex security.

This is where it is our job to take this on and fix it.  We need easy solutions for security.  Solutions to train and contain the human factor that are just as secure when the attacker is a super computer running upwards of 33.86 petaflops per second or another human.

Sounds to me like a great project for the CRIC.

Image: http://www.pwlk.net/blog/gallery/drawing/

No comments:

Post a Comment