While security best practices don’t change quickly, we wrote the original SAFE back in 2000 and a lot has happened since then. Many of the foundation best practices remain very relevant but there are some new tools and techniques that can help protect networks against today’s threats.

My biggest complaint is that in an article entitled, “Do We Need a New Internet?,” the absence of quotes from anyone who would answer that question, “No” is irresponsible, even for an op-ed. “Starting over” is a very naive perspective in the engineering of in-production systems. I’ve been in meetings throughout my career where someone in the room said, “If only we started over.” That is a tantalizing thought, but ultimately impossible in the real world.

As I mentioned, I’m not working strictly in Identity but will certainly be involved given my background. Lately I’ve been spending a lot of time thinking about some of the meta-trends in IT such as software-as-a-service (SaaS), cloud computing, virtualization, and the like. The impact on–and the value that can be derived from–the network regarding these trends is a very interesting space.

I did get a chance to get a dump from the ACS folks on their shipping 5.0 product. It looks and feels like a complete rewrite of ACS because it is. The UI is cleaner, the configuration steps more obvious, and the policy sophistication is far beyond ACS 4.X. There is plenty of work still to do but the gap between what we had at IDE and what ACS can do now is far more narrow. ACS also now does things that we didn’t do at IDE.

I am interested in talking to customers about their plans around SaaS, cloud, and virtualization (particularly desktop). If you are responsible for IT at your organization and can spare some time to talk with me live, I’d love to chat. My new email is my first name at cisco dot com.

Personally, I start a new job at Cisco soon. My role will broaden out a bit from security and identity but I expect to keep my fingers in both pies for the foreseeable future–I’m excited to get started. I don’t know what this means for my blog though. I need to give that some thought and discuss it with my new group.

Google’s security protections, though they are certainly extensive, can’t possibly stand the interminable test of time. As Oracle learned many years ago, nothing is unbreakable. Google themselves just fixed holes in the SAML implementation behind their single sign-on service. However, if you look at the core tenets of the way Google aggregates private consumer information, there exists the assumption that there won’t be such a breach. Take Gmail for example; users are told “you’ll never need to delete another message.” Turning on personalized search, as another example, causes Google to start saving your search and browsing histories. Google even recently ventured into the medical record business with their Google Health offering. On that homepage they proudly state, “We will never sell your data. You are in control. You choose what you want to share and what you want to keep private.”

This seems to be the basic thrust of privacy policies from Google and other websites. The data is yours, we won’t sell it, and if we mine it, we’ll keep you anonymous. As a consumer I think privacy policies are a great and necessary advance for the web, even though the vast majority of users probably ignore them. However, privacy policies have the assumption of a perfect system. They talk about what the company is obligated to consciously do or not do with your data. They often don’t say anything about what happens if their site is compromised. The reason, of course, is once compromised there’s nothing they can do.

This intersection of fallible security with infinite private data is perhaps most troubling. There is a good possibility that my children will never have a classic mail account with local mail storage on their computer. They may never need to store photos on their own machine, preferring instead to use online services (Google has one already, of course). They’ll likely write their documents, store their financial and medical data, and build and maintain contact with friends, all online. Google wants to be the provider of those services to my kids, but if they don’t, someone else will. What is striking is the permanence of this data. Facebook, for example, doesn’t delete your data when you leave their service preferring instead to simply “deactivate” your profile. In short, it isn’t unreasonable to suggest that some children being born today will give Google or someone else the keys to all the private digital data that they will ever generate in their entire lives. It isn’t paramount what Google will or won’t do with that data as many are arguing but rather what the future infamous hacker will do–Google’s privacy policy doesn’t apply to her.

Those of us who are older have our lifetime of data spread across outdated computer hard drives and software, sitting on backup CDs somewhere, or tucked away in an “old computer” directory on our current system. I’m not arguing that this data is any better protected but an adversary needs to single out an individual to get it or target systems running a particular OS or browser version. The online data, by contrast, might be more methodically protected but it is also more widely damaging if the protection fails.

So what can be done about it? From Google’s perspective they need to spend on security like the lives of their customers depend on it. As Cory Doctorow said, “Personal data is as hot as nuclear waste.” For consumers there are a few things you can do. However, I’m not sure avoiding all online services is one of them unless you like the mountains and don’t feel too attached to flush toilets. For starters:

1. Choose companies that recognize the risk, recognize the trust you are placing in them, and most importantly are making the investment to back the talk up.
2. Spread your data out among multiple services (i.e. Email at Google, photos at Yahoo). This is the classic all-your-eggs-in-one-basket argument. While it is conceivable that one provider could have a more vigilant security operation than all others, it is far less risky to assume there will be a compromise of your data somewhere and therefore try to mitigate the extent of the exposure.
3. Select the data you are willing to share online carefully. The ‘net community used to say, “Never put anything in an email that you would be embarrassed to see posted on the office bulletin board.” This belief was woefully short-sighted with regard to the extent that the Internet has permeated all aspects of our lives. Consider storing things online that you must have access to from a wide variety of Internet devices or in situations where an online service offering is vastly better than an offline counterpart.

I must admit that this guidance is thin in comparison to the extent of the possible breach. What other ideas do folks have to reduce your risk?

Technorati Tags: identity, security

Technorati Tags: 802.1X