The Security Elephant in the Room

hacked I just finished reading “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” by Glen Greenwald.  My review: Wow!  That about sums it up, I think.

Now we all know who Edward Snowden is; but, do you know Glen Greenwald?  He’s the journalist that Snowden contacted and passed (along with Laura Poitras) all the NSA documents..and Greenwald worked with The Guardian to publish stories about the documents Snowden gave him.   I thought it fitting for this post as it’s been right at a year since we learned about the Prism program and other revelations. 

I’m not a literary critic nor knowledgeable about journalism or privacy to appropriately review the book.  However, as a normal IT professional it is a pretty amazing read!  The first half of the book gives a play-by-play of how Snowden contacted him and how it all went down.  The second half of the book details more about the NSA programs and government reaction to the stories (and attempted retaliation).  From the perspective of an IT person, my jaw was left hanging open at the scope of the data collection…even by clearly illegal means.  For example, I’m no lawyer but intercepting Cisco routers during delivery to install a device to copy data to the NSA covertly and repackaging it with a factory seal MUST be illegal!

Greenwald wrote a book that is incredibly dense with details of the mass surveillance programs that span government administrations (started with Bush and continued – even expanded – with Obama).  It leaves one with the distinct sense that you’re being watched all the time…and in fact, provides a nice review of  the power of surveillance to control people.  Kind of scary, huh? Not yet, OK…

So let’s run this down:

A hacker is a hacker – it doesn’t matter if its the government or not, right?  So if the government is out to get all our data and thieves are more advanced that many organizations (they are “winning”) then all is lost, right?  I don’t think so…it’s definitely a low point for security in this country but I think it’s because no one wanted to really deal with security in the past.

Security has been the elephant in the data center for too long!

While everyone pays lip service to security and does the basic things, it’s difficult to really focus on getting better and staying good with security.  Too many times I’ve been in conversations where encrypting data at rest has been unpopular because of perceived performance problems or some other excuse.

We all must commit to not backing down on the basic good things we all know to do: Encrypt data at rest, use SSL (encrypt in transit) and consistently apply security patches to all your servers.  There, that’s not so hard, is it?

Fortunately, there are pockets of improvements…for example, Google encrypted all its data last fall.  There is also a Reset the Net movement to increase security.  The main approach is: encryption.  It still appears to be the best security tool we have…so let’s use it!!

 

Advertisements

Veteran technology professional and manager

Posted in Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: