The Maryland Zoo spent a cool half-million dollars constructing an escape-proof habitat for a group of prairie dogs, and the ungrateful land rodents broke out in less than 10 minutes, leaving the zoo's Terry Benedict fuming."They find all the weak spots and exploit them," said Karl Kranz, the zoo's vice president for animal programs and chief operating officer.I post this not because I'm fascinated by prairie dogs - meerkats have more personality - but because I'm a security geek, and it's a point I've been trying to make for years about stasis and complacency when designing and implementing a security infrastructure.
While you're laying the last row of virtual bricks on your perimeter, the forces of evil are already probing and prodding to find ways around your defenses. It's important that you do, too.
Five hundred grand is a lot of cash for a system that doesn't work, but anyone who has been in the corporate infosec world can quote much larger pricetags for enormous technology white elephants that either failed to provide the level of security and control that was promised, or became such a nightmare to implement that the system was either scaled back or discarded.
So take a lessen from the Maryland Zoo. Anytime you build a security system, spend some time determining what holes open up with the introduction of this new system, and have plans to fix them before you start building. And once you've remediated those gaps, move on to the next set of weaknesses. Then the next.
If you don't, someone else will.
Prairie Dogs Hack Baltimore Zoo , via Schneier on Security
No comments:
Post a Comment
Please tell me what you think.