Saturday, December 11, 2010

Standing Athwart Information Technology

I read a discussion recently where a group of very sharp information security professionals were discussing the topic of deploying mobile devices in an enterprise environment. The discussion quickly turned to a variety of “what if” scenarios that we love do to in information security. During this discussion someone made the excellent point that we could “what if” almost any bit of technology to death and come up with reasons why adopting that technology is a bad idea.

One of the classic faults of information security people is to automatically look for reasons to tell our customers not to deploy new technologies or to greatly limited their usefulness if deployed. Security people are fantastic for coming up for reasons not to do something and creating sometimes elaborate doomsday scenarios that could come to pass if our advice is not taken. While it is understandable that a community of people who spend their careers thinking about and responding to serious security incidents would think like this, it is not an attitude that is in the best interest of our customers.

Our job as trusted advisors is to facilitate the secure use of technology. As information security professionals, we should not to be standing athwart information technology yelling stop. It is not good for our customers and it is not good for our careers. We are in a time of rapid and exciting technological advances whether it is something such as “Cloud Computing”, social networking, or mobile device technology. We should be technology enablers rather than preventers.

The invaluable Mike Cloppert wrote a fantastic piece recently where he argued that we should be working to enable “Cloud Computing” for our customers rather than working against it in the name of fear of the unknown. We should take this same attitude with mobile device technology. It’s here now and it is a very powerful tool for our customers to utilize in advancing their objectives. As digital forensics and information security professionals, we should be continuously looking over the horizon to discover and understand technological advances early so that we can work with our customers to adopt, secure, and maximize their potential.

In the digital forensics community, we have been paying a lot of attention to mobile devices because they are playing an increasingly important role in our investigations. Because we’ve spent so much time studying this technology, we are in an excellent position to not only work with our customers to secure it, but to encourage them to adopt it.

We live in an era where powerful mobile devices are cheap and accessible to large numbers of people. We’re also entering an era of widely available high speed data connections for these devices. For example, Sprint has had their high speed mobile network up for some time now and Verizon’s LTE network just came online. This means there are going to be millions upon millions of people around the world with inexpensive, portable, and powerful devices that will be connected to increasingly fast and affordable data networks. We should be encouraging our customers to quickly embrace this technology so as to obtain an advantage over their competitors. As Margaret Thatcher might advise us, this is no time to go wobbly.