Monday, June 15, 2009

Maneuver Warfare in IT: A Cheerleading Pundit

The Twitter conversation between Christofer Hoff and I went like this:

Christofer - I haven't formally blogged a resp. (yet) to @Kevin_Jackson on his 'maneuver warfare in IT' Not just a cultural shift but a huge tech. one

Kevin - @Beaker I'm looking forward to your comments.

Christofer -  @Kevin_Jackson I want them to be constructive, so I'll do my best. I'm having trouble with the reality distortion field vs. unicorns ;)

Kevin - @Beaker LOL

I strongly recommend that you read his response titled "Cloud Computing Security: (Orchestral) Maneuvers In the Dark?". It begins:

"I enjoyed Kevin’s piece but struggled with how I might respond: cheerleader or pundit.  I tried for a bit of both."

The challenges he had with my article, include:
  • Mixing tenses in some key spots seemed to imply that out of the box today, Cloud Computing can deliver on the promises Kevin is describing now.  Given the audience, this can lead to unachievable expectations
  • The disconnect between the public, private and military sectors with an over-reliance on military analogies as a model representing an ideal state of security operations and strategy can be startling
  • Unrealistic portrayals of where we are with the maturity of Cloud/virtualization mobility, portability, interoperability and security capabilities
His last couple of paragraphs, however, really brings it home:

"It’s absolutely a cultural issue, but we must strive to be realistic about where we are with Cloud and security technology and capabilities as aligned.  As someone who’s spent the last 15 years in IT/Security, I can say that this is NOT the “…dawning of a new day in IT security,” rather it’s still dark out and will be for quite some time.  There is indeed opportunity to utilize Cloud and virtualization to react better, faster and more efficiently, but let’s not pretend we’re treating the problem when what we’re doing is making the symptoms less noticeable.

I am absolutely bullish on Cloud, but not Cloud Security as it stands, at least not until we make headway toward fundamentally fixing the foundational problems we have that allow the problems to occur in the first place."

Please read his post and comment.  This is a GOOD conversation !!



No comments: