« November 2012 | Main | January 2013 »

The Road to the Security Cliff is Paved with Optionality

I have a regular blog on Dark Reading on Identity and Access Management topics. Three recent ones:

The last one is really about how companies in general and security in particular look at hard choices around changing identity architecture as an optional thing, we'll get to it some year, but year after year the password crystal meth pipe is still getting passed around.

The can gets kicked down the road without major changes. 

 

On consulting projects, I am usually brought in on a specific area so its not a competitive bid situation, usually. But sometimes it is. In those cases, if I am bidding on a project of course I would like to win the bid, even though I don't always. But there are plenty of reasons why people would want to go another direction, they want the reassuring embrace of a large vendor (well at least til the invoice and end product come in), or there are other styles/processes/tools they might prefer. Plenty of legit reasons to shop other firms.

Every so often, I will do a bid and not get the project, and there is one type of this scenario that really bothers me. Some years ago, I put together a proposal for helping a company on security architecture, getting better tools and techniques to developers, improving identity architecture and so on. The proposal went in, weeks went by, they came back and said no project. I said no worries, I hope the company you went with does a great job for you. There was a long pause. That was when I realized, they were not going to do the project at all. They treated security and identity as optional and were wishing it would all just go away, and a magic pizza box would save them.

If an 81 year old can dance Gangnam style, you can change and grow your identity and security architecture too.

December 18, 2012 in Identity, Security | | Comments (0) | TrackBack (0)