Dales Olds says that we may be on the verge of a nervous breakthrough in security, I agree and I hope he is right. Interestingly enough the breakthrough like so many before it is being led not by "strategic vision", vendors, or management, but rather from the bottom up.
Dale discussed the limited utility of what an edge device can actually deliver
Its a little contrarian, but I agree with the title of Dale's post "Cloud Computing Precipitates Identity-based Security", we have lived this long on the web without identity/claims, and the security we have is so clearly inadequate for the job at hand. Yet nothing has occurred to shake this situation lose. However it could be that moving even more stuff to the cloud is what will cause the debates, design and actions to build in identity,claim, tokens, policies and related security services. You can't hide behind a facade of "network security" when there is no network.Indeed, what are they protecting? While network level security can enable a secure transmission of data from point A to point B, it does not prevent the vast leakages of passwords and personal information that have become common. Perhaps the growth of Cloud Computing will finally push the industry to systems in which users don’t have passwords, or at least systems which can securely serve their users without receiving their password or storing personal information. If a SaaS application doesn’t have the information, there’s one less place that it needs to be secured. Such identity services have been viable for some time, but have needed a push to get broader adoption. Cloud Computing.
We appear to be on the edge of a nervous breakthrough.
Comments