We need to adopt more rigorous engineering principles, adapting the principles of concurrent engineering, to place security at the core of our appropriately engineered product solutions.
There are 3.4 billion internet users globally and 10 to 15 billion Internet of Things (IoT) devices. On the 21st October there was a Distributed Denial of Service (DDoS) attack that resulted in outages at sites such as Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, Netflix, Facebook, Twitter and the Guardian. This was widely reported as a result of attacks on Dyn, a company that is a major provider of DNS services via malicious software hijacking IoT devices such as webcams and home routers. “All very elementary my Dear Watson" but it would seem that very much the proof is in the pudding.
Given the reality that we are increasing the complexity by building more products the majority of which sit on a public network (the www), whilst at the same time reducing our capacity to deal with that complexity means we are exposing some gaping holes in our security. We should take stock and consider the extent to what we are collectively building is a ticking time bomb.
Furthermore, we should acknowledge that the very idea of creating an ever secure perimeter to keep the bad people out, has all but been lost. We need to consider security and the vulnerabilities of our applications and mitigate the implications of increasingly inevitable security breaches. In order to do this, we need to adopt more rigorous engineering principles, adapting the principles of concurrent engineering, to place security at the core of our appropriately engineered product solutions. Part of the responsibility for this has to be with Software Vendors, but this also needs to be shared by Procurement Professionals. We all must be wary of the ever increasing levels of abstraction and factor in the real cost of ownership.