Discussion on:
View:
Show:
Great perspective on consumer-based tools really making IT departments think. What do you think is the proper balance between something like security (which is incredibly important) and the time and cost it takes to run?
As a student in IT I am learning that no security is perfect. Now the question is how to reduce the risk of penetration, and if penetrated the theft of data/ or disruption of operations. I am sure that there are some off the shelf consumer level security products that can help reduce the risk of penetration. Would it be better to use the commercial technology to make the intruders think that they have found something else then the thing that they are looking for (The corporation that you are protecting)? I would look to distract, and delay an intruder just to make them think they where not in the right place.
His statement just focused on the security aspect and possible ways to mitigate the security risks.
The very nature of the way Skype works means it is extremely secure, as long as the users don't mix their personal and work accounts; the major problem corporates have is the natural assumption that something tailored for Joe Public will never be good enough at a corporate level which, I understand, is what you are arguing against but even you have fallen into the same trap assuming that Skype isn't secure without actually knowing!
Similar thing to do with data wiping, corporates (especially banks) all believe that you have to overwrite data multiple times with random strings for it to be unrecoverable and even then they think a super electron microscope can salvage the data and tend to opt for complete platter destruction; this is a complete myth (http://computer-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/) not to mention solid state memory has no remnant at all. Anyway point is there is too much superstition in an industry based on logic and I couldn't agree more with this article, many businesses could save a lot of money if they were open to the idea that solutions don't have to come in a 'corporate' package.
Similar thing to do with data wiping, corporates (especially banks) all believe that you have to overwrite data multiple times with random strings for it to be unrecoverable and even then they think a super electron microscope can salvage the data and tend to opt for complete platter destruction; this is a complete myth (http://computer-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/) not to mention solid state memory has no remnant at all. Anyway point is there is too much superstition in an industry based on logic and I couldn't agree more with this article, many businesses could save a lot of money if they were open to the idea that solutions don't have to come in a 'corporate' package.
A few years ago I came upon an article that outlined the use of the PS3 by the United States Government as a compliment to their super computing environment (one of several), http://blogs.federaltimes.com/federal-times-blog/2009/12/09/at-pentagon-the-ps3-only-does-everything/
I am always impressed with the ingenuity of the IT folks to come up with these concepts and actually put them into production reality.
I am always impressed with the ingenuity of the IT folks to come up with these concepts and actually put them into production reality.
The odd thing is that the Feds are technically violating the DMCA by modifying the machine for a use to which it was not intended to be put by the manufacturer, no?
Consumer-grade gear is to the point commercial-grade was only 4+ years ago. I have no problems with using it in some aspects of my network, especially if it can be modified. (ie. A Linksys wireless router with DD-WRT or equivalent). Most commercial products just don't get the de-facto support offerings, or are artificially crippled so as not to steal sales from the 'better' offerings.
Consumer-grade gear is to the point commercial-grade was only 4+ years ago. I have no problems with using it in some aspects of my network, especially if it can be modified. (ie. A Linksys wireless router with DD-WRT or equivalent). Most commercial products just don't get the de-facto support offerings, or are artificially crippled so as not to steal sales from the 'better' offerings.
This is not circumventing anything because they don't have to modify the PS3. I got my PS3 the day it was released. One of the things you could do was to "donate" free cycles in your PS3 where a research firm working for the feds, would use your PS3's free cycles to create a large supercomputer. They wanted at least 200,000 users to see if it was possible. Nothing was modified, it was there as is, out of the box. All you had to do was agree or decline. I don't know what happened after that, because I declined and later decided to accept, but they said they had enough people. So, no, they are not violating the DMCA.
I just watched a documentary on drones. The US military is using the XBOX 360 to set up scenarios for the drone pilot trainees. The trainer can put "insurgents" or other enemy soldiers that the drone trainees shoot. The did find out that seasoned fighter pilots weren't as good as the "gamers." (This I fully understand, as in most plane simulator games, I have never successfully landed anything, I always crash. But I have landed a number of real planes as a pilot. When in a real aircraft, you feel - as in G forces - and have full depth view of your surroundings. But I did ok in an F4 simulator, where the G forces are simulated and full surround video is very realistic). But the XBOX 360 was still used.
I do agree that "consumer grade" was "commercial grade" in under a decade, however, but that doesn't always mean that "consumer grade" is good enough. Attack vectors are different and consistently changing and getting more sophisticated, "consumer grade" is not necessarily "good enough" in some applications. For enterprise class, mission critical systems "good enough" is not good enough.
I just watched a documentary on drones. The US military is using the XBOX 360 to set up scenarios for the drone pilot trainees. The trainer can put "insurgents" or other enemy soldiers that the drone trainees shoot. The did find out that seasoned fighter pilots weren't as good as the "gamers." (This I fully understand, as in most plane simulator games, I have never successfully landed anything, I always crash. But I have landed a number of real planes as a pilot. When in a real aircraft, you feel - as in G forces - and have full depth view of your surroundings. But I did ok in an F4 simulator, where the G forces are simulated and full surround video is very realistic). But the XBOX 360 was still used.
I do agree that "consumer grade" was "commercial grade" in under a decade, however, but that doesn't always mean that "consumer grade" is good enough. Attack vectors are different and consistently changing and getting more sophisticated, "consumer grade" is not necessarily "good enough" in some applications. For enterprise class, mission critical systems "good enough" is not good enough.
"Your users can get to work in the tool immediately and quickly work around shortcomings." While I'll grant you the "get to work quickly," the trend in modern consumer products is to deliberately make them "unworkaroundable." I can't tell you how many times a nearly-ideal solution is rendered useless because of a feature that was so minor to the developer that they probably flipped a coin about it, but resulted in a disqualifying ( and un"work-around"able) fault.
Your observations address a divide that has existed in IT for many years. Off the shelf solutions versus custom software designs have been at odds and denigrated by established corps with mature IT departments for as long as there existence.
Actually the off-the-shelf vs. custom software designs have been at odds for a long time. As a former programmer/designer, I have been in IT for 28 years and along the way, I've seen both and each has its advantages and disadvantages. We had a system that we got off-the-shelf and it was good enough to replace the manual system we had. But generally we knew we could make one better, and we did. Then later a better still off-the-shelf appeared and it was great, and since the creating company was small, changes were as easy (or hard) as our bespoke app.
The main idea is that having an XBOX in the data center is not such a odd thing, but sometimes this thinking outside the box (no pun intended) is a good thing. Sometimes it is just proof of concept.
The main idea is that having an XBOX in the data center is not such a odd thing, but sometimes this thinking outside the box (no pun intended) is a good thing. Sometimes it is just proof of concept.
So...Pat...
Is a "complex implication" that you mention in the "Lack of customization (and why thats a good thing)" the predecessor to a complex implementation?
Or does that come later with the during the "search for the guilty" and "punish the innocents" phase of the project?
Is a "complex implication" that you mention in the "Lack of customization (and why thats a good thing)" the predecessor to a complex implementation?
Or does that come later with the during the "search for the guilty" and "punish the innocents" phase of the project?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
