Tuesday, April 7, 2009

Security and learning from nature

Nature is interesting in how it deals with threats. I think we can learn a lot from it (while I am just as sure I will be reaching while I construct some of the analogies below!).

One point that always sticks in my mind is how the "bad stuff" in terms of germs, viruses, bacteria etc are all around us, right next to us. Compare this with how an organization likes to look at security:

  • Try to ensure the whole environment is secure (i.e free of bacteria etc)
  • Try and restrict movement of assets (i.e. restrict sharing of data)
I think this approach is a fool's errand. We can never be rid or free of malware or threats around us. The key will be to learn from nature and see how it deals with such threats. It does not try and ensure everything is pristine. it just ensures the critical asset is secure. The air we breathe, the water we drink etc all might never be pristine. But our body can deal with it since it has the anti-bodies for most of the bad stuff out there (True, we need to also ensure we don't breathe in the Ebola virus).

However, the lesson is lets not try and fix the environment - we will never be successful. Lets try and ensure the asset (in this case the data or information) is truly protected. This information-centric approach is the better and more logical way forward - as nature points out to us!

No comments: