Author Archives: erinkbanks

May 18, 2012

EMC World 2012 HoL – vShield App with Data Security – Lab #13

By erinkbanks

Lab #13… this year, the #13 proved why it is considered an unlucky number. Don’t get me wrong, it was not unlucky all the time… just at certain moments. If anything, I was the luckiest because I got to build out and write lab #13 for the Hands on Labs at EMC World 2012. This lab was written for the vShield App with Data Security. Yes, I know that I wrote this lab for VMworld 2011 but they kept that lab and I had to rewrite it for EMC World 2012. I have no problem with this of course, as the more hands on experience I can get, the better I am at my job. And to be able to do this lab and let others get their hands wet with the experience is even better. I understand that the security labs at EMC World and VMworld are one of the lowest “attended” but that doesn’t mean I have to like it. I wish I knew what it would take to make people more interested in security at conferences like this. I would do anything if I could add these two conferences to the RSA Conference. To be able to get the virtualization, network, storage, and security participants to work together in a single event, to show how they are all interconnected would be phenomenal…. but enough of my dreaming.
If you are reading this post then possibly you care about security and virtualization or at least you are trying to make it work in your organization or become better educated. First of all, good for you. There are not enough of us and the more that we spread the love including research and discussion, the better off the world will be. It isn’t world peace but it is a start. Second of all, what VMware has done is great, I won’t stop talking about the capabilities of bringing together security and virtualization. It can force the discussion, it can break down the barriers like EMC and VMware are doing.
What VMware has done in the latest version of vShield App with Data Security is great. The underlying technology in the 5.0.1 release isn’t any different than in the earlier release (as far as I am aware)… it is still just PCI, PII, and PHI requirements for compliance but the interface is much better. Of course, they are still using the RSA content blades from the Data Loss Prevention (DLP) product from RSA. The reporting functionality specifically is the largest improvement I have seen in the newest release. You can run multiple reports from just about any interface. I showcase this capability in Lab #13. VMware is really great at allowing you different routes to get to the same place. I am a huge advocate of this methodology. It is like a constant reminder that this capability is available and not hidden. The other thing I applaud and showcased are the great graphics like the one below:

This is a great interface through vShield Manager that allows you to quickly look at the violations and the virtual machines that hold these violations. I am a huge believer in interfaces like this. The ability for a person to look at something quickly and know if it things are good or bad makes everything so easy and when it comes to security, easy is good… very good!!!
So come on by the labs… Check it and the others out. You have nothing to lose!!! We also have the following labs that I think are just as great:

Lab #23 – RSA Archer, Cloud Security and Compliance
Lab #04 – Protecting VMware vCloud Director with EMC Avamar
Lab #21 – Leveraging Industry Leading EMC Storage, Backup, and Security Solutions in a Virtualized Environment

I mean seriously, we have 27 labs… I am sure you can find one you like. I look forward to seeing you there!

Leave a comment   |  tags: , , , , , | posted in security, EMC World, virtualization, EMC, VMware

April 1, 2012

FedRAMP : Cloud Controls to Manage Risk

By erinkbanks

Just like I did for FISMA, I wanted to review the Federal Risk and Authorization Management Program Security Controls (FedRAMP) current release and provide you with my view of it. They indicate the purpose of the document is to “list the security controls and corresponding enhancements that Federal Agencies and Cloud Service Providers (CSP) must implement within a cloud computing environment to satisfy FedRAMP requirements”. They stated that “the controls were selected to address the unique risks of cloud computing environments, including by not limited to: multi-tenancy, visibility, control/responsibility, shared resource pooling, and trust.”    I have broken it into specific categories below.  It is also broken into the control number and name, control baseline, control parameter requirements, and additional requirements and guidance. They also indicated that it is designed to go with NIST SP 800-53 rev 3. Now compared with FISMA, FedRAMP was completely spelled out in an excel sheet… no creative writing on their part. And when it comes down to it… a completely different message and path of possibly getting to the same place. FISMA provides guidance and FedRAMP provides controls.

If we stick with FISMA as a relationship guideline, we can say that FedRAMP is the “most haves” for any relationships. For instance, I don’t want to be in a relationship with a guy unless he is 5’10″ or taller, blue eyes, dark hair, and can make me laugh (just to clarify, these aren’t actually my requirements… exactly). Now where is that “same place” that these entities were trying to get to? In opinion these documents were implemented in order to progress movement into the cloud and make users feel better getting there. The question becomes which way are you helping entities. Are you educating them so that they feel better or are you educating them by telling them you must have capabilities and not really explaining why? Personally I believe in educating people and not just telling them how it should be or what you must have. Are there any exceptions to the controls or is it this way or nothing? A prime example is auditable events, AU-2(4) indicates a requirements of “the service provider configures the auditing features of operating systems, databases, and applications to record security-related events, to include logon/logoff and all failed access attempts”. That’s it? No other events?

Don’t get me wrong, anything that promotes movement into the cloud and anything that helps people with that process is great in my eyes. No matter whether they guide you or tell you exactly where to go, documents like these are necessary.  I just question the method by which we get people there. I believe in simplicity, I believe that you need to educate those that are on the journey but this is not easy. I mean the NIST document is 237 pages… that is not simplification. How does 237 pages of ONE document help us? This isn’t a relationship guide, this makes me want to stay single the rest of my life.

1.1 : Access Control (AC)
1.2 : Awareness and Training (AT)
1.3 : Audit and Accountability (AU)
1.4 : Assessment and Authorization (CA)
1.5 : Configuration Management (CM)
1.6 : Contingency Planning (CP)
1.7 : Identification and Authentication (IA)
1.8 : Incident Response (IR)
1.9 : Maintenance (MA)
1.10 : Media Protection (MP)
1.11 : Physical and Environment Protection (PE)
1.12 : Planning (PL)
1.13 : Personnel Security (PS)
1.14 : Risk Assessment (RA)
1.15 : System and Services Acquisition (SA)
1.16 : System and Communications Protection (SC)
1.17 : System and Information Integrity (SI)

Leave a comment | posted in cloud security, cloud security and compliance, policies

March 21, 2012

VAAI Integration … File and Block for EMC

By erinkbanks

Although this isn’t about security, it is about virtualization and it is information that I was looking for… AND I am all about sharing …. I wanted to post this as a “one pager” of the capabilities of EMC arrays and VMware VAAI and where we stand today on March 21, 2012

vSphere 4.1 primitives

Block

  • Full copy
  • Block zero
  • Hardware Assisted Locking

NFS

  • None

vSphere 5.0 primitives

Block

  • Full Copy
  • Block Zero
  • Hardware Assisted Locking
  • Thin Provisioning Stun
  • Thin Provisioning Reclaim (ACTUALLY IN 5.0u1)

NFS

  • Fast/Full Clone
  • Reserve Space
  • Extended Stats
  • Offload Abort/Status

Note – UNMAP : in vSphere 5.0 when deleting a file, VMware would unmount it. In 5.0 patch 1 VMware disabled this capability entirely for all arrays.
In 5.0u1, VMware reenabled functionality but it a manual process. VNX supports this, VMAX does not support this currently but plans to in 2012

Here is the link to the KB at VMware regarding the UNMAP in 5.0

For more in depth information regarding VAAI (like I said, mine was just a one pager), check out Chad Sakac’s blog regarding VAAI in 5.0

Leave a comment   |  tags: , | posted in EMC, virtualization, VMware

March 20, 2012

RSA Conference 2012… the After

By erinkbanks

How dare it take me so long to do the follow up on the RSA Conference. It has been weeks and I should have been better at getting an update out. I will be honest that my goal was to write a blog post after each day but you know how that goes. Somehow San Francisco got the best of me. I must admit that I had a great time. This time, the conference was different for me. Yes I got to do booth duty but I also got to spend time with my fellow vSpecialist security lovers. At the conference was Joe Adams (vJoeAdams), Jim Brigham (@i2speakgeek), Brian Lewis, and Aaron Sanchez-Delgadillo (@aaronesd ). We each experienced different sessions of the conference, taking in the components that we thought were most beneficial.

I want to get it out there that the best comment I heard was… “Cloud is like a chicken nugget. It looks good on the outside, it tastes good, but you never really know what is in it”. How great is that? I mean that is what the entire battle of the cloud comes down to right? Sometimes I think that people mention that security is their concern regarding the cloud because they think that is what they are supposed to say but when it comes down to it, I feel like they don’t want to know. Not knowing gives you an excuse and in some cases lets you blame others. It is almost like that line, what you don’t know can’t hurt you. Now I am not saying that people actually say that they don’t want to know. I mean how would that make them look. I do think that this is what they say to themselves though. Which leads me to the second HUGE thought and conversation that I had at the conference….

Security vs. Compliance… Are you doing compliance and because you are compliant do you think you are secure? Now this isn’t a new thought… It isn’t like I came up with it on my own but I have noticed (after four RSA Conferences) that people still think like this. That because they are compliant or implementing compliance, they are secure. So lets focus on compliance first. There are always two types of people right? Those that do compliance for the check mark and those that really believe in what they are doing. The first party doesn’t want to know what is inside the chicken nugget because it tastes so damn good and that is all they know. Then there are those that wants to know that there are no by-products in there and even wants to know the calories associated with the chicken nuggets. So… which one are you? I mean seriously, do you want to do compliance or do you want to check a box. Now granted, I started this thought process talking about security and compliance and you can’t necessarily put them in the same bucket but in reality, performing compliance tends to lead to security (in my opinion). By implementing the control standards and the requirements, you establish a level of security but of course, that isn’t all you need but for some, I will take it at this point. Some other great and bad things that I heard at the conference are listed below (wow did I get some good material for future blog posts):

  • threats move at network speed
  • regulations and laws are rarely wanted in the beginning but they are needed. For example, seatbelt laws were hated in the beginning and now you never get in a car without putting one on
  • we have a plan for the exploit and for the attack back but we do not have a plan for defense
  • legislation is necessary but insufficient. We do not have a good plan
  • private cloud is just a public cloud behind a firewall
  • it is the responsibility of the implementer to turn the security switch on
  • provide update to the clients within 24 hours when there has been a breach
  • passwords are the Achilles heal of cloud security
  • can’t solve problems unless you know the problems
  • business is changing to lower costs but it ends up increasing security needs

Leave a comment   |  tags: | posted in RSA

February 25, 2012

RSA Conference 2012 … the Before

By erinkbanks

The RSA Conference 2012 officially starts February 27th, 2012. For me, Monday starts with the CSA Summit and booth duty. This is one of my favorite conferences. It is important to understand that the RSA Conference is not like EMC World or VMworld. This is a security conference… and one, if not the largest security conference. This is not a conference about RSA. For example, Symantec’s President and CEO is scheduled to appear Tuesday as part of the Keynote schedule. What a great concept… a conference not just about a company BUT about companies… no a conference about PEOPLE that are together for a common purpose. People that understand that a world without security is a world without air and water. Security changes everything, not being able to protect oneself from those that want to get us is a risky situation. Users and organizations have a right to understand what options are out there and what is needed to protect their organizations and the ability to see them all at once is a great opportunity. I am excited to see what is out there and even more excited to talk to the customers at the booth. I promise to get back with a recap. What will I be talking about? What I love to talk about everyday. I will be talking about security and virtualization at the RSA booth (make sure you stop by and say hi) and I can not wait to hear the battles that customers are experiencing directly from the customer. To be able to understand what challenges they are experiencing is so exciting to me.

The theme for this year is “The Great Cipher, Mightier than the Sword”. I love this theme. The RSA Conference Events group always have great themes but I really love this one because it is based on the beginning. Where did the idea come from? The theme originates in 17th Century France. A religious war was occurring between the Roman Catholic French and the French Protestants. The Roman Catholics were ruling and battling the Protestants in a small town. The Catholics intercepted an encrypted letter from the Protestants. The letter could not be broken until a mathematician Antoine Rossignol deciphered it. The French Protestants were lacking supplies and ammunition and soon surrendered. Rossignol and his son Bonaventure were noticed for the work by Louis XIII’s chief minister, Cardinal Richelieu who determined secure ciphers and codes to be of incredible value.

Leave a comment   |  tags: | posted in RSA

February 15, 2012

VSI (virtual storage integrator) is a Security feature

By erinkbanks

Recently I was doing a breakdown of the FREE VSI plugin for VMware. It is available from EMC for EMC storage. It is a plugin that provides a single management interface to manage EMC storage within the vSphere environment. There are a lot of components of it and a lot of great capabilities. As I was digging further and further and explaining this technology to customers more and more, I realized that the technology is actually a SECURITY technology. I know, it may be hard to understand but it is true!!! Hear me out….

First let me break down the individual components of the VSI plugin (and may I do a shameless plug for my fellow vSpecialist Tommy Trogden (better known as vTexan) for VSI’ing the VSI plug-in. You have to check out his website… it has a plethora of information…

The VSI plugin has 5 components of it. You don’t need all of them, you can pick and choose. Together and separately they can help you out drastically. I have listed them below and added a synopsis of the capability…

VSI Storage Viewer : Discovers and identifies EMC Symmetrix, CLARiiON, Celerra, VPLEX, VNX, and VNXe storage that has been allocated to VMware hosts and vm’s. The storage viewer presents the storage details to the virtual administrator.
VSI Unified Storage Management : Provisions Network File System (NFS) datastores on NAS storage and Virtual Machine File System (VMFS) datastores and Raw Device Mapping (RDM) volumes on block storage. It performs array-based compression and array-based cloning of vm’s in NFS datastores. Both full clones/copies and fast clones/snaps of vm virtual machine disk (VMDK) files. This plugin allows you to manage NAS and block storage in VMware environments.
VSI Storage Pool Management : Simplifies the provisioning of Symmetrix storage in VMware environments. VSI and Symmetrix Management Console (SMC) together can manage storage as a shared resource pool.
VSI Symmetrix SRA Utilities : Helps users to manage vCenter Site Recovery Manager (SRM) configurations in Symmetrix Remote Data Facility (SRDF) environments. It will allow you to view and create consistency groups and provides SRM diagnostic tools that help users to identify configuration errors.
VSI Path Management : Allows you to change the multipath policy for Symmetrix systems and allows the VSI user to manage multiple paths from within the vSphere client. This plugin supports VMware Native Multipathing plugin (NMP) and PowerPath/VE.

Now how could I possibly pull this all together into security. As I have stated in previous posts… security is about visibility, policies, and trust (remember the triangle of trust). Yes, I know that security is more than that, if we keep with my definition for today, the items line up. The plugin certainly allows you to create policies and you trust the information regarding the storage environment that your virtual environment is running on. But when it comes down to it… the number one aspect that really drives the theory home is VISIBILITY. It should be the VISIBILITY storage integrator. Knowing the information regarding your underlying storage provides the ability to understand your virtual environment like never before. Developing your virtual environment with blinders on is an incredibly risky situation. It could impact your entire environment. Loss of availability to vm’s or hosts is not security. The VSI plugin helps you to make the right decision. It helps you reduce risk. It makes sure the policies are working correctly. It is security.

Leave a comment   |  tags: , , , | posted in EMC, security, virtualization, virtualization

February 9, 2012

NIST SP800-144 “Guidelines on Security and Privacy in Public Cloud Computing” – A Relationship Manual

By erinkbanks

Participating in a public cloud means that there are two independent parties involved. When two parties are involved, a relationship is formed. Just like every kind of relationship… it is hard. Each party has their own expectations and often times these expectations are not met and feelings get hurt. There are arguments and frustrations and maybe you feel like you are not getting out of the relationship what you have put in… When starting a relationship with your cloud provider it is important to understand where they are coming from, what their goals are, and you must think of an exit strategy.

NIST has put out a relationship manual called “SP800-144 : Guidelines on Security and Privacy in Public Cloud Computing”. It was developed to help you (the client) with some of the expectations that you should have with the cloud provider. It is kind of like counseling. They are guidelines to help you determine whether this relationship is going to last or fall on it’s face. It was official developed for Federal Agencies but they agree that it can be used for other relationships as well.
It was important that NIST released this document. They are the ones that I find most reference when talking about Cloud Computing. Their definition is the one most of us go by. There are so many definitions and you might as well pick one. Just a reminder… NIST’s definition is : “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned  and released with minimal management effort or cloud provider interaction”

Below are the key attributes or guidelines and MY short interpretation of them:

A) Carefully plan the security and privacy aspects of cloud computing solutions before engaging them
[ME] Make sure you set up security objectives of your organization and that everyone understands them, especially when planning for outsourcing. Make sure you plan your security based on the sensitivity of the data. In relationship terms… what is your partner’s intention? Is this a serious relationship or something they take lightly?

B) Understand the public cloud computing environment offered by the cloud provider
[ME] Understand the cloud provider. What are their policies, what are their guidelines. Don’t take this outsourcing lightly and make sure you do your due diligence when it comes to the cloud provider. IN relationship terms… determine the good parts and the bad parts of your partner and what it is that you can “put up with”

C) Ensure that a cloud computing solution satisfies organizational security and privacy requirement
[ME] Interesting section… It is somewhat the same as the section B BUT it recognizes the fact that maybe a public cloud may not work for you. It is possible that the terms of the cloud provider just do not fit your needs. It is possible that your needs can only be supplied by a private cloud. In relationship terms… prepare for other options. Understand that the partner may not be right for you in the long run and you need an “exit” strategy (One note… don’t have an “exit” strategy in your personal relationship until you really need it. :) … I am just saying…)

D) Ensure that the client-side computing environment meets organizational security and privacy requirements for cloud computing
[ME] So how are you, the client, accessing the data at the provider site? It is important to understand that accessing data that is located remotely can have security risks associated with it. These risks are inherent to any organization, whether you are a client of any type of cloud. In relationship terms: communication… communication… communication. Is it safe to tell them everything? Are the communication lines completely open or do some things get said under the breathe?

E) Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environment
[ME] Continuous monitoring is the main thread in this section. Of course it is important to monitor with the understanding of the security policies and    controls. You must be aware of all the aspects associated with the environment. Confidence in your provider can only be done through visibility and provisioning. Best line out of this section… “Cloud Computing is based on the security of many individual components”. In relationship terms…. relationships are hard and you need to work at them. If the pairing is right and you want to continue to move forward with them… work with them and show it. When it comes down to it, actions speak louder than words

If you want to review this document yourself…. click here

2 comments   |  tags: , , , , | posted in cloud security

January 29, 2012

Intel TXT Capabilities – I’m Loving It

By erinkbanks

Recently EMC and Intel paired up on a webcast to talk about the relationship between the two companies… they provided a new proof of concept. As much as I love this relationship and enjoyed the presentation ( I have included them below ), the capability that I am most interested in is the Intel Trusted Execution Technology (TXT) functionality. From a security and virtualization viewpoint this functionality is wonderful. Before I get in to the Intel TXT capability I wanted to step in to security for a couple of seconds.
I find the growth pattern that security has taken on truly amazing. In the internet age.. at first, we didn’t need any security because there was nothing to steal. Then the internet took over our lives and the digital information explosion was on a roll!! It became about protecting the perimeter and then it was all about protecting the information. Then questions came up about the hardware that we run this technology on and whether anyone has corrupted it. Wow… how security and it’s way’s have changed. I love the fact that we are jumping the gun when it comes to understanding the hardware that our information is running on. I love that you can never be too sure. It is like when people ask me about the security of the hypervisor… I always say that at this exact moment, it is safe. In actuality, we have no idea what the future holds but we know that when people want something, they will do anything to get it. You can not expect anything less.
The Intel TXT functionality establishes a root of trust. This technology establishes normal behavior for the bios and the firmware when the system/server is booting and bases future behavior off of it. The hypervisor can then be tested and verified as well. If all is good, then the hypervisor can boot up in normal fashion. If there is not a match, then the hypervisor can not launch. Even creating a policy that indicates that a VM can not reside on a host that does not have the Intel TXT functionality enabled. You know how I love policies. How cool is that!!! Getting this level of security when we are trying to boot the hypervisor is how security should be… that is thinking!!!
Last but not least… I can not ignore what RSA is doing with this technology as well. They showcased this proof of concept at RSA Conference 2010 with the VMware and RSA enVision and Archer technology. Once again helping with the security and compliance requirement and ensuring you have the visibility into this technology and your virtual environment. Without this visibility, you have nothing. What is the point of using it if you can not prove it? RSA enVision and Archer helps you with this. Click here if you want to review the press release from RSA regarding this capability. I truly love that RSA has taken the initiative here. I love the fact that that we can partner with a company that sees security on a new level and can prove it.

2 comments   |  tags: , , , , | posted in cloud security, cloud security and compliance, security, virtualization

January 4, 2012

Keep Your Enemies Closer : Advance Threat Management

By erinkbanks

I was recently watching a replay of the CBS 60 Minutes report that originally aired in November 2009 called “Sabotaging the System”. The segment talked about viruses, malware, and hackers that have infected the public and non public networks. These include the federal networks such as the US Central Command (CENTCOM) network.  In 2008 the malware, agent.btz had landed on this network. It was believed that the virus found its way through a USB stick. This virus can see everything on the network and for some reason… they cannot get rid of it. According to the following article, the US military networks still cannot remove the virus in their network.

A USB drive… it was that simple. Hackers will find a way onto a network and for some reason, they don’t want to leave. One option that people initially like to take is to  block the USB port but we all know that making security a roadblock for the users can create more problems. A better option is to  use RSA Data Loss Prevention technology to allow only certain USB drives to have access to the system.  However, in spite of  all this work, blocking and denying… they might still get in. And this is  why we employ  defense in depth (multiple layers of security).  I love the RSA DLP capabilities but we need to do more than just lock the door. Looking at the security without the rose colored glasses, you will soon find out that if you have something worth stealing, someone will look for a way to steal it and one layer is not enough. As we like to say… “there are two types of organizations out there… those that have been hacked and those that admit that they have been hacked” (I use this line almost every day).

What does this mean in the long run? It is no longer about the protection, but understanding the threat. The only way to tackle the threat is to understand the threat. Why else did we say, keep your friends close but your enemies closer? How do you do this from a networking standpoint… by monitoring what is happening on the network. We do this by understanding the technology of the malware and its purpose. You can’t protect any of the systems when it’s a new malware and very little, to nothing is known about it. You need to understand where the attackers are going and what is or is not important to them.The technology that RSA NetWitness gives you… does just that. No more saying “we don’t know when they got onto the network and we don’t know what they took”… because you can see everything on the network. It’s literally like having a DVR for your network – you can watch and play back the activity… all activity on the network. When it comes down to it, not knowing what is happening or has occurred on your network is one of the negative facets of network security. Not knowing means that you will never have the ability to fix any problems, fix any holes, protect any data because you don’t know what you don’t know and that is the worst type of security. The fact is hackers are not going away as we try to put up barriers here and there, they still find a way in. Imagine your house is burglarized after you set the alarm, locked the doors, bought the dog…. wouldn’t you want to know how they got in? Wouldn’t you want to know what they took or touched? Do you really think you will feel ok if you stand in the middle of your house and just look at what is in eye view and assume that you will find out what went wrong? It doesn’t work that way… you wish there was a camera, you wish you could watch everything – that would help you prepare in case it happens again, because you would know what they know and you could fix that issue. That is what RSA NetWitness does… it lets you see the threat and it lets YOU manage it.

Leave a comment   |  tags: , , | posted in DLP, NetWitness, RSA, security

December 16, 2011

So You Think Security is Hindering You

By erinkbanks

I was recently reviewing a blog post from a friend regarding security. The line that stuck out to me in his post was putting the “No in Innovation”… seriously? You see my friend indicated that it was a security administrator that said this. I can not tell you how angry this makes me. I understand that people are angered by security. I understand the frustration that Tyler feels with the newly implemented FTP site, I get it that you want to submit your app but you can not (my last blog post) but no one should ever feel that it hinders you. I am going to bite my tongue here and say yes…. at this moment in time, security can feel like a pain in your day to day work. You feel hindered, but it is the just the world we live in and “ten years ago” we felt hindered when we needed a password for our voicemail, or a password in general. Ten years ago we did not need to download the amount of patches that we download now, it was a different world ten years ago in so many ways.

I can not preach this enough when I say everything needs to be looked at for what it does. Seat belts have changed over time because the cars, speed limits, and distractions have changed over time. Sure some people think that seat belts hinder them, it wrinkles their clothes, it puts too much pressure against their shoulders and rests in an awkward place. People don’t like them, it hinders their driving and when you don’t put them on, the car makes the most annoying sound! Remember that when seat belts first came out, they were just a lap belt, now look at them. It is a hinderance but they save our lives. Sure you can not compare the two, but you get the point? Technically, security will never stop being a pain in your daily life because we have not stopped creating the information that can be taken. We are now in a digital world and there is no stopping us… it isn’t going to end and as long as there are people out there that want the information, barriers will continue to be built. Just look at all the barriers that we experience in our day to day life that is not digitally focused. All of these hinderances were added to our life over time, because things change. For instance, my day involved going to class. My arms were filled with books and information and my car was locked so I could not easily but all the items down (hinder #1). I bought my coffee and had to sign the credit card slip. it took a while to run the credit card and have it approved and then to sign and get a receipt (hinder #2)… lets not forget what happens when the credit card machines are not working. I had to stop at the red light and wait for it to turn green (hinder #3). I had to lock the car now that I arrived at the office (hinder #4). I got to the office building and had to pull out my badge that was in the bottom of the bag (hinder #5)… point that I am trying to make, it was not even 9:00 am and I already have five things that created a delay and a pain in my day and I was being positive. Everything is relative. You can’t get mad at the security administrator or the person that implemented the ftp site. You can’t think that security is hindering you. If you want to get mad, get angry about the people that want to steal all the data. We need to learn how to live with the extra steps and understand that it is here to stay. Personally, I think we need to have more steps but that is another blog post.

Leave a comment | posted in security

Follow

Get every new post delivered to your Inbox.