After years in the information security space there are few things that get me misty eyed like a massive data center. In part because it gives me a chance to reminisce about the good old days. Hundreds of hours sitting cross legged on the floor shivering while tapped away on my keyboard trying to deploy or recover a system. Ah, good times.
But, as with all things, change is inevitable. One example of this is that it has become abundantly clear that castles simply do not scale. What I mean by this is that the old way of having all of your servers and appliances in a dedicated data center has to change. We all had a good giggle when Microsoft had their advertising campaign a few years ago with the battle cry “To the cloud!” While this was amusing, it was spot on.
If you do not already have your architecture at least partly in the cloud you will find yourself left in the dust. In what is a surprise to almost no one, cloud has become the great leveler for business. Small shops with 50 people can now compete against companies with thousands. Large shops can become far more nimble.
It is important to note that not everyone is happy about this change. Why? We humans are a fickle lot. When we look at Maslow's hierarchy of needs we see near the bottom of the pyramid, safety. We get used to a certain way of doing things and find that we are reticent to alter the day to day as we perceive this as a threat to our job safety. The catch is that this is often more of a threat which limits our ability to move up the stack to self-actualization.
Yes, a little tongue in cheek but, let’s take into account a gent I knew who was a box hugger. This guy was responsible for security for a company where he ran the intrusion detection systems, firewalls, anti-virus and so forth. He found it very difficult to let anyone else touch these systems. This even included patching and all configuration.
He didn’t trust that the server support team was able to do a good job. Inadvertently, this gent had painted himself into a corner. He was unable to move forward in his career as he had dug in like a tick and was incapable of seeing the bigger picture. Not until a mentor sat him down and pointed out that change, while painful, is actually a good thing. He could not move forward to bigger and better things in his career until he learned to let go.
That box hugger was me.
I had managed to convince myself that in order to keep the organization secure that I could not allow anyone else in. I was palpably wrong and I wasn’t able to see that until my mentor walked me through it. A lesson that I will be forever grateful for.
When we jump forward to present day we need to have that wider conversation with the box huggers like I was once. It is alright to move to cloud. It is OK to let go of your boxes and embrace change. You won’t lose your place in the organization rather, your role will evolve. There is a need for security practitioners now more than ever.