CyberSecurity —What Needs to Change

At its core, the current client-server architecture is broken. In today’s applications, the server is at the center of trust and authority.

To trust the server, you have to trust the millions of lines of code that form these servers and the operating systems they depend on. Far worse, we also have to depend on all the people that maintain the systems, the systems those people depend on, and so on. Internally, you have to trust your own IT staff, admins, and others who have the ability to access data they lack the legal or policy authority to see. In classified spaces, you see an example of this with system administrators being granted special clearances to be able to administer conventional services such as wikis and email.

Any one compromise within the system — from security bugs in the server source code to a compromise with any of the innumerable vendors in use within the modern enterprise, to compromised or malicious internal privileged users, can bring the entire system crashing down. The data in the modern environment is too important to have single points of failure for the entire system.

To learn more, please contact me @ SpiderOak.

You may also like