Why Things Are Not Safe
When people apply common sense to online security, it appears fairly obvious that things would be better if companies just bought the right security. While that concept appears sound, the reality is completely different.
Outside of the security vendors themselves, no company can sell its products or services better by simply saying they are more secure. Consumers want the protection but they really do not want to pay for it. This trickles down into every aspect of enterprise planning and it forces security to the fringes. Any good CIO/CTO will always boil down an IT initiative to the basic tenants of business – will this effort drop the bottom line or open up a new revenue source.
Security accomplishes neither goal.
To compound the issue, security has been sold by snake oil vendors for a long period of time and corporations have no idea if the security is working or not until it is too late. When the companies do get attacked, the security that they have is quite often obsolete and not doing the job it was supposed to do. For us, this would be akin to paying for years for disability insurance only to get injured and find out there is no money coming from the insurance provider.
As a security company, we struggle to find any other value add we can bring to the table and resort to making security a side benefit instead of a primary focus.
The Real Problem
Underlying these issues is the actual culprit – static, blind security. Prior to Bear, security has always been a solution fixed in placed and deployed without any sort of oversight. I often call this the digital scarecrow scenario where a vendor throws a digital scarecrow in a field of corn and then walks away hoping the crows don’t eat the corn. Of course, the crows are going to eventually ignore the scarecrow and eat the corn and, since there is no overview, neither the vendor or the corporation knows when that will occur.
I find it vastly amusing that security is so blind by default or disparate by nature. In the first case, take your kids to the middle of a bad neighborhood, give them each $100, blindfold yourself and try to protect them from being robbed. This is literally how most communications security works today.
In the second case, take a picture of your kids huddled together in a dark alley of that neighborhood, jump in your car and drive 50 miles away, take out the picture and try to protect your kids. This is how the “new age” of security applications work – pretty pictures, no ability to actually do anything.
Now don’t do either one of these things – please – but you get the idea.
Security is either put in place with no concept of its effectiveness or the “security” shows you some level of visualization of a potential problem and then says “good luck fixing it!”
And we wonder why enterprises are over buying security for the sake of protection?
The solution is simple – actionable visualization. See a problem, fix a problem. Show me the security at whatever level I desire and give me tools through that picture to take direct action. Baked into this ability to act is the ability to actually change the security – identification, authentication, authorization, and encryption – on the fly.
And do all of that with no business disruption because if another security NBT (next big thing) forces my users to change how they operate, I am going to scream.
This is what Bear is providing for devices – we call it Visual Device Management (VDM) and we are focused on the IoT for obvious reasons. We think this is how all security should work…
Common sense – right?