Friday, February 7, 2014

Steering a safe course – a journey through the snow!

Enjoying a drive, safely, is all part of the travel experience. When it comes to having a positive financial experience, the outlook is a whole lot bleaker. So, what can we do and more specifically, what value can NonStop provide?

Greetings from sunny San Francisco, even as the rest of the country suffers under the realities of a very harsh winter. Electing to spend a week in the Bay area certainly proved to have its upsides but little did I know just how cold it would get. However, the drive to the Bay held the promise for some tough driving, so of course we elected to take the long way to, and now from, the sunny delights of San Francisco.

Safety is of paramount importance to Margo and me as we pursue our business travels. A long time ago we gave up on flying, as many readers will recall, and it wasn’t just that flying had lost much of its glamour, but rather, not having options turned out to be an option we neither enjoyed or even came close to tolerating. A safe journey is not only about what we encounter on the road but often extends to the vehicle chosen as well as the weather we would likely encounter on the route.

Needless to say, as snow descended on the Rockies last week we headed south and came to the Bay via Santa Fe, Flagstaff and Los Angeles. The return trip however, saw us dropping in on good friends at Incline Village, Lake Tahoe, so the choice of south, north or west became problematic as every direction predicted snow. Suddenly, enjoying a safe trip home looked less and less likely.

Personal safety seems to be on nearly all of our minds these days. And not just when it comes to travel. Each time I pull out the plastic to pay for gas at some remote filling station, the thought passes through my mind – who else is seeing my personal information? Where is the information on this card likely to end up? Just as importantly, too, is whether I really care any longer – increasingly, I am sensitive to working through just how much loss I am prepared to accept at any point in time, as surely, I am bound to encounter something fraudulent at some point.

With time on my hands travelling, I was able to catch up on my reading. While reading Time magazine I came across Fareed Zakaria’s column, The Case for Snooping. According to Zakaria, “The Chairman of the Joint Chiefs of Staff pointed out recently that since 2012, cyberattacks on America’s critical infrastructure – chemical, electrical, water and transport systems – have risen seventeenfold.”

However, Zakaria then reports of how, “Every major bank and corporation, from Bank of America to Goldman Sachs to the New York Times, faces almost continuous efforts from abroad to penetrate its networks, mine its data, disrupt its procedures and steal its secrets. The effects can range from disruption of transactions to systems damage that feels more like a military invasion.” Yes, we are at war as I have reported elsewhere and yes, we are in an arms race, according to HP CEO, Meg Whitman.

The events of the past couple of quarters effecting everyone from Target shoppers in the US, to loyalty card holders in the Middle East, is simply reinforcing the message that safety is not something we can assume others will take responsibility. I think we will all face decisions every day about just how (financially) exposed we will be prepared to be as we participate in a transaction. The CIA first talked about their systems not being connected to the network, any network! Operating in isolation, apparently, with access restricted to just a highly monitored console.

Unfortunately, when it comes to consumers like you and me, this is too draconian and a circumstance business cannot emulate. Or can it? Hard at work at our PCs, smartphones and tablets, are fraudulent intrusions simply becoming a ho-hum fact of modern life? Should we just give up and factor in a level of loss we can accommodate? As systems tap into even more networks and the applications we depend upon become even more complex, have we missed something very basic? Is there a silver bullet hiding within the implementations we have already deployed?

“Assume PCs and devices will be compromised. It’s virtually impossible to make any device 100% secure,” observed comForte CTO, Thomas Burg, in an upcoming article for The Connection. “Security teams need to assume these devices are vulnerable, and use that understanding to guide their security approaches.” In a separate exchange, Burg then wrote, “Complex systems are inherently harder to secure, but again I don’t see systems becoming less complex. Just as in other areas, there is no silver bullet. People need to realize it is on ongoing task and stop underfunding and under-prioritizing it.”

The CIA didn’t plug into the network but when it did, it was directly to a device, or so the story went in the film, The Recruit. Few who watched will forget the flash-drive concealed in the bottom of a Starbucks latte or how, following a dramatic descent into a secure site, Mission Impossible hero, Tom Cruise, gained access to a CIA computer console. All great theater but in reality, not something that resembles the user experience we all encourage so openly.

But could there be a case for disconnecting end devices from intermediate devices? Should card scanners be connected directly to PC based cash registers or other in-store servers? Is this all really necessary? What if the devices we interact with (and provide personal information) are all directly connected to NonStop? According to OmniPayments Inc. CEO, Yash Kapadia, this holds some promise. 

“While it may be true that security will be a problem for all in IT – vendors and users alike – there are steps that can be taken to make life for the bad guys a lot harder,” said Yash. I see no reason for continuing to allow access to end points, such as the POS devices themselves as well as the in-store controllers so many of them rely upon. This is just a reflection on how things were done in the past and no longer reflect the best approach when it comes to locking out unwarranted access.”

“With OmniPayments, we embraced an architecture that fully exploited the power and capabilities of the latest iteration of NonStop servers. Today we connect end points, such as POS devices – those terminals directly involved in scanning and approving cards credit and debit – directly to NonStop and make no requirements to have them connected either to the cash registers or in-store controllers,” Yash then explained. “To get to these POS devices, you have to get past the NonStop and this simply makes getting to the POS devices so much harder – the dedicated and persistent hacker has few options with this solution and to date, there’s been no successful attack via our solution.”

Could our safety be tied to NonStop; could the role of NonStop return once more to being our guardian? It’s not too much of a stretch to consider and many of the steps required for NonStop to fulfil such a role have already been completed. To anyone who checks the discussions on LinkedIn groups associated with NonStop, it would be hard to miss how often scenarios involving NonStop in a protection role come up. And for all the right reasons; this is second nature to the architecture of NonStop.

While in Palo Alto, Margo and I had the good fortune of catching up with HP VP and GM, Integrity Servers, Randy Meyer. We covered a lot of ground during the time we spent discussing NonStop. However, when the subject of security came up and of the vulnerability to hacking being visited on commodity servers, Randy observed that, “For some it will make sense to position commodity servers including Linux and Windows behind a NonStop gateway.”

Ultimately, I believe personal security will be up to us – we have to be involved. Looking at today’s complex systems getting even more complex, there’s no silver bullet but we may be able to help our cause minimizing the number of hops present in any given transaction path – the simplicity of direct connection holds a lot of appeal for me. Injecting a NonStop to remove possible access to our commodity servers will likely gain traction too in some markets, even as the security attributes of NonStop become more widely known those supporting modern, mission-critical applications.

The next time I pull out the plastic before pumping gas, I will not experience anything different to what I already do. Bad folks are out there and it’s only a matter of time before I too am compromised. In the end, unfortunately, I will have to make some decisions when it comes to just how much I am prepared to lose – and try to reduce the exposure – but stopping it altogether? For most of us, however, we clearly sympathize with King Canute as we too vainly try holding back the tide!

No comments:

It’s time for three more wishes for NonStop!

Three years have come around rather quickly this time but it’s still worth thinking further ahead when it comes to our wishes for NonStop ...