Also via Twitter last night, I saw the article, This is why we can’t have nice things (in government). The article is short, and while targeting Canadian government, it mixes subjects by bouncing between “enterprise” and “government” technology, which I think are two different beasts.
But the point holds up either way: new consumerland happy creative tech is *not* necessarily easy to apply to enterprise needs.
This brings up the question: Which side should give ground here, the enterprise with its rigid needs and bureaucracy and efficiency/scale, or creative solutions by smaller creators (I’m hesitating finding an appropriate word there)?
My brain wants to side with enterprise, because the cost of supporting and cleaning up messes from self-imposed inefficient tech is grossly misunderstood outside IT (and accounting). But my gut really wants to side with the creative and (possibly) useful tech that abounds in the world today. You can probably do some really awesome things and get some excellent things done when embracing newest things.
From a security standpoint, it’s not as clear either, once you dive in. If a company of a few hundred people embraced new tech and allows consumer devices and such, does that put them at more risk? Probably. But do they *realize* more security incidents? I’d *guess* not, but only largely because this new tech is new to attackers as well! Attackers don’t have efficient attacks and may not understand it either. I’d say if anything increases, it would be accidental or opportunistic issues, or perhaps blended ones like when a SaaS provider on the
Internet cloud gets their database popped and accounts divulged which are the same passwords your CEO uses on his Gmail account that also controls his Android device…
In the end, I consider this a good thought-scenario exercise. People who are bleeding edge on tech will learn things that tech teams in tech from 5 years ago never will learn, and vice versa, even.
For the record, this little internal warzone of enterprise vs consumer vs bleeding edge is, in my opinion, a healthy state to be in. Being in security isn’t about being paranoid about authority, but rather being in a state where you question and challenge everything (which roughly aligns with traditional definitions of “hacker.”)
The again, this article may just be a disgruntled developer whose “brilliant” ideas just aren’t being realized by the “dumb” masses… (The author also makes quite a few assumptions here, so it really does read a bit disgruntled, but the points end up being poignant!)