The Invisible Cities of Data Security Curiosities: Report from Gartner Security and Risk Summit 2015
Between flights from D.C. to New York to Milwaukee to London, I wanted to share a kind of wild anecdote from this week’s Gartner Security and Risk Summit.
In order to shut out the hackers and attackers from his business’ data, one infrastructure leader came up with a Rube Goldberg-style virtual hardware solution. Boiled down, no servers had more than 10 minutes of life. After this blip in time, each server was automatically torn down with another, 10-minute server automatically wedge in as a replacement. Duplicate and automatically repeat, to the tune of 144 “servers” used every single day. This way, he explained, nothing was patched and no one inside or out had the sheer physical time to steal anything of value from his business’ networks or storage.
I sat there not knowing if what I heard was ingenious or crazy.
Sure, he cuts out routes into and out of systems. That removes two of the main elements of a true data breach. But it’s the third, central aspect of a breach – accessing the valuable data – which remains exposed. While the servers may be set up in a way to cut out the time to access the data, the process to achieve this feat is really a work-around on protecting the information itself. Oh, plus everything around bandwidth, maintaining this extraordinary operation and how this home-spun solution would be explained to his employees or predecessors.
Still, in a mad world of data security, I can’t blame a guy for trying and, by his accounts, succeeding. It also exposes the need for smart and, hell, crazy ideas to keep information protected and in the right hands.
In author Italo Calvino’s “Invisible Cities,” vignettes detail the oddities and profundities of imaginary spots around the ancient world. One concocted city, Leonia, wasn’t too far off from the 10-minute servers; each day, everything old is swept away and tossed aside, to start anew the next.
I’ll share more thoughts next week from both the Gartner event as well as my time in the, ahem, spotlight with Eric Hanselman of 451 Research during the Interop event at London Technology Week. But for now, I turn to you with the question I asked some of the many, many smart folks I met at the Gartner event: what’s the wildest solution you’ve heard to a security problem?