Microsoft: War on Terror overblown
Aug 8, 2007 | 10:24 am
#1
Original Poster
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
Microsoft: War on Terror overblown
Nice article today that's relevant to security. MS isn't known for security in the IT world, but this guy makes a lot of sense.
War on Terror Overblown: Microsoft
War on Terror Overblown: Microsoft
Originally Posted by The Article
When does too much security become, well, too much? According to Steve Riley, senior security strategist at Microsoft, it becomes too much when the cost of mitigating the risk outweighs the cost of that which you are trying to protect.
Steve's approach to security spans all horizons, not just information technology. He elaborated on this theory in an afternoon session today at Microsoft Tech.Ed entitled "Making the Tradeoff: Be Secure or Get Work Done".
The cost of securing an asset is not simply the absolute cost of purchasing an enterprise firewall or business-wide malware software, according to Riley. It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem, bizarre as it may sound, it might not actually be worth it.
<snip>
And this goes all the way up to the US's so-called "War on Terror". According to Steve, are any of us really made safer by taking our shoes off to go through metal detectors? Surely X-ray scanners which can see right through people's clothing is an unacceptable breach of privacy? At the very least, do we want to live in a society where this is the accepted norm?
Regardless of the answer to these questions, go back to his approach with children and strangers - recognise the methods of attack, rather than focus on stopping the tools. Why did the September 11 terrorists use planes to destroy the World Trade Centre? Because it was probably the easiest method at their disposal. If a terrorist wishes kill people at an airport, all the security in the world won't stop them from detonating the bomb while waiting in the security lineup.
These are sobering thoughts, and they do make you take a second look at the vast amounts of money and effort going into security "measures" which do much to remove personal liberty and intrude in our daily existence, yet prove remarkably ineffective at actually stopping anyone determined to succeed.
Steve's approach to security spans all horizons, not just information technology. He elaborated on this theory in an afternoon session today at Microsoft Tech.Ed entitled "Making the Tradeoff: Be Secure or Get Work Done".
The cost of securing an asset is not simply the absolute cost of purchasing an enterprise firewall or business-wide malware software, according to Riley. It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem, bizarre as it may sound, it might not actually be worth it.
<snip>
And this goes all the way up to the US's so-called "War on Terror". According to Steve, are any of us really made safer by taking our shoes off to go through metal detectors? Surely X-ray scanners which can see right through people's clothing is an unacceptable breach of privacy? At the very least, do we want to live in a society where this is the accepted norm?
Regardless of the answer to these questions, go back to his approach with children and strangers - recognise the methods of attack, rather than focus on stopping the tools. Why did the September 11 terrorists use planes to destroy the World Trade Centre? Because it was probably the easiest method at their disposal. If a terrorist wishes kill people at an airport, all the security in the world won't stop them from detonating the bomb while waiting in the security lineup.
These are sobering thoughts, and they do make you take a second look at the vast amounts of money and effort going into security "measures" which do much to remove personal liberty and intrude in our daily existence, yet prove remarkably ineffective at actually stopping anyone determined to succeed.
Aug 8, 2007 | 10:46 am
#3
A FlyerTalk Posting Legend
Join Date: Sep 2002
Location: LAX/TPE
Programs: United 1K, JAL Sapphire, SPG Lifetime Platinum, National Executive Elite, Hertz PC, Avis PC
Posts: 47,183
Excellent article...I hope poor Steve enjoys his stay at Guantanamo after being renditioned for opposing the Fatherland.
Aug 8, 2007 | 1:26 pm
#5
Join Date: Dec 2002
Programs: QR Plat
Posts: 2,889
Lots of good comments on this, even non-IT-wise at /., more info here:
http://slashdot.org/comments.pl?thre...nge&sid=264303
-A
http://slashdot.org/comments.pl?thre...nge&sid=264303
-A
Aug 8, 2007 | 1:55 pm
#6
Original Poster
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
Lots of good comments on this, even non-IT-wise at /., more info here:
http://slashdot.org/comments.pl?thre...nge&sid=264303
-A
http://slashdot.org/comments.pl?thre...nge&sid=264303
-A
Didn't get to read the forums ... usually they're flame bait.
Aug 8, 2007 | 6:03 pm
#7
Join Date: Dec 2002
Programs: QR Plat
Posts: 2,889
-A
Aug 8, 2007 | 7:13 pm
#8
Original Poster
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
Aug 9, 2007 | 2:11 am
#12
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,077
Microsoft is concerned that attracting talent from abroad is getting tougher because of the misadventure and other items that have come along with the "War on Terror".
Aug 9, 2007 | 8:51 am
#13
Original Poster
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
I think it's a valid concern not just for MS but a lot of tech sector companies. A lot of Asians are employed as engineers and developers in that sector.