… What is right? Sewer Rat or Bubble Boy
Let’s talk security with an analogy from parenting. However as a precautionary measure, I would like to declare beforehand that am not a parent yet, thus my views are observational. If we look closely, parenting across the world has evolved over the last two decades. Few of my cousins who recently became parents, while watching them parenting and meeting other parent friends, I at times feel like a proxy parent; it’s a weird feeling!
When I discuss with them and compare how we were brought up when items like hand sanitizers never existed versus today’s parenting concerns, how we all survived is a miracle. These days, as soon as kids touch a bit of dirt, parents run behind them to wash or shower them. We never had this experience in the early 90’s, as we used to play in rugged fields, roll in mud, make cakes out of it and at times, even eat them. Our parents never freaked out! Not because they cared less; they rather wanted us to build an immune system robust enough to bear extremities. Recent researches unearth a concerning phenomenon; the rate of weak immunity among kids is alarming. It is proven that if you raise your kid in a sterile environment, they aren’t going to develop a robust immune system; however playing in the mud possibly can. You might be confused where I am going with this analogy. So let’s connect this story with the world of cyber security.
Let us compare security aspects such as isolation, obscurity and parameter principles with sterile environment parenting. We all know these approaches are failing miserably to protect large public or enterprise systems. If we see through an honest security lens, what corporations do when they interconnect their systems or they connect with the Internet is that, they construct moats and walls, leverage perimeter security and use military analogies as firewalls and demilitarized zones. This gives an illusionary protection against complex threats and approaches fail to deliver security with help of this sterile approach. We are building a ‘bubble boy IT’ and believe that when it is exposed to the external world, all will be ok.
Can we learn from a sewer rat equivalent in the cyber world, i.e. bitcoin? To put it simply, bitcoin is like a kid eating mud cakes and playing in rugged fields. A system with immunity, something which is consistently exposed to bacteria and pathogens. Let’s go one step further; bitcoin is like a swarm of sewer rats, with gnarly missing eyes, claws and tails who eat raw sewage, trash, virulent things one even cannot imagine. Picturing this is horrible, but a swarm of sewer rats may never have any allergies and it may never sneeze because of a minuscule pollen. The same philosophy architecturally is ‘DNAed’ in bitcoin security architecture, attacks like DDoS are happening since last ten years, the meanest and the brightest are working against it, but the nodes are still surviving. This is all due to the open nature of its security architecture and leveraging community network effect to build resiliency rather being dependent on perimeters and limited set of participants.
There is a misconception that having your data on the Internet, without controlling it centrally, is weakness. It is not! The sewer rat out in the world is not weak, actually it is the most robust system one can build, which is constantly under attack. What denatures and makes a system weak is, wrapping it in a bubble. The key learning is, security is like life, which is a journey, a process which consists of openness and exposure. The process in which all systems are agile against new attacks, making the system robust dynamically and less fragile. The choice is yours, build a bubble boy or swarm of sewer rats?