How can the use of technology in security both a) protect the Enterprise in a world of digital native desires (balancing being critical national infrastructure), whilst b) accelerating innovation instead of being a barrier?
There’s No Spoon
One important thing to realise is that nothing is unbreakable. As much as Oracle wanted, and even named their Linux distribution Unbreakable Linux, anything is breakable. Thus, designing based on the assumption that the system is unbreakable is futile. Instead, we can base our design on the assumption that things will break and design for them to recover quickly.
Be Like An Onion
Humpty Dumpty had a fall and had all its brain splattered on the floor. Why? Because it relies on its shell only, but nothing else to protect itself. Be like an onion, even after peeling off the first layer, there are still a lot of different layers all giving out stinging gases to stop you from going further.
Have Many Onions
While it’s OK to start with just one onion, the Enterprise is too big, and having one big onion structure to protect itself is inefficient and almost impossible. Instead, have many onions, when one bug breaks into one onion, it still has to use the same effort to break into the next because there is a zero-trust boundary between each onion.
Digital Native is a good thing. It allows you to focus on the top layer where the customers see. However, it needs solid foundations, aka Platform and Infrastructure. In some cases, the foundation is GCP, in some cases, it’s AWS or Azure. It means Google, Amazon or Microsoft will secure the Platform and Infrastructure for you. However, you and ONLY you can secure the application codes!
One way to secure your code is to adopt DevSecOps. You can see more in my blog DevSecOps is Dead; Long Live DevOps — Shifting Common Sense to the Left.