IT Security
Security lessons from ITs middle ages
IT Security
Like an old soldier loyal to the old general, I remain dew-eyed about
Kenneth Olsen. The founder of Digital Equipment Corporation and now well
into his 70s, Olsen continued to advocate order in technology when it
must have seemed like the IT world he helped shape was disintegrating.He
might well have wept at the Infosecurity Europe event in London last
week, had he seen the scurrying attempts to fix the self-sustained woes
of business computing today.
Olsen was an IT legend before the
IBM PC was dreamt up and Silicon Valley became the playground of startup
millionaires.He called Unix “snake oil” and decried the way computers
became systems for running PowerPoint and networked Doom rather than
number- crunching boxes dedicated to providing business information.
Olsen saw “no reason why anyone would want a computer in their home” and
called PCs “cheap, short-lived and not very accurate”.
Today,
Olsen has largely been scrubbed out of history. Its hard to believe that
in 1986, Fortune magazine described Olsen as “the most successful
entrepreneur in the history of American business”, or that The Wall
Street Journal compared his legacy to that of Henry Ford. Olsen learned
IT the hard way. Between his studies at MIT in the 1950s, he served in
the US Navy and Air Force. In 1957 he set up Digital, the firm that
created the minicomputer and breakthroughs in databases, memory,
processors and network switching, through to the AltaVista search engine.
Olsen was even far-sighted enough to execute a matrix management structure
that demanded all parts of the firm built consensus with all others. The
flat, non-hierarchical structure persists today, though critics blame it
for Digitals slow decision-making in the 1990s.
What Olsen and
his peers knew was worth knowing. They knew that quality engineering
would prevail and that a holistic approach to management was beneficial.
They saw computers as hugely powerful calculating machines that were not
necessarily tools for all. Despite decades of trying, nobody has built
computers as secure as the mainframes and minicomputers that dominated
the earth in Olsens day.
It is unpopular to say so, but Olsen and
peers such as mainframe innovator Gene Amdahl had a point when they said
an IT architecture based on a mish-mash of public and private networks,
operating systems, programming standards, applications and file types
and drop-in users was a house that could not stand. It was only by
instilling order in the design and deployment cycle that security and
scalability could be achieved.
The rise of client-server
networking made distributed computing affordable and put a PC on every
desk, but at a cost. Users set up their own fiefdoms and IT departments
let the lunatics take over the asylum. Today, plugging in your own
devices and software is the norm and email attachments are opened
without proof of provenance.
Low-level administrators hold
datacentre keys while firms reputations are in the hands of personal
emailers.Worms exploit scripting options left open, and crackers can
break supply chains. Few of us want to go back to the pay-up-or-shut-up
closed-shop vendors of the mainframe days, but the veterans of
proprietary computing might have some lessons worth sharing.