When I entered the information security world in late 2001 I received training on communications technologies that included a significant interest in confidentiality. Obviously the rest of the trifecta, integrity and availability, were also important but maintaining communications security was king.
Now, almost fifteen years later, I’m still focused on the trifecta with confidentiality coming out with a strong lead. But my goals have changed. While confidentiality is an important piece of the puzzle, for privacy and other reasons, I feel it should no longer be king with my work and writing.
Over the coming weeks I plan to focus on the availability of data. And not just whether or not a file is on a server somewhere but diving into the heart of the availability problem. File format standards, flexibility of the data to be used with accessibility tools, ability to translate the words into other languages to ease sharing, and the ability to move the information to other forms of media to improve access are all topics I want to cover.
I’m largely writing this as a reminder of ideas I want to research and discuss but I hope this gets other people thinking about their own works. If you have a great idea don’t you want to make it easier for other people to consume your thoughts and be able to build on them? Unfortunately the solution isn’t simple and I suspect much will be written over time about the topic. Hopefully we’ll have a solution soon before that StarWriter file you have stored on a 5.25″ floppy drive is no longer readable.
As a security engineer it’s usually difficult for me to endure many of dumb things companies do. It’s quite sad when a company that prides itself on creating solutions for building internal solutions to protect customer data actually starts pushing its own data out to Google and other “solution” providers. It’s as if they don’t actually believe in their own products and actually think that a contract will actually protect their data.
So it’s quite refreshing when you run across a group that actually gets information security. Recently, I ran across the information security bulletins at CERN (particle physics is another interest of mine) and was excited to find a group that actually gets it. They provide internal, secure solutions for getting their work done without using outside solutions such as Google, Apple, Microsoft, Amazon, and Dropbox cloud solutions (I wish more of the internal solutions were FOSS but…). In fact, CERN feels externally-hosted solutions are a bad idea for both business and personal uses. I concur.
Here is a sample of their infosec bulletins:
What about you? Do you care about the security of your information?
Not to get into the political battle that is occurring in Egypt but I wonder how the organization of both news gathering agencies and organizers would have fared had they been using StatusNet software (the software that supports identi.ca) on a local computer inside the country instead of utilizing Twitter servers that were located outside Egypt. When the Egyptian government removed their BGP routers from the Internet they essentially left the Egyptian Internet as an intranet which would have allowed communications within the country.
Just thinking out loud…