roger.plowman - Monday, February 25, 2019 9:13 AM

When governments cannot properly secure their data, when mega-corporations cannot secure their data, that's a glaring neon sign saying we need to fraking stop trying to store sensitive data because it's too damn difficult to secure it. This isn't an issue of screwups or bugs, this is a FUNDAMENTAL problem, probably an NP problem.

We don't know how to secure data. Full stop.

Yes, we do a fair job of securing data. But in this case "fair" means "not at all". It only takes *ONE* hole in the security to render not only that company but any other company using the same software/framework/consultant group vulnerable. Once the data's gone, it's gone forever and can never be retrieved.

The problem isn't just that we suck at security. The problem is simply that we do not understand the problem domain, we have never fully understood it, and probably never will. There are too many different ways to screw up security, we're in the position of living in a submarine with a sub-standard pressure hull, and we insist on taking that sub below crush depth. Worse, we encourage everyone, including family to come along for the ride.

The cloud only makes this worse.

1. An infinite attack surface, literally any hacker anywhere on the planet can attack the data. If not directly, then through a clueless end-user in the country of interest, even the CITY of interest.

2. A concentration of valuable data in a single location, making itself an "attractive nuisance" (in the legal sense).

3. Pressure to get code out the door without the (seemingly) infinite tests required to weld most of the seams in that software pressure hull.

4. An insistence by every sales-weasel and their brother to collect and squirrel away EVERYTHING THEY CAN about their customer "so we can improve the customer experience".

Add it up and you end up with the apocalypse we currently have.

Until the above issues are addressed, and a fundamental new approach (no idea what it might be) is adopted, we are screwed. And it's only getting worse.