Today’s technology vs. “what would be great!”
I am going to try to make this short since Treasure Hunters is about to come one, so here goes. I posted yesterday on my Computerworld blog about some stuff I wrote for a friend of mine on two-factor authentication. I checked back today to see if I had any comments, and I did (woo hoo for me). I read the comment, and here is part of what I got:
What is needed is “smart” content that works with multiple trust levels, that self-authenticates not only the content but the user as well. This is done using a modified token inside the content. It also creates an audit trail within a token receipts for archiving.
Content-centric security allows content to be securely transferred globally and outside the enterprise, without centralized authority. No, there is no standard but this approach solves most, if not all, of today’s issues concerning authentication.
OK, this really gripes me. First off, there is so much of this “we need this” and ”we need that” and it would be great if…” and ”this would solve so many problems” that I am going to puke. I am just tired of hearing it. Yea, there are a lot of things out there that need to be done, but since when does a “need to be” turn into something tangible overnight? Not to mention the fact that this guy sounded like he was trying to sell something and then didn’t even link to a website or anything.
I am not arguing whether this guy is right or wrong. I am not arguing whether or not the state on InfoSec needs to change (it does). Basically, I just want people to be realistic and deal with what is available today. I am not asking for status quo. I just want people to recognize that us guys and gals in the trenches need to use products that are on the market now. If we were supra-geniuses that could make up new technology to protect our network while sleeping, then we would do it. But we aren’t and we can’t (I guess I should speak for myself). We rely on those people who research this stuff to do that.Â
So friggin’ stop arguing with me every time I say multi-factor authentication is a good idea!  It is what we have today. Just because it can be compromised in some fashion does not mean I should take it out of my network. Once again, DEFENSE-IN-DEPTH!! It is another layer.
I am not against research and looking for something new. I just am tired of being preached at about how something is better when it ain’t even sold by anyone yet! Sheesh.
Vet
