Tuesday, September 16, 2014

Defense In Depth: 2500 Years and Counting

That 2,500 year number is probably conservative. Funding issues, for those security worker-bees trying to deploy along the lines of a defense in depth strategy, may be even older. It seems likely to me that the first bright spark who thought of it either could not get the tribal elder to agree, records from more than 2,500 years ago have not survived, or (more likely) I have suffered a research failure.

This image is of a defense in depth deployment, c. 500 BCE. 2500 years ago, at DĂșn Aonghasa, County Galway, Ireland. The Iron Age. Brutal weapons, very little medical knowledge, and a life expectancy of 26 years.

It is probably safe to say that defense mattered to these people, on a level more fundamental than identity theft, problems with current near-field payment schemes, or any other current IT security concern. Being hacked by an iron sword has more immediacy than being hacked by a network intruder. The prospect of a horribly painful death tends to focus the mind on what actually works.

Note that

  • No military (collectively, they know a thing or two about horribly painful death) of any nation, has ever had a problem with the value of a defense in depth strategy
  • Even the militaristic United States of 2014 has funding problems

No comments:

Post a Comment

Thanks for your comment; communities are not built without you.

But note than comments on older posts usually go into a modertion queue. It keeps out a lot of blog spam. Weird links to Web sites hosting malware, marketing nonsense, etc.

I really want to be quick about approving comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.