“Put all your eggs in one basket and then watch that basket.” — Andrew Carnegie
Many people take Carnegie’s advice to heart when it comes to security. They anchor almost all of their security with a single vendor, and the vendor is more than happy to oblige. Most infosec vendors seem incapable of designing security architectures that don’t put their products at the root of all trust. “Just give us your keys,” they say, “and we’ll take care of the rest.”
It’s not just that this is the easiest architecture to design, it’s also to the vendor’s benefit if their customers are fully dependent on them. When you outsource all security decisions and trust, both the individual consumer and the enterprise are incapable of protecting themselves in the face of threats. When inevitably there’s a hole in the vendor’s basket and eggs start to break, the customer discovers just how powerless they are to do anything about it. Often they even find it challenging to get information about the size of the hole and whether their eggs are affected.
We live in an increasingly interconnected and interdependent society. Many people have realized over the past few years just how dependent they have been on outsourced infrastructure and supplies, and how unnerving it can be when those things are disrupted. In response, a number of people have changed their focus toward more self-sufficiency.
While there are exceptions, few people focused on self-sufficiency want to be completely off-grid with no dependence on society. Instead, people see the risk of being fully dependent upon others for all their needs, and realize they need more balance. This balanced approach means reducing, not necessarily eliminating, ones dependence on others. Instead of disconnecting from the public electric grid, you may install solar panels and backup batteries for when the power goes out. Instead of becoming a farmer or a chef, you may grow more of your vegetables in your own garden and cook more meals at home. Instead of making everything from scratch, you may find local sources for important goods, and learn how to repair things yourself.
We need a similar movement toward security self-sufficiency. Like with the larger self-sufficiency movement, this doesn’t mean eliminating all dependence on others. Instead it means reducing that dependence and increasing your own ability to manage your security. It means moving some of your eggs into your own basket.
Read the rest of the post here: