Decentralizing Security


Gunnar Peterson has a couple of great posts on decentralization and security. He starts off with this thought:

Now let's consider security architecture. How many times have you heard a security architect say "if we could just centralize X" our problems would go away? Guess what buddy, your business is not going to centralize everything any time soon, and they REALLY are not going to centralize just so you can roll out your Access Management suite or whatever.
From 1 Raindrop: Decentralization and "Good Enough" Security
Referenced Fri Oct 13 2006 10:29:25 GMT-0600 (MDT)

There's lots of tie-ins and cross references to security in the global, world-view sense as well. So much so that Thomas Barnett referenced it as well. Gunnar's reinforcing a lot of the ideas that Barnett makes in Blueprint for Action.

This idea is the premise of my own book on digital identity: the old centralized models that require everything behind a firewall no longer work and good identity infrastructure is crucial to resolving that dilemma. I'm writing specifically about idenity in the computer-system sense, but there are close parallels to the global world as well. Note that if you've read my book you'll understand that this is a far cry from a call to implant RFID chips in everything that moves. (Read Jim Harper's Identity Crisis for more on this as well.)

Gunnar's two posts are long, but if you care about security, whether from the computer security point-of-view or otherwise, they're worth reading.