A Short Tale of the Black Sheep of -ITY
Once upon a time, computer engineers of the ancient world used the abbreviation of “-ITY” ([eye-tee]) as a shorthand for “Information TechnologY”. It was an appropriate abbreviation as it reminded everyone of the core purposes and aspects of information technology, which made not only the computer engineers, but also their clients, happy.
Whenever the engineers were programming a software application or setting up a computing service to cover the needs of their clients, they stuck to the four paradigms of -ITY:
* “Functional-ITY”, i.e. ensuring that a service or application has a purpose and a justification of being;
* “Avalabil-ITY”, i.e. ensuring that this service or application is functional whenever a client wants to use it;
* “Usabil-ITY”, i.e. ensuring that this client does not get fed up by a badly designed user interface or disappointed by the service’s or application’s workings, and, thus, avoiding that either is abandoned;
* “Maintainabil-ITY”, i.e. ensuring that the developers do not get fed up by the application’s architecture or service configuration and, thus, avoiding that either is orphaned.
It was to the benefit of everyone. Following those four paradigms guaranteed properly designed applications and services. A win-win situation and a paradise for clients.
But with the dawn of the Internet, the nice-and-cosy world of -ITY was threatened. Evil coders and attackers entered the scene and started to harass and violate the four paradigms. With evil coders introducing vulnerabilities and bugs in applications, suboptimal “Functional-ITY” was exploited by attackers. Denial-of-service attacks diminished the “Avalabil-ITY” of services. “Usabil-ITY” became a double-edged sword of friendly use-cases as well as misguided abuse-cases. And “Maintainabil-ITY” was under pressure as more and more services and applications went out of operation in order to recover from successful attacks.
It did not take long for computer engineers to establish a fifth paradigm meant to protect the other from the wrong-doers of the Internet: “Secur-ITY”. But “Secur-ITY” was clumsy and has never been able to fit in with its brothers. When “Functional-ITY” was key, “Secur-ITY” made it complicated. When “Avalabil-ITY” was asked for, “Secur-ITY” shouted “reboot!”. And when “Usabil-ITY “had the priority, “Secur-ITY” put up hurdles and barriers. Only “Maintainabil-ITY” was happy, as it would benefit whenever “Secur-ITY” introduced a break. “Secur-ITY” tried hard to overcome its weaknesses and disadvantages, but to no avail... Instead it was perceived as the one “-ITY” to rule them all… and in the darkness bind them.
“Secur-ITY” became the Black Sheep of the family. Computer engineers despised it and ignored it, as “Secur-ITY” introduced more problems than it did good. It was of no help. Years passed by in darkness with all the paradigms struggling for survival. Today, the question is: can applications and services be sustained without protection and defence? Or will evil prevail in the end and kill the paradigms one after the other? Shouldn’t computer engineers stop and reflect on how “Secur-ITY” can become inherent partner of the other paradigms?
Will there is a happy ending? Will evil will seal the doom of “–ITY”? Will “Secur-ITY” ever be welcomed back into the flock? Will “Functional-ITY”, “Avalabil-ITY”, “Usabil-ITY”, “Maintainabil-ITY” and “Secur-ITY” live happily ever after? It is up to you.
Recall from last year’s articles (“Security” is YOU! and Why “Security” is not ME…), that “Secur-ITY” needs your help. At CERN or at home, “Computer Security” is not complete without YOU!
For further information, questions or help, please check our web site or contact us at Computer.Security@cern.ch.
Access the entire collection of Computer Security articles here.