Convenient Security
I was delayed last night at Chicago O'Hare. No surprise there, it happens often and for various reasons. This time it appears it was due to typical midwest spring weather and the lack of visibility in Chicago. I wasn't the only one delayed, of course. Many people were stranded for 8, 9, and 10 hours. Much longer than the 5 hours I had to sit while waiting for a tiny jet to take me home to my stock of Mountain Dew.
As I sat listening to the griping, the complaining, and the whining it occured to me that we have a very low tolerance for the imposition on our time and the inconvenience of security even when it's for our own safety. We're all for implementing security measures - until they interfere with our ability to get things done or get where we're going.
This isn't just a social thing, it's a technological thing. Anti-virus scanners slow me down because they take up cycles on my laptop that introduce delay. It slows down the delivery of mail, and my downloads, and when it starts up its weekly "scanning" cycle I have to leave the room so I don't cancel it as is my wont. Needless to say my personal laptop no longer runs A/V or Windows Firewall because it slows me down and anything that slows me down irritates me, just like delayed and cancelled flights at O'Hare.
Despite the fact that the end result of sending fifty people up in an airplane into low-visibiity, storm filled skies could lead to death, we were still annoyed by the inconvience of being delayed. So it's no surprise that as consumers of technology we're easily frustrated by security techniques that delay our desired sub-second response time for all things electronic. In fact our tolerance for security imposed delays is worse with technology, because no one's going to die if I turn off my A/V scanner, right?
But if it's our credit card number or our Social Security number or our personal, private data that gets leaked or stolen or accidently posted on a blog, then we're angry. We demand to know why the company involved didn't have better security measures, why they didn't put into place some kind of system to prevent the leak/theft, and what are they going to do in the future to secure our data?
There is no such thing as "convenient" security in terms of latency. It's always inconvenient in some way to some one or some system. Whether it's a five hour delay at the airport or a few microseconds added to a transaction on the web, delay is a necessary component to providing security for us, for our data, and for our organizations.
In fact, security that doesn't introduce some kind of a delay is probably not securing anything at all.
Lucky for us that in the world of technology we can affect the amount of delay introduced and in many cases reduce it to the point that's it's unnoticeable. We can optimize protocols and accelerate content to counter the necessary delay introduced by security and in many cases actually improve the end-to-end response time. That's one of the value propositions of a full application delivery network; with a holistic approach to delivering applications not only securely, but in the most efficient way possible.
That's good news for all those travelers browsing the web or working while stranded at O'Hare for hours. We're not likely to ever have control over the weather in Chicago, but at least our applications can be secure and fast so we don't spend our time singing "Rain rain, go away" with a bored four-year old. That doesn't actually work, by the way, although it can be entertaining. No, I don't recommend starting up a rousing round of "latency, latency go away" in the data center, not unless you need that forced sabbatical.
Imbibing: Mountain Dew