Back in the 90's, everyone wanted a paperless office. It sounded neat and with the future coming, who would need paper with all the flying cars and hoverboards! It turns out paper didn't go away. Everyone keeps talking about how security is the most important thing ever, investing in the paperless office was once the most important thing ever.
Stage 1: Magic!
This is where security is today. Everyone knows it's neat, but nobody knows what to really do. Well some people know, but nobody listens to them. Instead we want a magic solution that will fix everything. Most of it doesn't work but who cares, it's magic, shut up and take my money!
The paperless office had tons of bizarre things from magic scanners to document systems to things that almost looked like a tablet to store all your paper. None of those things really worked well, they were't purchased by a lot of people. Anyone who owned an early Palm Pilot probably remembers how just keeping the thing working took at least double the time a paper book consumed. That doesn't even count the odd writing style you had to use, I'm having flashbacks just thinking about it.
Back in those days most companies had rooms to store the documents. It generally had a lock on it that was never locked, and most of the documents got filed away and were never ever looked at again. The amount of wasted paper and floor space was crazy. If there was a fire, everything got lost. The reasons to get your data out of those rooms was pretty obvious. Just like the reasons to now protect that data is obvious, but how to actually do these things is not.
Stage 2: There is no stage 2
The thing is, there wasn't ever some mega event that ushered in the paperless office, there will probably never be a paperless office. What actually happened, and is still happening, is we saw a lot of incremental change over the course of decades to bring us to where we are today. I wouldn't say we're anywhere near paperless, but we will continue to approach zero. There are some things that make life a lot nicer and things seem to keep getting better.
Most companies don't have massive document rooms anymore, they store much of that paperwork on a server somewhere. A decent system can tell you exactly who viewed what, when, and why. We do this because it's better in almost every way, but it took a long time to work out how everything fits together. I never print out maps or travel information anymore, it's all on my phone. I don't keep receipts, I just scan them. A lot of HR documents are filled out through a web browser. I pay many bills through a web browser.
There are still people who claim paper is better with a nostalgic glee. There are plenty of crazy arguments about why paper is better, these people aren't worried about utility though, they have a view of reality that isn't based on the utility of something, they like things they way they are. More on this person later though, we all know one, keep them in mind.
None of these paperless changes happened quickly or with much fanfare. It was just the slow march of progress. Security is happening the same way. There isn't going to be a singular giant event that changes everything, there will be lots of little ones. Over the course of the next decade some people will continue to make incremental improvements. Things will get better one step at a time. Security today is better than it was ten years ago, it's still bad, but it is better.
Here's the catch though. a lot of security people today are actually fighting change. It's not the way they would have done it, and instead of helping they like to complain about how nothing will work. They are going to be the people in ten years talking about how much better life was when everything was on paper in a giant warehouse. Those trees had it coming!
The world is going to deal with these problems, if the experts help it will go a lot smoother, if they don't we'll still get there, it just takes longer. Don't be the guy who wishes for the good old days. Figure out how to help.
Join the conversation, hit me up on twitter, I'm @joshbressers
Stage 3: Wait, but there was no stage 2 ...
So the question now is what can we do? The question of how do we fix all this mess keeps coming up over and over again. Nobody can answer it, some people don't even understand the question. If you consider yourself a security person, just start helping. Be patient, answer questions, give good advice. As everyone learns new lessons things will improve. There isn't one fix. Regulation won't fix anything, huge corporations won't fix anything, insurance won't fix anything. Everything will slowly fix itself. The best we can do is try to go from slowest to slower.
There is a bigger issue of are the bad guys moving faster than us? I think today they are, if that will ever change is a debate for a different day.
The world is going to deal with these problems, if the experts help it will go a lot smoother, if they don't we'll still get there, it just takes longer. Don't be the guy who wishes for the good old days. Figure out how to help.
Join the conversation, hit me up on twitter, I'm @joshbressers