HP Security Believes Stability is Overrated

September 13, 2012

The likely assumption for those working in information technology systems is that stability is an ultimate goal. However, according to HP Software Security Evangelist Rafal Los in the article “Three Steps for Introducing More Chaos Into Systems (Yes, That’s a Good Thing),” on ZDNet, too much stability is a bad thing. Los warns that too much stability would cause IT departments to lose their edge by encouraging complacency and resistance to change. Los argues that in smoothly running departments, if something goes wrong, it will be more difficult to recover.

The article reads:

“‘Every organization I’ve ever been a part of has spent countless dollars and immeasurable energy striving for stability in which everything is predictable,’ [Los] says. ‘Unfortunately, these are the organizations that recover slowest when the inevitable, unpredictable catastrophe hits.’ An apt comparison may be ‘a search-and-rescue team that sits idle for too long can become rusty under pressure without constant drilling and practice.’
Instead of striving for stability, IT executives should strive for more resiliency, Los says. In essence, be a little more of a ‘chaotic’ enterprise.”

His suggestions for “chaos?” Allowing some components to fail on purpose and not building completely unbreakable systems. We disagree with his thinking that chaos should be a goal. A strong and steady flow in an organization is something we think should be strived for as opposed to a chaotic environment.

Andrea Hayden, September 13, 2012

Sponsored by ArnoldIT.com, developer of Augmentext

Comments

One Response to “HP Security Believes Stability is Overrated”

  1. DonW1234 on September 15th, 2012 12:16 am

    Stability is probably a negative attribute when trying to maintain a secure system.

    If a system is very stable intruders can rely on that stability to help them find and refine exploits once a hole has been found.