I was reading Hoff's recent post on virtualization, and I found myself needing to write a bit of a rant. I don't usually have much to say about what Hoff writes about, because virtualization isn't an area that I spend any time on. But in Hoff's critique of Tarry Singh's latest post, there was something that blew my mind.
Tarry asserts in his post that one of the good things about hackers spending time finding vulnerabilities is that (and I quote):
"Security and Compliance will be core focus of all organizations (as regulators will come knocking at your doorsteps)"
Umm... I hate to say it, but that ain't ever gonna happen. No matter how many regulators show up on someone's doorstep, that counts as one of the least well-thought-out predictions I've ever heard.
- McDonald's core focus will always be on making hamburgers.
- Nike's core focus will always be on making shoes/clothing for athletes.
- Ford's core focus will always be on making cars.
If those organizations ever make "Security and Compliance" their core focus, they won't have businesses anymore.
While we may think that security is important, the day that it surpasses the core focus of any business (that isn't in the security and compliance business) is the day that that business has taken their eye off the ball. By definition.