The Target in 2014!

The recent incident involving Target's point of sale machines has provided an interesting view into the way that many people view this problem. Some of the articles focused on the issue of having secure chips in credit cards and other articles seem to indicate that the problem was that the virus protection software did not identify the malware on the point of sale machines.

In my opinion both of these views miss the real challenge and that is simply that we should know what is on our business systems. Point of sale computers used essentially as cash registers should be provisioned using a known and verifiable baseline. Until hackers start giving us their malware to review in advance, we simply cannot rely upon virus protection software to proactively identify virus and other malware. We should be building code that is signed with cryptographic keys and fully verifiable.

In 2014, I am going to focus many of my articles on explaining exactly how to Architect applications using DevOps best practices that enable you to deterministically build, package and deploy your code - ensuring that the correct code is deployed and to proactively identify if unauthorized changes are made either through human error or malicious intent. It’s time to implement the secure trusted application base.

We need to have our C-level leadership ensure that their IT teams learn these best practices and build systems that are secure and reliable.

What's your view? Drop me a line and give me your opinion!

Bob Aiello, Technical Editor
[email protected]
http://www.linkedin.com/in/BobAiello