The Vietnam of Cloud Security
Summary
Modern computing security is constantly fighting an impedance mismatch that is analogous to the Object Relational Impedance Mismatch known colloquially in the Computing and Computer Science communities as “The Vietnam of Computer Science.” I claim that the computing security issues we face regularly in the broader computing community will not abate until we address the fundamental dissonance in the basic models for security we use in the broader distributed post-cloud and post-software defined infrastructure world we now live in. The old models do not reflect enough of the current reality of modern post 2020 computing to handle the current situation much less the future.
Background:
The Vietnam of Computer Science (circa 2006)
From Ted Neward’s article of the same title, the metaphor “The Vietnam of” is used to describe the case an ever more costly effort that yields diminishing returns.
In the case of Vietnam, the United States political and military apparatus was faced with a deadly form of the Law of Diminishing Returns. In the case of automated Object/Relational Mapping, it’s the same concern–that early successes yield a commitment to use O/R-M in places where success becomes more elusive, and over time, isn’t a success at all due to the overhead of time and energy required to support it through all possible use-cases. In essence, the biggest lesson of Vietnam–for any group, political or otherwise–is to know when to “cut bait and run”, as fishermen say. Too often, as was the case in Vietnam, it is easy to justify further investment in a particular course of action by suggestion that abandoning that course somehow invalidates all the work–or, in Vietnam’s case, the lives of American soldiers–that have already been paid. Phrases like “We’ve gone this far, surely we can see this thing through” and “To back out now is to throw away everything we’ve sacrificed up until this point” become commonplace.
This is a dramatic illustration of the sunk cost fallacy using a dramatic analogy of an unpopular, costly, and failed war from US history. The metaphor packs a punch and grabs attention. You can read Ted Neward’s article for details on the Vietnam War and how that related to the O/R-M (or ORM) technology stack that we saw ubiquitously in 2006.
I propose, that similar forces and ideas are fomenting today in the world of Cloud Security. This is not my idea or even my philosophy but rather a consequence of the diminishing returns being seen by organizations working to lay the old models of security on top of the new customer realities of multi-cloud distributed computing.
This is no longer the future. It is the past and it is hurting us today. Changing direction now does not invalidate the past work, not changing direction does.
Getting out of Vietnam in Computer Science
The important thing to realize is that out of this O/R-M conflict there came the NoSQL movement. This did not happen until after Twitter suffered under over adherence to the Model View Controller (MVC) paradigm and the Object Relational Mapping impedance mismatch problems inherent in that way of working.
The initial use of the MVC paradigm at Twitter was undoubtedly caused by quick, easy, early successes of that model that worked well enough to prove the concept of Twitter itself was viable. As the service scaled and the developers understood their real problem domain better, the ORM and MVC itself were seen as technical debt.
Paying off this technical debt was not without significant pain for Twitter and for the larger community of technologies they had become associated with. It was a source of strife and division that continues in some places to this day. And definitely contributed to the landscape of technologies that arose later around NoSQL and even indirectly to ideas like Blockchain and Bitcoin.
Like most things in technology the hype-cycle inflated the use-cases and niches where NoSQL (or for that matter where/when/how Merkelized Data Structures should be used.) They were shiny new toys and we played with them too much. This doesn’t mean the impulse or root causes were wrong.
The Vietnam of Cloud Security
If I named LDAP as the answer to modern cloud security issues, how would you feel about that?
You’d probably think I was crazy. You’d be right. LDAP is the ORM of security. It fit most cases of its time but not these new previously corner cases. The pain between reality, aspiration, and practice came from those corner cases transitioning from unique problems to common everyday problems.
LDAP was an early and successful model. It proliferated and was mapped onto modern use-cases. And, we’re starting to see the basic assumptions in LDAP’s design that can’t handle important corner cases. Most importantly in intersecting and multiple organizational environments as is common in work-from-home networked home offices and in hybrid cloud computing environments.
Just like the Relational Data Base Management System (RDBMS) did not go away after the NoSQL movement, the LDAP model won’t either. But, just like the NoSQL movement was borne from the pain of mismatched assumptions between things like Twitter and ORM there is about to be borne a new suite of security solutions that will drive yet another revolution in the computing industry.
The Answer
There isn’t one yet. It will take years of risky exploration and a movement not unlike the NoSQL movement to find the right fit. That’s because we need to do the fundamental leg-work of finding the correct aspirational model and then finding the path to get there.
It is clear that there needs to be a new model for security. My early favorite to embrace a new model that properly matches the new security reality that cloud computing customers face today is SPIFFE. I’m biased in that I work at VMware and so does Joe Beda.
In my own, long, and independent deep search of the field I found that the best fit model for what security today really is about is not modeled in traditional solutions. That’s because merely federating the same models LDAP is built on, or embedding the root of trust in inviolable silicon, or better Shamir Secret Sharing implementations are necessary but not sufficient.
If SPIFFE is not the answer, it’s pretty close to it.
