Saucy Memes and Security in a Digital World

It's not enough anymore to slap a service in front of a digital asset to protect it. You have to get inside the process, into the system itself.

Lori MacVittie

October 24, 2022

3 Min Read
Saucy Memes and Security in a Digital World
(Source: Pixabay)

Scene: in the car with my teenage son on the way to the bus stop.

Me: “Son, why is your iPhone named ‘Doktor, turn off my AirDrop inhibitors’?”

Son: "It's a spoof on a line from a video game; it means anyone can AirDrop me content."

Mind you, this is a child who won’t use public WiFi because it isn’t secure. But AirDrop? Apparently, that somehow passed the digital native sniff test.

Two days later…

Son: “I’m turning the security on my AirDrop back on! Someone AirDropped me a saucy meme that was nearly porn!”

Lesson learned, luckily without significant consequences. This little family interaction is brought to you by technology and the reality that no matter how well-prepared we think we are, something new will come along that forces us to re-evaluate and re-examine security.

Yes, we had "the talk" about public WiFi years ago. But that was before AirDrop entered the room, and we neglected to have "the talk" again. And I'm sure in two to three years, we'll need to have "the talk" again when The Next Great Tech™ is introduced.

Because you can't assume that new technology or new ways of using old technology aren't going to introduce new attack entry points. They always do. It's true for consumer technology and even more true for enterprise technology.

Now, the good news (for me) is that the security mechanisms for AirDrop are built right into IOS. It’s literally embedded in the system. Unfortunately, that’s not true for most of the technology coming at you as a result of digital transformation. So, it’s for us to have “the talk.”

Let’s start with one of the hottest buzzwords out there today, AI. What most people really mean when they use that term is machine learning (ML), but that's a topic for another day. In any case, solutions built on a foundation of AI rely on models. Models are essentially code and some data. They have to run in production, so they’re just like specialized app components. Consider that AIOps is based on the premise that decisions will be made based on the insights generated by those models and, in many cases, will trigger automated action that changes systems, networking, applications, app delivery, and even business flows.

You can see where I’m going, no doubt. Ever heard of security practitioners pontificating about how to secure models against tampering? How to protect the data against poisoning? Me either. But they are very real threats because the consequences of compromise go far beyond data exfiltration or running up your cloud bill by hijacking resources.

Digital transformation should be a forcing function for bringing security to the fore, not just as a way to protect stuff after it’s deployed, but as a way to consider how to protect digital assets from day zero. That’s during design, through development, across deployments, and for the life of that asset.

It's not enough anymore to slap a service in front of a digital asset to protect it. You have to get inside the process, into the system itself. It's not so much that we need to shift security left. That's about getting security into development. We need to envelop the enterprise architecture in a security blanket that is always vigilant and always looks for ways to protect data, processes, and code no matter what new technology is introduced. This isn't about tools and technologies, and it's about a mindset that approaches security as a good thing and includes it as a critical component.

Security in a digital world is about embedding security in your culture so that you’re always evaluating and embedding secure practices and policies from the first time a new technology is introduced.

Otherwise, you’ll be lucky to just end up with some saucy memes on one of your operational dashboards.

Related articles:

About the Author(s)

Lori MacVittie

Principal Technical Evangelist, Office of the CTO at F5 Networks

Lori MacVittie is the principal technical evangelist for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she authored articles on a variety of topics aimed at IT professionals. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights