Never Trust a Computer You Can Throw
IBM z Systems offers unmatched security
5/25/2016 12:30:49 AM |
By Reg Harbeck
If you piled every laptop computer ever made into a giant monolith, it would make an imposing monument, and maybe a nice source of shade to lean against while reading a book on a nice day.
But no matter which way you arranged it—with power, network connectivity, ventilation and structural features that would make a Borg spaceship envious—you still wouldn’t have a mainframe. And you might actually not have that pleasant of a structure to lean against, either, given the vast amounts of heat that would radiate from it. And yet, sometime between when the contraption was entirely booted up and when, shortly thereafter, it disintegrated in an apocalyptic lithium fireball, you might be tempted to trust it.
After all, it would be big, established and made of familiar parts that you’ve already welcomed into your home and given access to much of your most sensitive information.
Let’s “borrow” one of the laptops from the outside wall of this massive structure before they power it up and sneak off with it to a safe distance from the impending meltdown. Don’t worry: it won’t be missed. Now tell it all your secrets. Yes, right here in public. Why the sudden scruples? You do it all the time on the cloud where email and applications reside. Fine: here, have a smartphone. I slipped it out of the next monolith over, because I knew you’d want it. I can go grab a desktop computer from yet another monolithic pile if you’d like.
Now, let’s go get three of the people you’ve come to trust most in your life, and distribute the laptop, smartphone and desktop to them. If each device has a password that gave the person holding it access to all the information stored on it, would you give those passwords to those friends? Now let’s reverse that: what if the computers could learn everything your friends know about you. Would you be willing to let them?
What Does it Mean to Trust
What does it mean for a person or computer to know something confidential about you, and for you to trust them?
When a close friend knows something confidential about you, it’s either because they were there when it happened, or because you confided in them (or occasionally because someone else confided it to them, and they decided how much they could trust that information). The way or amount they “use” that information is a strong manifestation of their relationship with you, and how much you can trust them. If they start abusing that information, once you find out, you would be well-advised to no longer trust them.
And, when you’re in a time of need, a real friend will use what they know about you to help you as they’re aware and able to, not to take unfair advantage of you.
Now, ask yourself, how many such things can you trust your laptop, desktop or smartphone to do or not do with what it knows about you? Or, more to the point, have you ever even stopped to seriously ponder that question before sharing confidential personal information with and/or through these devices, or have you just “clicked through” like you do with most computing software and service agreements that you’re given to assent to?
Of course, this brings us to another important dimension of trust: necessity. If you’re on a desert island and there’s only one other person, and your survival depends on trusting each other, you’ll do it or you’ll die. The fact that there’s no one to break confidence with you about it may or may not occur to you, but once rescued, you may start to feel a certain amount of reticence if they broadcast every confidential thing you did or said.
Why were you on a desert island? Maybe to escape the lithium meltdown? Why were you rescued? Because you had location services enabled on your smartphone? And what are you going to do about your privacy if necessity and survival seem to continually trump common sense?
At this point, you probably have realized that there are much bigger threats to your security, privacy and well-being than the lithium meltdown of some theoretical laptop monolith. And you may have already made the leap to despairing acceptance of the inevitability of this circumstance.
But you don’t have to.
Trust the Mainframe
Most of us have one or a few people in our lives that are so reliable and trustworthy that we take them for granted, and only approach them when we have something very confidential or essential that we need to address. Whether that’s a parent, grandparent, priest, minister or rabbi (or the bartender that the aforementioned trio brings to mind), we know and trust these people and don’t waste our time worrying about them.
In the same way, we have grandfathered entrusting the world economy, along with a great deal of its most confidential data, to the grandparent of all business computing: the IBM z Systems platform.
Ah, the mainframe. Take every mainframe on Earth and put them together into another, substantially smaller, monolith—more recursive than redundant, really—and you’d have something about 10 stories high and about a block wide on all sides. Since that’s too small to safely hide in Manhattan, maybe add another 50 floors for disk, tape and one skilled IBMer per box. But don’t hold your breath waiting for it to implode—or even stop working—any time in the next century.
And yet, far too often, like an adolescent who is more prone to trust his or her peers who have proven themselves untrustworthy than to trust the established life figures, we don’t even think of the security implications of where our most private and critical data reside.
A favorite quotation comes to mind about computing security, perhaps ironically, from the book “Practical UNIX & Internet Security” by Gene Spafford and Simson Garfinkel: “A computer is secure if you can depend on it and its software to behave as you expect.”
When was the last time you sat down and asked yourself what you expect from those you are willing to trust? If you entrust something to a friend, do you expect it back undiminished? Say, a book, money, your car? Where do you draw the line, and why?
Is there anything you entrust—granted, implicitly—to IBM z that you don’t expect to remain secure and available? Think of the contents of any bank or credit accounts you have or the amount of tax you’ve paid or owe. If these changed due to a computer error, would you accept it as “just the way things have to be?”
Now, ask yourself what you put up with from your “defenestrable” computing devices.
Oh, sorry, I kind of borrowed that word from French as the logical adjective to describe something you can defenestrate. But defenestrate is indeed an English word used about objects that are thrown out windows.
So, for any computing device that you might (*ahem*) throw out windows…what do you implicitly trust it for in ways that it has shown itself as trustworthy as a reliable friend?
Because, you know, I have come to see that if anyone in my life was as untrustworthy as my projectile-worthy computing devices are, I would not be prone to trust them as far as I could throw them.
Which is why I am so happy that, unlike some random cumulonimbus that a flying piece of electronics could safely pass through as it surrendered to gravity, the real, reliable cloud is increasingly built around big iron, aka the mainframe.
So, go ahead: socialize with those consumer devices like the casual acquaintances they are. Just think twice before expecting them to bear the load of your trust further than you can throw them.
Reg Harbeck has been working in IT and mainframes for more than 25 years, and is very involved in the mainframe culture and ecosystem, particularly with the SHARE Board and zNextGen and Security projects. He may be reached at Reg@Harbeck.ca.