Sometimes behaving in a completely different way changes the rules of the game you’re playing. In the world of home security, it would be so common a behavior no one would think to ask you, “Do you lock your door when you leave your apartment for the day?” Of course you do, because when you return at night, you’d like to find all the stuff you had when you left that morning.
There are three critical factors that go into home security. The first is the vulnerability of your place. Let’s say you lock your door, but leave your window open. Your home is vulnerable via a “back door.” Someone could climb up the fire escape and access your place through the window or balcony. This is a “vulnerability” that needs to be taken care of.
There is an aspect of time and opportunity that is required for compromise. You leave your house unoccupied all day long every week day like clockwork. Everyone knows you won’t return until the evening, and usually with more stuff. This gives an attacker ample time and opportunity to select your most valuable possessions and get away clean.
Finally, there is the issue of leaked keys. How do you store your key? Do you keep it on you? Has anyone ever borrowed a copy? Do you keep a spare under the mat? How often do you change your locks and generate a new set of keys? If you had a bad relationship breakup would you change your locks then? Why not change them every year regardless? Oh, right. It’s a hassle, and nobody does that.
Upending the model of home security
Let’s change one of the fundamental assumptions about home security in the above scenario. Let’s now assume that you never returned to the same place you stayed the night before, and whenever you do leave, the interior gets immediately torn down leaving it cleansed of all personally identifying features. It’s remodeled just-in-time for each next person to move in. Let’s further assume you don’t store any “stuff” in your place. Why would you, since it’ll be destroyed as soon as you walk out the door?
How would that behavioral change fundamentally upset the home security model? In almost every way the security problems inherent in maintaining a long term residence go away. They just aren’t issues anymore. You only have to protect the place while you’re there.
If you destroy your home every time you leave, home security isn’t the problem to be solved for anymore. Now we’re talking about issues of personal safety and convenience while resident.
Since now you’re dealing with personal safety in your residence, you can play a different game. First of all you can downsize. You can’t carry a house full of stuff around with you, so you don’t need a place with a bunch of rooms. The attack surface diminishes dramatically. If you stay in a different place every night, then the next night you can solve for the vulnerabilities in the previous night’s residence by selecting a place with different features.
The time and opportunity for attack while you’re there diminishes almost to zero. Since your place will be cleansed when you leave, there is no time to mount an attack on your home. Since no one knows where you’ll stay next, they don’t have the opportunity to plant a trap for you.
Fixed keys and the need for key rotation aren’t relevant anymore. You are assigned a new key every night. When you leave, the lock it opens is destroyed. You can safely throw it in the recycle bin every day.
What if everyone lived like this?
It would be an interesting world indeed if everyone lived like this. Large legacy homes would be torn down in favor of smaller unit, shared hotel style buildings.
The most cost effective of these multi-tenant providers would get really good at destroying and redeploying a residence optimized for you to occupy only for a limited time. The mortgage industry would collapse as people would change their financial relationship to their residence and rent rather than buy or lease.
Specialized services industries would form providing centralized as-a-service forms of the capabilities of legacy homes. Meals would be produced elsewhere and deliverd. Mail would go to PO boxes. Registries would get created that automatically point to where you’re you’ll be staying so friends can contact you or come over. Storage of stuff (we can’t get rid of everything) becomes an industry unto itself with centralized storage pods. Perhaps some of these pods arrive and depart when you do attaching to the space automatically and providing the things you need while you’re there.
This is the world of Pivotal
Modern applications, 12 Factor applications, and beyond behave using this new model. Software is rebuilt from source every time it is deployed. It can be repaired quickly and often. The development process is designed around incremental changes being made continuously throughout the lifecycle of an application, so patches can be incorporated almost immediately.
The containers and VM’s that host applications are destroyed when not in use. Since by design applications and the infrastructure pavement that support them are redeployed often, this repavement creates clean trusted environments free of malware on which to run code.
Finally, credentials and keys are rotated every time an app instance is redeployed. The secure connections between applications, databases, and infrastructure are generated by machines without human interaction. When long running services do exist, key management software like CredHub exists to enforce key rotation without disruption to running environments.
The issues of legacy infrastructure security do not exist as such in a modern application development world that is fundamentally different in its very nature. This is not to say there aren’t security issues. There are. But the fundamental assumptions and questions are different. Apps are inherently more secure, and the remaining security concerns often can’t be addressed by the legacy tools built for a legacy world.