Amazon, Google, the Platform and Security
An Ex-Amazonian Googler's justifiable hostility towards Security
Published 08:36, 17 October 11
You can read the rant - now replicated all over the net, for instance YCombinator or mirrored back at Google - with Steve's belated blessing. It's a good rant and my enterprise experience largely leads me to agree with his perspective. The press has primarily covered it for its criticism of Google+.
But in the midst of it one will find this piece; forgive me if I quote it at length because (importantly) he's using the word Accessibility in a non-standard but valuable context.
I'm not really sure how Bezos came to this realization -- the insight that he can't build one product and have it be right for everyone. But it doesn't matter, because he gets it. There's actually a formal name for this phenomenon. It's called Accessibility, and it's the most important thing in the computing world.
The. Most. Important. Thing.
If you're sorta thinking, "huh? You mean like, blind and deaf people Accessibility?" then you're not alone, because I've come to understand that there are lots and LOTS of people just like you: people for whom this idea does not have the right Accessibility, so it hasn't been able to get through to you yet. It's not your fault for not understanding, any more than it would be your fault for being blind or deaf or motion-restricted or living with any other disability. When software -- or idea-ware for that matter -- fails to be accessible to anyone for any reason, it is the fault of the software or of the messaging of the idea. It is an Accessibility failure.
Like anything else big and important in life, Accessibility has an evil twin who, jilted by the unbalanced affection displayed by their parents in their youth, has grown into an equally powerful Arch-Nemesis (yes, there's more than one nemesis to accessibility) named Security. And boy howdy are the two ever at odds.
But I'll argue that Accessibility is actually more important than Security because dialing Accessibility to zero means you have no product at all, whereas dialing Security to zero can still get you a reasonably successful product such as the Playstation Network.
End quote. You gotta love the Sony jibe.
I initially tweeted my accord with this - and in a sense I still agree; for years I've been trying to tell folk that there's no point in an organisation being secure (whatever that means) if it cannot also be adequately effective.
But I realise that I'm coming at it from a viewpoint that not everyone may share, and what also concerns me is the sense that Yegge / his readers may see the two qualities of Accessibility and Security as being polar opposites - mutually exclusive, zero sum, where one must rise another must fall.
I know exactly how someone might come to those conclusions; a partial taxonomy of the ways that amateurs or over-zealous system architects can screw-up security, includes the following:
Cargo Cultism: doing stuff because it worked for the mainframe.
Security Theatre: doing stuff so that someone else sees you doing it.
Monomania: one layer of firewalls is good security; 20 layers of firewalls is 20x better.
Monoculture: one standard platform is good; unflinchingly standardising on it for an entire decade is better.
Suffocation: internal communication is our company's lifeblood; thus it clearly requires mediated control.
Indecision: never making the call about whether it is more important to "be secure" or "be available".
Loss of Perspective: redundant power and high-availability for the badminton club rota wiki, "because it's a server".
None of these preclude doing stuff that enhances security without diminishing:
performance (which is a form of availability), and...
functionality (which is also a form of availability)
...but equally, none of them guarantee it. If Yegge wants to add accessibility - apparently the ability to get things done and thus yet another form of availability - to the list, I'm all for it.
But don't throw security out with this bathwater- it's entirely possible to build a solution around the thesis that your solution should be "secure" (whatever that means to you) without compromising accessibility, availability or whatever.
There was a time that Volvo dominated the mindshare for "safe" driving - which was the aspect of security they most chose to push; their cars were boxy, but good, and in no way were they less accessible than any other estate or station-wagon. How did they get there? Design. Consideration of components. Quality assurance. Taking the goal of protecting the passengers as seriously as any other consideration.
Nowadays everybody is doing it.
Likewise, we actually do know how to build secure systems - and they are performant. I just rather wish people didn't see the securification process as either an afterthought or a burden that inhibits accessibility.