Speakers
Synopsis
This talk will introduce the concept of opposite thinking, or contrarian thinking, involves challenging conventional wisdom and exploring alternative approaches. When applied to security architecture, it can lead to more robust and innovative security solutions.
I will walk through examples of how opposite thinking can be effectively utilised in designing and implementing security architecture with examples such as:
1. Assume Breach Instead of Defence:
Traditionally, security efforts focus on preventing breaches by fortifying perimeter defences. However, opposite thinking suggests assuming that a breach is inevitable. By designing security architectures with the assumption that intrusions will occur, organisations can minimize damage. This approach emphasizes the importance of strong detection and response mechanisms, network segmentation, and the principle of least privilege, ensuring that even if attackers penetrate the perimeter, their movement within the network is restricted.
2. Emphasize User Experience Over Strict Controls:
Security measures often impose stringent controls that can hinder user experience. Opposite thinking advocates for a balance between security and usability. By designing security measures that are user-friendly, such as seamless multi-factor authentication (MFA), single sign-on (SSO), and adaptive authentication, organisations can enhance security without compromising user satisfaction. This approach ensures that security protocols are adhered to, as they do not disrupt the user’s workflow.
3. Encourage Open Communication:
Conventional security practices tend to keep teams siloed, maintaining strict control over information. Opposite thinking may promote open communication and collaboration across departments. This could also be expanded to include opening up source code to the public and running open-source bug bounties.
4. Simplify Rather Than Complexify:
A common response to security challenges is to add more layers of controls, increasing complexity. Opposite thinking suggests simplifying the security architecture to reduce potential points of failure. By focusing on essential controls that offer the most significant security benefits, organisations can create a more manageable and effective security framework.
