Stop Looking for New Ways to Patch the Bucket

Our thought processes can greatly affect our ability to solve problems. The way we approach a problem can either lead us to the solution or hinder us from finding it. Sometimes, our preconceived notions and reliance on legacy systems can prevent us from seeing the bigger picture and identifying the root cause of the issue.

In order to effectively solve the really big problems, we need to be open to new ideas and perspectives, and be willing to challenge the status quo. Only then can we truly innovate and find lasting solutions

Imagine there is a metal bucket in your living room, collecting water dripping from the ceiling. This problem occurs every summer about the same time. It's an old bucket -- you've used it for many years to catch the leaking water. Today, you notice that the old bucket has sprung a leak and you're considering your next move. Should you replace it with a plastic bucket that won’t corrode? Maybe invest in a galvanized metal bucket? You could patch up the existing bucket, or perhaps buy a bigger bucket and put the old one inside of it. Maybe you could run a hose from the bucket out the door, so you won’t have to keep emptying the bucket. You recall that your parents had used a wooden bucket and wonder if it doesn't make sense to revisit the original solution.

The kid next door stops by, looks at the situation and asks – “Why don’t you just fix the roof?"

This is how real change is made. At QWERX, our team of technologists objectively assessed a major problem in enterprise security (a relentless stream of devastating data breaches) and pinpointed the root cause: vulnerable static credentials used for device authentication. These certificates are impossible to secure, so they are easily stolen and used to gain unauthorized access to a network. In the analogy above, the data breaches are the problem: the water leaking through your roof. The root cause of the problem isn't the rain -- you wouldn't try and solve this problem by attempting to prevent rain -- it's the hole in your roof that is allowing water into your home.

The bucket represents the legacy systems that have been put in place to "manage" the leak. Everything that an enterprise is doing to mitigate their risk of data breach, from implementing traditional PKI architecture, to mandating cybersecurity trainings, to layering numerous detection/containment/response solutions into their infrastructure, is in response to the inevitability of a breach. This approach asks: how should we best handle the water once it comes inside the house? 

We reframed the problem of data breaches that originate from a stolen static credential by refusing to accept that static credentials are the only approach to secure device authentication. We don't believe that you should just learn to live with a leaky roof. QWERX has designed a solution for secure device authentication that completely eliminates the use of static certificates. There are no credentials to steal, which means that a significant percentage of data breaches are prevented entirely. Learn more about how we can fix your roof

Leave a Comment