Security Requires Immutability: Avoid Dynamic Environments with Change Management

When Shelley published his famous poem in 1816, he was telling us that the only constant in life is change. This was not a new concept, even then. Heraclitus proposed the same concept around 500 BCE with ‘Panta rhei’ (Life is Flux or everything changes). Even though we all know and understand this ancient concept, people still have difficulty with change.

When I was in high school, Sheryl Crow even tried to remind us with her hit song, A Change Would Do You Good. And she was right, a change would do some of us good. Mutability is a fact of life that we can’t avoid, and we need to embrace it because that change opens the door for many new possibilities.

The critical importance of immutability in cybersecurity

While this is a great life philosophy, mutability is not one of the major tenets of cybersecurity. In fact, the very opposite is true… we want immutability. A great example of this desire appears in a recent article from my colleague, Craig Young.

In the article, he discusses how important it is to democracy that voters have confidence that the vote they input with electronic voting be the same vote when it is counted. Voters want to know that their votes are immutable, and electronic voting without a human readable element removes that knowledge.

In this case, change is definitely not good.

The desire for immutability in cybersecurity is why IT has, for years, had the concept of a gold image. You create a single environment, ensure everything is properly configured and create a static copy from which you image all future machines. This way, you know that your PC setup is immutable from system installation to system installation.

No matter which technician works on deploying a new (Read more...)