O'reilly Security Podcast - O'reilly Media Podcast

The O’Reilly Security Podcast: Modern server hardening, institutional inertia, and new approaches to desktop security.In this episode, I talk with Kyle Rankin, vice president of engineering operations at Final, a credit card startup. We discuss old versus new approaches to server hardening in light of the cloud, how institutional inertia thwarts change, and the new security-minded desktop OS Qubes.Here are some highlights: Organizational inertia and security To me, a pretty big problem is that there are a lot of outdated approaches that just haven't been brought up to date. I think the biggest barrier to change is inertia. If you go to a lot of orgs that have had systems around for a while, getting everyone to generate an SSH key and use it is one big thing. Another thing is, a lot of orgs have all these other security practices, like sharing group accounts, for instance; all of the developers may have one role account called ‘developer’ on all machines, and they just share the pas