Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning everybody. How you doing today on this episode of the show, we're gonna talk about perfectionism. Now, despite my best or like strongest urges, I didn't rerecord this 1000 times. Um because perfectionism generally is kind of a bad thing. Um Now, like you've grown used to, we are going to talk about something that seems really, really out there and hopefully fingers crossed that I bring that topic back to something directly related around security and privacy.
Now, the reason why perfectionism was on my mind today was because um we're in the midst of Google next um 2019. Now, this is Google's big cloud event focusing on their Google cloud platform. So all the infrastructure service platform as a service software, as a service offerings. Um and they end up talking a little bit about G suite as well, um which is technically, you know, part of the Google Cloud, but there's a lot of new interesting announcements um and a lot of cool demos and a lot of great technology get excited about.
And one of the things that happened was there was a new announcement called uh Google cloud run and essentially what this does is allows you to take a container that as long as it has a web server responding um in that container, you could drop it into your architecture and basically run it similar to a serverless um function as a service offering.
Now, that's great. It's good. It's a cool solution. There's a lot of great things about it. Um But the way it was positioned, a lot of people started to think, well, wait a minute, this is a replacement for things like Google Cloud functions or uh Aws Lamda or Microsoft Azure functions. Now, if you're not familiar with those, you can look at the serverless video uh from uh earlier this week when we talk about the definition of serverless.
But the argument came up really, really quickly and seemed to be a either or now a few folks um myself, Ben Kiho Kelsey Hightower um were talking about um this within context and sort of our understanding as seasoned technologists and where it would fit and where it wouldn't fit on the realities versus the um you know, the marketing pitch or the spin on the service.
Um always a great productive discussion. I'll link to that uh down below as well. But some of the other sentiments that I saw on Twitter were really around, you know, um in either or one thing has to be better or perfect um for all solutions. And that's very much not, not at all what technology is about um this sort of game that everybody is playing, whether you realize it or not.
And those that realize it are far better at it is that you're trying to find a group of solutions. So a set of tools that can help you solve problems while having that tool set as small as possible. You're never going to find one tool set that does everything. Um On the flip side, there was an example in last night's developer keynote where a customer was on stage talking about how they had enabled developer freedom and that they had developers running anything and everything you could think of under the sun.
Now that's going too far because you've got way too many tools. So you need some narrow definition. So right now I'm recording this on my Canon EOS M 50 great mirrorless camera. I really like it when it was announced, jumped on it, grabbed a whole bunch of lenses for it, made a good investment in the system even though I had a great uh Lummi camera that I was using for recording videos and stuff.
This one gives me that ability with the lenses to do a cool um blurred background natively in the camera. Um And it's a smaller, a little sharper, more up to speed um system great for shooting HD uh stuff. But what it doesn't do is streaming. Um Now, right now I've connected this as a webcam.
I found a way to do it. Um, but I spent a good week and a half over the last two weeks trying to figure out where the better camera would be, what would be the ultimate camera, which is ridiculous. I just invested in this system and it meets 95 to 98% of my needs.
There's just this one little niche if I needed to use as a webcam, that would be really frustrating because it doesn't have clean HDM I out and it didn't have software natively actually connected via USB um to use it as a webcam, but I spent all this time trying to find the perfect camera.
Um when realistically that would have been a foolish decision to drop another, you know, two or $3000 on a camera that just solves that last three or 4% while raising its own other issues where this is a phenomenal camera. I'm really enjoying it. So we get this perspective. So we've talked about people looking at new services and saying, well, it doesn't solve all of my problems or this could solve all of my problems.
My diving into the camera, how does this tie back to security and privacy? Well, it's really simple. Um People look for the perfect security solution. They always look to say, oh, we need to remove all possible risks. That's ridiculous. You cannot remove all possible risks. Um Security is about balance.
It's about finding the appropriate balance for the situation in the context that a business is running. Yet. I see time and time again, especially with, uh, folks who are new into security, um, or who, folks who don't necessarily have a really broad set of security. They're looking to remove any and all lists and I, uh, risk and I talked to security teams who are going crazy because they're like, all the business is ignoring us.
They're not removing this risk, they're not mitigating this. They're not doing that, they're not doing this, they're leaving us exposed and it goes, yeah, you know, that's part of the business's job is to make those tradeoffs because trying to find perfect security means you're not going to do your job, which is finding a balance between security and the risk that the company and the organization is comfortable in taking.
It's about informing people and finding that right balance, making sure that you're taking implicit risks and pushing them into explicit decisions. Um And that can be ok if somebody decides to accept that risk as long as they understand the risk that they're taking. So that was what was bubbling up in my head around perfectionism.
There's no one solution to rule them all when it comes to technology, there is always going to be a mess. The idea is to try to reduce that mess um to the smallest manageable piece of that. Um So you won't have one tool, but you could get two or three as opposed to having 20 or 30.
Um, and the same goes for security, you're never going to hit perfect security. You need to get reasonable security that's identified and has explicit exception of uh acceptance of risks as opposed to um, getting hit from the side, not understanding it. Let me know what you think. Hit me up online at Mark NC A in the comments down below.
And as always by email me at Mark N dot ca, I look forward to talking to you online and I'll see you on the next show.