I’ve been reading lots about Clojure and have become a big fan of functional languages in general. There are two things lately that I’ve gleaned from reading about the emerging Clojure language: Data is where it’s at and we need to have a point of view.
Data is Where it’s At
Its ironic that Clojure, yet another form of LISP and a language where functions are front and center, has such a strong focus on data. But its true.
Clojure is really all about data. Defining data shapes, working on the functions that work with the data, focusing on the life-cycle of data in the small e.g. slight changes and in the large .e.g over long periods of time, remembering data over time, moving data from here to there, declaring that something exists… They are central to Clojure.
I think that is true about security… It’s all about the data. Its about tracking changes in your system, being aware of badness and goodness, pinning important files on your systems, effectively making them immutable so that you can depend on them being stable, accurate and truthful.
Have a Point of View
Rich Hickey, the creator of Clojure, made it clear that he had a point of view when creating the language e.g. “Clojure is an opinionated language“. He did some heavy thinking, added a novel idea or two and then made a choice and stuck to it.
“I think programmers have become inured to incidental complexity… when they encounter complexity, they consider it a challenge to overcome, rather than an obstacle to remove. Overcoming complexity isn’t work, it’s waste,” said Hickey.
This is valuable advice for those folks securing their enterprise. There is no perfect answer to how you secure your systems. Take the time to consider your options, do a little research and choose.
Have a point of view and then follow through on it. This allows you to focus your efforts, whether its gathering your log messages in one place to detect intruders, scanning your infrastructure for vulnerabilities or monitoring systems for change, having a framework to know which systems you want to monitor and how deeply on each will allow you to make value decisions on your security investments.