- On top of a lack of transparency and accountability, Jurassic Park lacks IT security. Nedry (an anagram of nerdy) is the only one who knows the system password. As we see in the film, the system denies access time and again as Ray Arnold, the site’s chief engineer, tries to access the system. This delays rescue for many hours as the team decides that a system reboot is their only hope.
Single sign-on could have solved this issue, allowing Arnold to use his one set of login credentials to access the system. In addition, proper secret management could have helped address the issue, authenticating users like Arnold, providing them with access to sensitive systems, like the Jurassic Park security system. Imagine what a different outcome the film would have had if Arnold was able to quickly access and restore the security system!
3. Last, but not least, the Jurassic Park system had no preventive controls to protect against a rogue employee scenario. Nedry had complete, unchecked root access that allowed him to turn off all security systems across the Park — all without any alerts or notifications to other staff.
Applying DevOps security best practices could have prevented this. Role-based access controls and the principle of least privilege would have assigned Nedry access to resources based on his role within the organization, giving him access to only those resources necessary to conduct his job. Moreover, a robust rules engine would have provided centralized visibility and control, giving management the ability to actively monitor the system. Security rules could have alerted management to changes Nedry made to the core system that were not in-line with organizational policy, allowing them to investigate Nedry’s changes well before an incident occurred.
I found it quite amusing that 25 years later, while a lot more is understood, there is still a lot that IT can learn from the mistakes of In-Gen, the start-up at the heart of the film. While Jurassic Park makes many points about what a bad idea it is to reintroduce dinosaurs in the common age, no one conducted a root cause analysis. While it was poor management of IT that caused the project to fail miserably, DevSecOps best practices could have saved the project.
Do you agree? What ways do you think Jurassic Park could have benefited from DevOps best practices? I look forward to your feedback below.
from Flux7 DevOps Blog