Wednesday, June 18, 2008

Jedi of Information Security: The Force

Obviously you can't really have a discussion about the Jedi without talking about the Force. In this post I'd like to talk about the nature of the Force and how that compares with the practice of Information Security.

In the Star Wars Universe, the Force is an energy that creates life and is in turn created by life. It surrounds all living things and binds the whole galaxy together. Individuals that are sensitive to the Force are able to tap into this energy to perform various feats, such as gaining knowledge of the future, moving objects, and healing people's bodies.

The Force was known to have two sides: the light side of the Force (which was typically just called the Force) and the dark side of the Force. The Force was associated with being passive, compassionate, and good while the Dark side was associated with aggression, power, anger, and pain.

Obviously in our world there is no such thing as the Force, although there is at least one church that I've heard of where people worship the Force. When we're talking about Information Security we're also not talking about a galaxy and we don't have an energy field that binds us all together. So what would be the equivalent to the Force when we compare the Jedi to Information Security practitioners?

My answer is that information is the Force in our world. Information is something that we all have. It is the one thing I can think of that binds all of our users and computer systems together. Like the Force, information can be used for both good and evil purposes, and if you gather enough of it you can perform incredible feats, even moving objects with your mind.

Like many religious orders, the Jedi were not all in agreement about the nature of the Force. One thing that the Jedi could not agree on was whether or not the Force was a sentient, thinking being, or just an energy field that was part of nature. Make no mistake, all Jedi respected the Force, but not all of them believed that the Force had a will of its own. For the most part, we can say that this is not true of information. I doubt that there are many of us that believe that the information that we hold has it's own agenda and is capable of its own thought, however it should be noted that there are some that believe that information wants to be free, in other words expressing that information is capable of desire at least in a figurative sense.

Another view of the Force that was not agreed upon was the concepts of light side and dark sides. Some Jedi believed that the Force didn't have good and evil powers, there was only the intentions of the practitioner. In this case I think we can again say that information does not have a light side and a dark side. So if we were Jedi of the Old Republic we would have been tossed out for being heretics!

The biggest parallel I see between information and the Force is that in both our Universe and the Star Wars Universe having strength with the Force places you in a higher social status than beings who are not. A Jedi was not likely to end up being a Nerf herder in the Star Wars Universe. In our world humans and apes have nearly identical DNA, and we are far weaker than apes in most physical characteristics. However, because we are able to collect, interpret, and create information better than apes my wife doesn't have to pick bugs off of my body and eat them. Even among humans, we mostly agree that being smart is preferable to being dumb.

One mistake that is frequently made when a person uses a metaphor to explain something is attempting to stretch the metaphor too far or force concepts to fit within the metaphor. I want to try to avoid this by pointing out places where my Jedi metaphor of information security doesn't fit. In this case, I don't think it quite fits that Jedi use the Force for knowledge and defense to protect people and the Republic. Information security practitioners use information to protect other information. Jedi do not use the Force to protect the Force. I'm only bringing this up to point out that my comparison of information to the Force is not perfect. For now, this is what I'm going to go with unless I think of a more appropriate comparison. Now that you have an understanding of the Force as it pertains to information security, we can start talking about the people that use the Force, and what the Force is used for.

No comments: