Your security strategy needs to be NIMBLE, ELASTIC and FLEXIBLE or you will not be able to deal with the inevitable security incidents that will arise despite your best laid plans and designs. No environment stays static over time – and therefore no threat model is a constant model.
Blind trust in identity is no longer a viable option for today’s world – but that doesn’t mean we can just jettison identity as a core asset – we just need to apply the “appropriate level of trust” to identity, and then apply that level of trust to how we access digital assets.
Any given security mitigation can, and will, eventually go obsolete based on changes in the environment. The question becomes: how can we tell when a mitigation is losing its effectiveness? When is it time to double-down on what’s working or divest of what we no longer need to maintain a secure environment?
What is Imminent Obsolescence? If you are running a business in today’s world of almost constant technology change – your security mitigations will eventually become more ineffectual for you over time unless you are watching for Imminent Obsolescence.