27 February, 2022

On Balance, One of the Stupidest Services Ever: Kolide

I have been hearing ads recently on the "Security Now!" podcast for Kolide.  In one sense, I get it.  You attract more flies with honey than with vinegar.  It's better to make your employees partners in your endeavors than an adversary.  The whole idea behind Kolide is that you make device compliance issues a bunch of warnings rather than enforce them.  "Hey, you don't have a complex enough lock screen unlock code!"  Big deal.  I can ignore that all day long.  Now on the other hand, "you can't use your device unless you enter a complex enough unlock code"... that is nearly infinitely more difficult to ignore.  I wonder how many companies who need strict protections (like the one I work for now, a health insurance provider) trusted Kolide and paid their $6 per month per device and subsequently had a data breach as a result of not having device standards compliance.  The whole idea of using something  like InTune is so you don't have your data disclosed unnecessarily.  Merely suggesting is not nearly good enough.  Data security is too important.

Another aspect which this totally ignores is that the people who tend to something like InTune are supposed to be security professionals.  While many people who carry around these InTune-managed devices may be security-oriented, it's not their job, only an aspect of their job.  Subscribing to Kolide is like assuming the device carrier and the security professional are peers, whereas in many, many cases they are not.  You're in effect giving the end user, who may not be informed or educated enough, the status of someone authorized to make policy.


English is a difficult enough language to interpret correctly when its rules are followed, let alone when the speaker or writer chooses not to follow those rules.

"Jeopardy!" replies and randomcaps really suck!