Comments
litl_phil wrote: While it's nice that Google and Acer share the vision of cloud-based computing, it's also worth noting that we at litl already have a webbook on the market (available at litl.com) that runs our own cloud-based OS. Unlike Chrome, litlOS is focused on creating a new and better web experience for the home, so we don't have the usual browser interface, we have our own innovative UI. In conjunction with easel mode (litl's inverted-V position) and our growing cohort of litl channels (special apps t...
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..


2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
Everyone wants to lower their capital expenditures and increase operational efficiency - it's a sign of the times. The economy of the past 12 - 18 months has forced all organizations to do more with less and become more efficient. While everyone can identify with the request to do more with less, th...
SYS-CON.TV
Four Reasons Why Data Security Strategies Fail
It's important to maintain a high-level view

There are many reasons why a data security strategy could self-destruct, not the least of which is a new breed of highly motivated data thieves who stand to make a considerable profit on customer and other sensitive information in data centers. We're often so mired with putting out data security and compliance fires that we don't have time to step back and look at the high-level issues that could have prevented many of those fires from igniting in the first place. Let's review four of the critical reasons why the security strategies of many companies are unintentionally opening them up to increased risk.

  1. The Déjà vu Strategy: Doing more of what they have already done. I see this all the time. Companies beef up existing security hoping that it will address new security threats. I call it "outside-in versus inside-out security" because often the company will add more perimeter security rather than covering additional critical bases like core databases and edge data leaks.
  2. The Rules Are the Rules Strategy: Relying on policies, like access control, without properly monitoring what is actually happening in the environment. This is especially ineffective against the insider threat. Improved password management, authentication, and better access termination policies are all noble causes, but until a company can actually see what is going on with data, who is really accessing it, and what they are doing with it, they will leave data open to risk.
  3. The One Bite at a Time Strategy: Thinking about security in pieces rather than viewing it as a whole. For example, I have a laptop problem, an email problem or a database problem rather than a data security problem. One prime example is adding edge security like DLP (data loss prevention) and ignoring core security like DAM (database activity monitoring).
  4. The What's Hot Security Strategy: Approaching security from a perceived-value perspective, based on what seems to be the must-have technology at the moment, rather than a risk-management model. Many companies do not evaluate technologies by the risk they mitigate versus the cost to do so. Encryption is a good example. Some kinds of encryption can cost a great deal yet eliminate only a small amount of risk. There are other technologies that eliminate a great amount of data risk with a relatively small investment.

Data security is a complicated problem, but security strategies often fail for simple reasons. Stepping back and seeing the problem as a whole is difficult for administrators and managers on the front lines because their jobs require them to be in a reactive mode much of the time. It's up to the people who chart strategic direction to maintain a high-level view and avoid shortsightedness when creating security strategies. Losing perspective based on maintaining an outdated direction, lacking an ongoing security program assessment, ignoring the big picture when it comes to data risk, or leaning toward solutions with the most marketing dollars could mean that when it comes to increased data risk for your company, it will be déjà vu all over again.

About Prat Moghe
Prat Moghe is founder and CTO of Maynard, MA-based Tizor Systems where he drives market strategy, product vision, and technology thought leadership. An expert in compliance, security, networking and systems management, he is vice-chair of the PCI Security Vendor Alliance and authors the first data auditing blog at http://blog.tizor.com.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
This coming Tuesday, December 8, at 2:00PM EST, SYS-CON.TV will be broadcasting live from its 4th-floor studio overlooking Times Square in New York City a very special "Power Panel" in which Cloud Computing Expo Conference Chair Jeremy Geelan and three top industry guests will be looki...
If you are like me, you are regularly receiving unsolicited email from various quarters, telling you about the latest and greatest SEO solutions on the planet. Just buy the book, or guide, or download the promotional whitepaper and this expert will offer you the latest "Secrets" to sea...
There's a lot of talk about how we need to focus on our buyers' issues and provide them educational insights to help them learn what they need to know to make buying decisions. Heck, I say it in my book...in several places, I think. I've said it on this blog, and I'll continue to say i...
This past weekend I set out explore some of the extension capabilities of Google Wave. One of the weaknesses that have been identified by many is the lack of integration with email. For me, in particular, because Wave is new, many Waves are being orphaned as those playing and testing o...
More good news for cloud computing! Google last week released its once mysterious Chrome Operating System to open source. Chrome OS, available in 2010 – is a web-based operating system that promises to boot up super-fast on a netbook – way faster than the time it takes to start your ba...
In CloudBerry Lab we are striving to make our customer service better. In this competitive market with the abundance of free offerings this is the only way to stay afloat. One of the ways to keep customers happy is to be very responsive when it comes to support request resolution. Shou...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE