Data loss trends
There is a slight uptick in demand for our services, which I’ve put down to more aggressive marketing on our part. However – industry analysts have some interesting takes on which companies invest in data loss prevention. Not surprisingly – regulated industries (telecom, finance) buy DLP, unregulated (retail/manufacturing) and small-medium sized business don’t buy DLP. […]
The Fallacies in Obama public policy
Look at this graph From the graph, we see that the GDP dropped dramatically from 1929 to 1932 despite fairly constant government spending on stimulus programs (although the graph does not tell the story of the jinking and shifting in the Roosevelt stimulus packages). The big uptick in GDP happened from 1935-1938 with no visible […]
Getting managers out of denial
Maybe you have a manager in denial? I know the feeling -the absence of effective risk controls for data security often start with denial of vulnerabilities. Here is a true story: …I’m not concerned about data theft. We’ve outsourced our entire IT operation to a big bank’s data center and they’re up to speed on […]
The death of regulation
I recently ran into a 2 year old post that decried the use of the term extrusion prevention calling it the “worst tech term of the year” I will cut the author of the article some slack as it was back in 2007 and a lot of folks were just coming to grips with the […]
Security metrics anti-design patterns
I’ve been thinking recently about how most of our clients don’t collect security metrics. Then I got thinking about how there are anti-design patterns that typify firms with a higher level of vulnerability to a major data loss event. Running security is not different from running a business – you have assets and threats, vulnerabilities […]
People should be very frightened of the FSA
Fear is a good deterrent for individuals – but, will it work for large corporations? I don’t know, but for sure the UK FSA believes in fear. Financial Services Authority (FSA) chief executive Hector Sants pledged in a confrontational speech last week that the UK regulator would be far more “intrusive and direct” in its […]
Preventing intellectual property abuse
One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash […]
Why do people commit crimes?
The president of a prospect was recently discussing with us whether Oracle IRM (information rights management) was a good way of preventing data loss, and a viable alternative to a DLP (data loss prevention) system. Rights management would appear at first blush to be orthogonal to data loss prevention but it’s an interesting question that […]
A jazz trumpeter in a classical orchestra
Kenny Wheeler’s music for small and large ensembles is one of my favorites. A conductor is getting an orchestra together for a performance but is having trouble getting a trumpet player. Finally, he calls a contractor, who tells him, “Well, the only guy I’ve got available at the moment is this jazz trumpeter.”
A strategic inflection point in the security industry
Compliance is like being at all the rehearsals with a sharp pencil and playing your part perfectly – but not showing up to the gig. Being inside a strategic inflection point of change is like waking up during your own murder. Inside a strategic inflection point of change, the people inside the system are not […]
