Data security - is psychology more important than technology? - flaskdata

Data security – is psychology more important than technology?

admin

June 17, 2009

We had a discussion with a prospect for a DLP (data loss prevention) system) that started with discussing the pros and cons of various DLP solutions (Verdasys, Mcafee DLP, Websense, Fidelis Security) and finished with a drill-down into how they can build a business case to acquire and implement data security technology. After a very interesting session – the CIO asked me – “So why did you start with technology? we should have started with the business case?” I replied – “Got your attention, didn’t I!”
Talking with clients we stress threat modeling and analysis and doing quantitative risk analysis but I believe that psychology may be more important than the technology. This is for several reasons:

Preventing data breach events is an admission of weakness. Data loss is caused by an attack launched from inside the company (whether by a trusted insider, business partner or malicious hacker). attacks that exploit internal vulnerabilities like the new Sharepoint server that the marketing team installed last week without consulting with the IT security team. Who wants to spend money on something when the first step is admitting that you’re vulnerable and that your existing security systems, policies and procedures do not meet business requirements?
The need for instant gratification. Need to keep food fresh? – buy a fridge, Want music, voice, SMS, Web and mail? – buy an iPhone, Want IT security – buy a UTM appliance from Checkpoint or Cisco, want a CRM system – get salesforce.com, need a new enterprise software system – outsource to India. This is related to two other needs I think:
The need to keep things simple and
The need to walk on the safe side, not on the wild side. Who wants to spend 6 figures on a DLP solution that requires a risk assessment from someone who isn’t your accountant, a complex policy implementation by people who need to learn your business, integration with internal procedures and processes with employees who could care less, and buyin from a CEO who is scrappling for survival with the board during the biggest financial crisis in 80 years?

I will talk about how to sell DLP through the psychology and not the technology in an upcoming post. Stay tuned.

More Articles

Risk assessment

CLINICAL TRIAL READINESS ASSESSMENT

December 2, 2022 No Comments

Are you really ready to run a clinical trial? How can you best assess your clinical trial readiness? We work with C-level executives and management

clinical data from patients

Assuring protocol compliance without checklists

November 29, 2022 No Comments

At a site monitoring visit, the CRA works on assuring protocol compliance. Assuring protocol compliance is one of the 3 pillars of GCP: The 3

Decentralized clinical trials

Home alone and in a clinical trial

November 27, 2022 No Comments

1 in 7 American adults live alone COVID and social isolation is part of our lives. During COVID, it became easier to recruit patients for

drug counterfeiting

Preventing drug counterfeiting

October 24, 2022 No Comments

Counterfeiting is old as money itself. Drug counterfeiting is no exception. In this post, we’ll share an analytical approach that you can use to estimate

clinical trial risks

What risks really count for your clinical trials?

October 23, 2022 No Comments

Is there a “black-box” risk management solution for your clinical trial? What clinical trial risks are the most important for you and your company? Risk

growth stage

Dealing with information junkies in decentralized clinical trials

October 18, 2022 No Comments

DecentraIized clinical trials software vendor Medable is doing an outstanding job in understanding and executing an online work-flow between sites and patients at home.. This understanding and

Clinical data made radically simple and affordable.

Contact

Resources

Flask Open API for clinical data

Copyright © 2022 Flask Data Ltd. All Rights Reserved.

Privacy Policy | Terms of Use