Data security and the sin of hubris
Hayek wrote in his Nobel lecture – “I confess that I prefer true but imperfect knowledge. . . to a pretence of exact knowledge that is likely to be false.” One of the biggest sins of man is hubris. The Obama administration is guilty of hubris. As an American living outside the US in the […]
The role of DLP in IP protection
A common conversation I have with my technology clients touches on patent protection as a security countermeasure against abuse of intellectual property. The short answer is that if you’re not DuPont or Roche, then patent protection is not going to help you very much. If you develop software , you are probably infringing someone’s patents […]
Data loss prevention for SME
Is a SME like the old German expression – Kleine Kinder kleine Sorgen, große Kinder große Sorgen? “Small children, small problems, big children, big problems”? I wanted to call this post “The need to understand operational risk of information security” – but I realised that op risk is a concept used by big banks and […]
Choosing a data loss prevention solution
Data security is not one-size fits all. For example, if the threat scenario is an attack on your customer self-service Web application – obfuscating or encrypting fields in database tables is not an effective security countermeasure; you need a network DLP solution to prevent leaks of clear text data and a software security assessment that […]
Ethics and data loss prevention
Are we loving the attackers and prosecuting the victims? In data security – I don’t subscribe to utilitarian ethics (which attempts to balance the benefit versus the damage of an act) and can lead to the ends justifying the means. For data security and compliance – I personally implement the “Ten commandments” approach – if […]
N Digital TV data breach in Poland
Polish digital TV broadcaster N (owned by ITI Neovision) has disclosed a breach of customer data records – after PII was discovered accidentally on the Net by a subscriber via a search engine. The partner who manages our offices in Warsaw (the team specializes in high end data security consulting and DLP projects in Central […]
Exploiting a wireless mesh network for utilities
I think it’s only a matter of time before someone exploits a wireless mesh network that controls and reads home utility meters to get free water and electricity. Until then, there is a problem of range and coverage. Greentech media reports that Trilliant ( a smart meter neighborhood networking startup) has bought SkyPilot for it’s […]
What is a DLP solution?
These days everyone has a DLP solution – it’s like a Dilbert cartoon. The latest and definitely most effective DLP product is – you guessed it – the venerable Cheyenne Arcserve Backup. I got this in the email today. THIS FEATURED DOWNLOAD SPONSORED BY: CA IT Problem: IT managers are expected to withstand a wide […]
Scientific New York Post
I recently saw a great piece of pseudo-science courtesy of Websense describing the cost of data loss and amazing ROI for the Websense Data Security solution. (a friend who studied physics with me used to call this sort of writing “Scientific New York Post”) See Websense white paper ROI of DLP Bruce Schneier correctly notes […]
The role of user accountability and training in data security
In this article I will show that DLP technology such as Fidelis XPS, Mcafee DLP, Verdasys Digital Guardian, Websense Data Security Suite and Symantec Data Loss Prevention 9 – is a necessary but not sufficient condition for effective data security. I submit that effective data security is a three-legged stool of: Monitoring – using DLP […]
