DRM versus DLP
A common question for a large company that needs to protect intellectual property from theft and abuse is choosing the right balance of technology, process and procedure. It has been said that the Americans are very rules-based in their approach to security and compliance where the the Europeans are more principles-based. This article presents a […]
Secure collaboration, agile collaboration
One of the biggest challenges in global multi-center clinical trials (after enrollment of patients) is collaboration between multi-center clinical trial teams: CRAs, investigators, regulatory, marketing, manufacturing, market research, data managers, statisticians and site administrators. In a complex global environment, pharma do not have control of computer platforms that local sites use – yet there is […]
Business unit strategy for data security
At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value. Hmm. This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to […]
Information security: Is psychology more important than technology?
I believe that 3 psychological reasons are the root cause of why many organizations worldwide do not take a leadership position in enterprise information protection. Preventing information security events is an admission of weakness. Why spend money on technology when the first step is admitting that you’re vulnerable? We live in an age of instant […]
The role of DLP in IP protection
A common conversation I have with my technology clients touches on patent protection as a security countermeasure against abuse of intellectual property. The short answer is that if you’re not DuPont or Roche, then patent protection is not going to help you very much. If you develop software , you are probably infringing someone’s patents […]
Choosing a data loss prevention solution
Data security is not one-size fits all. For example, if the threat scenario is an attack on your customer self-service Web application – obfuscating or encrypting fields in database tables is not an effective security countermeasure; you need a network DLP solution to prevent leaks of clear text data and a software security assessment that […]
Preventing intellectual property abuse
One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash […]
