Infosecurity 2010 Reflections

Job for Life?

IT Security attracted good attendance at Infosecurity in London this week. The different states of data being at rest, in motion, at-rest-yet-mobile etc. was discussed at length by the many suppliers and the IT professionals there.

Human criminal ingenuity will no doubt continue to amaze and frustrate the world of IT by successfully gaining access to data supposed to be safe. In this game of cat and mouse, some initiative is fortunately pro-active, but a large proportion will remain re-active.

One professional, tongue-in-cheek, referred to security as a job for life, and even if we assume that all the relevant technology we could possibly ask for is ready on the shelf, the market is far from saturated. Ie. IT departments need to install more security measures and buy more products. Or put another way, there will be future adverse and embarrassing publicity stemming from security breaches.

Data Protection

Data protection is a hot security sub-area and Infosecurity was boasting many solutions to prevent the right data falling into the wrong hands:

Software suites embracing OSs, applications and hardware attempting to provide a holistic approach
Encryption at many levels vies for leadership status
Several businesses showing to what extent a physical piece of electronic can be shredded

The purposes for these solutions are clearly different. Physical destruction, drastic though it seems, may be tempting if data remanence (data or its residual signals remaining after deletion or over writing) is feared. Encrypting removable storage devices was widely demonstrated and clearly resonating with potential customers. Accidental data leakage can be prevented this way assuming that the users employ robust passwords. Some IT professionals choose to dismiss missing storage containers as they go missing counting on encryption doing its job. Others however view the retrieval efforts being worthwhile by attempting to track down missing PCs for instance.

European regulators will be busy for some time yet tightening up rules and punishing those who break the rules. These efforts will only become more restrictive as well as punitive. IT professionals at the show encouragingly emphasised common sense and policies that invited collaboration and being conducive to keeping the business going.

This entry was posted on April 30, 2010, 11:15 and is filed under New Research. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

#1 by Martin Hingley on May 18, 2010 - 22:41

Quote

Claus
It’s going to get even more difficult with Cloud Computing. If I’m right in thinking that users don’t care, don’t know and in many cases can’t find out where their personal data is located, then the regulators job becomes vital.
In the UK they’re tightening up on financial regulation in the Retail industry in October, but can’t even handle virtual servers. Cloud applications will be excluded unless they gain a lot of knowledge before then. If they got turbo boosted they might even help to protect the local Managed Services market by encapsulating governence, data and privacy information issues in their rules, but it doesn’t look likely.
For the IT managers of services companies, focusing on issues of trust will help protect their organisations from legal action. However it’s going to get even more difficult to handle the balance between modern applications, customer and citizen privacy.
Can you tell us about the techniques they might develop to cope?
Best Wishes
Martin

M	T	W	T	F	S	S
« Mar				May »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Claus Egge

ICT & the world of Content