You are currently browsing the Data At Rest Encryption Solutions weblog archives for June, 2009.
1. June 2009 by Bryan Glancey.
Have you ever noticed that when you ask ten people anything you get ten different answers? You ask ‘What’s wrong with [fill in the blank]?’ and you get the opinion de jour, blame it on someone, some group, some philosophy, or Milli Vanilli says blame it on the Rain. It also, surprisingly, seems that no one ever blames themselves or the group they belong to. Everyone is misunderstood, under represented, marginalized, the lone voice of reason in the wilderness that we are not listening to.
The presidential Cyberreview is out, http://www.whitehouse.gov/CyberReview/ , and it’s good. There is a little of everything in there, and the spin masters in commercial companies have already highlighted their sections, and emphasized them and downplayed the rest.
Scary thought — Did you ever think that this merry go round of picking and choosing around information security is the cause of the problem? Perhaps the NSA and every security expert worth their slat is correct, ‘Defense in Depth’ is the only solution toward some semblance of security?
I recently spent some time explaining to someone why all of the CyberSecurity ’stuff’ didn’t just mean better firewalls. It seems that Apathy and our normal cavalier attitude of walking through a world and choosing not to understand how it works has caught up with us all.
Instead of addressing this through nubulous over generalization, let’s ask simeple questions:
Do you know that questions one and two are the hardest to answer? Do you know that they have very little to do with the internet and firewalls, and routers, and ethernet addresses? The simplest and most common sense questions are the hardest to answer, and hold the most sway in security. Tell me every computing, storage device, USB Key, external Hard drive, magentic tape, Cell phone, blackberry, SME PED, iPod or whos-a-ma-whatsus you have connected inside your organization and what’s on it. Easy to say, hard to do.
Next, decide what you are protecting - is it in Databases? is it in word documents? is it in powerpoints? is it in graphic files? is it in raw text? For the government, the answer is yes to all of the above.
Protecting our country in Cyberspace has a lot in common with protecting our nation Physically:
Woudl the nation be safe if we protected the borders but had no police officers? No. Would the country be safe if we had ground protection but no air force? No. Would the country be safe by having Ground and Air protection but no one covering the oceans? No.
There are no Easy answers to security, but there are simple ones. ‘Defense in Depth’ means that you have firewalls, that you have antivirus - but that is not all you have. You protect ALL the data, where ever it resides - and everywhere it travels. Do you protect it on a laptop when there is not firewall? Yes. Do you protect it on an external USB hard drive? Yes. Do you protect it on a Cell Phone? Yes. Do all of these things have to do with Firewalls? No.
Protecting in Cyberspace is just like protecting your house. Do you only buy a deadbolt and then not get window locks? No. Do you buy a security system and then not lock your doors? No.
Simple Answers, Simple Questions. Perhaps if we really ask the questions, and really want to answer them, we’ll solve the problem.
Posted in Uncategorized | Print | 1 Comment »