Home > Rachel's Corner > The Future of Data Protection 3/27/08

The Future of Data Protection 3/27/08

[Following is the first of what I hope will be regular posts by our new Creative Associate, Rachel Cusick. Watch for Rachel’s Corner on the blog all year.  — sh.]

Rachel_blog_pic I started working for Steve at the beginning of this year with a lot to learn about the security industry.  I guess I’d call my perspective fresh, with a healthy dose of naiveté.  With so much to learn I really enjoy listening to the discussions at our events. They’re usually bold and loud which always makes for an interesting evening! So when we hosted The Future of Data Protection in Silicon Valley last month, I got a crash course in the IT world.

Cimg2993 Bill Munroe joined us from Verdasys to engage our guests in a topic that’s easy to discuss but very hard to agree on: The future of data protection. I expected the concept to be overridden with terminology and extremely difficult to grasp. In a way it is, but in a very big way, I get it.

Although the setting was serene and the wine was calming, the conversation was tumultuous. Bouncing from all sides of the room were opinions from IT security architects, principal analysts, VPs, CIOs and COOs, all with an interesting tweak to each other’s opinions.

What to do? Steve let the conversation flow, taking the opportunity to slow things down and point out conclusions when he could. The biggest deduction of all, is how darn hard it is to actually derive one.

First there’s the debate of information versus data, and then comes the real argument of who cares about what it’s called, let’s address the value! Then there’s the challenge of who gets access to what, and no matter how secure the business is, there’s always the internal threat. How do you know who you can trust? What if you hire someone you can trust and they turn into someone else? The one overriding agreement was that security is inconvenient and only appreciated after something bad happens.

Security is not in place for security alone, but to protect the business, the money. And of course the most efficient way to do this is to put the proper devices in place before bad things happen. But any IT professional will tell you, that they’re mostly called upon for reaction, not prevention.

It must be hard to constantly protect and improve protection without much reward.

Categories: Rachel's Corner
  1. April 15, 2008 at 10:06 am

    Welcome to the site and congratulations on your first post.
    “Security is not in place for security alone, but to protect the business, the money. And of course the most efficient way to do this is to put the proper devices in place before bad things happen.”
    Is it? Sometime’s a bit of insurance can be worth more than any security system or device can provide.
    An unfortunate view that much of the industry has is that risk avoidance and reduction are the only solutions. Sometimes risk retention or transference can be very effective/efficient ways of handling an issue.
    Take a look at: http://en.wikipedia.org/wiki/Risk_management#Potential_risk_treatments
    Sometimes it’s not so bad for bad things to happen, as long as the pieces are in place to handle those bad things… that’s the whole point of insurance fraud. Sometimes the best thing that can happen to a business is to have the building burn down.
    Michael Glasser

  2. Steve Surfaro
    April 22, 2008 at 4:06 pm

    Rachel – great topic! Michael, it was good to see you at ISC West.
    Here is something that I struggle with, pretty much in the industry and with even our own policies.
    IT departments want to prevent the “end run” by other business partners to find a way to get their programs, services and projects deployed faster and easier.
    Physical Security folks look at IT pros as experts in Network Security and Intrusion Detection and Prevention, but not at Risk Management of the total Security Program.
    Will Network Security professionals ever compromise? I can’t even get access to my XDrive at work because of Smartfiltering, yet I use some the most advanced Firewalls (in compliance with IT).
    Anyway, great job Rachel and I look forward to your next topic; sorry this is a late post.

  3. Rachel
    April 23, 2008 at 8:40 am

    Thank you both for your comments.
    The writing part’s not so bad — it’s clicking “post” that’s a bit nerve-racking!
    I am learning so much so fast that I think it’s important to step back and streamline the information.
    In the areas of physical and IT security and the convergence of both, I hear so many different definitions and opinions. With this in mind, I promise I’ll try to keep up and always post from my growing perspective.

  4. Mitchell
    December 17, 2009 at 8:53 am

    I will keep an eye out for you at the conferences because I attend almost all of them on behalf of my data protection employer 😉 I, too am a bit new to the biz, so maybe we can rub elbows and exchange tips. If a 6 foot 5 inch man with a big beard approaches you, don’t be afraid, it’s just me!

  5. December 23, 2009 at 8:41 am

    Ah, those early jitters a new employee/writer gets. You will demolish them in time, if you have not already. You have a great mentor in Steve. Hang in there, and best of luck!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: