Peak Security

April 3, 2013

How would you feel if your bank told you that only half of your money was safe?  At any given time, 50% of your total assets are subject to theft or loss.

That would be unacceptable. Unfathomable, right?  Banks couldn’t possibly operate with that level of uncertainty and risk.

What about data?  I hate to be a doomsayer, but the findings from our research on data protection is bolstered by IDC’s latest Digital Universe study, which purports that approximately half of the data that needs protection has protection [1].

Some of you are inevitably thinking: “Well, yeah, but that’s data, not money.”

Ahh, young grasshopper. You have much to learn.

A digital society

Like it or not, we’re living in a digital society. In many US cities, I can operate for weeks, months, possibly even years without touching physical currency or, tragically, without interacting with other human beings. Amazon Prime, Square, PayPal, Seamless, Uber, Google Glass, Bitcoin. The analog world has officially been disrupted.

At the core of this societal transformation is one axiomatic thing: data. Hopefully you’ve begun to alter your mindset and will start to treat data as an asset class—one that is constantly appreciating and warrants the same protection as money.

It isn’t paranoia if they’re really out to get you

I can hear it now: “Rob, you’re being too paranoid! Treating data like money? Pfffft. Too extreme. Companies know what they’re doing. My data is safe because I’m careful.”

Please do me a favor: go to Google News, type “hacked”, and press enter. Here’s what I get see right now, at 9:06PM on March, 21st 2013:

Google News results for

A steady stream of data leaks, security fumbles, insider theft, malware, hacktivsm, APTs, and state-sponsored attacks are frightfully now the norm. Java has a paradoxically long 14-day streakwithout a 0-day exploit.  The Ruby on Rails, MySQL, and WordPress core teams are playing the same game of whack-a-mole these days. The success and pervasiveness of a platform is often correlated with the size of the target on its back. It must feel like a constant full-court press.

Have we reached “Peak Security”?

So, have we reached “Peak Security”?  Have we reached a point where we’re producing so much data that our ability to protect it will only degrade further and further over time?

The answer, in my humble opinion, is “no”.  The horse is not out of the barn…yet.  If our research has taught me anything, it’s that the dearth of basic controls means there is enormous room for improvement.  By doing basic “blocking and tackling”, individuals and businesses can make substantial inroads.  If you can master the fundamentals (the 4 As: authentication, authorization, auditing, and alerting) you can guard against all but perhaps the most sophisticated and nuanced APTs.  You can separate yourself from the pack and become a target that simply isn’t worth hitting.

In the coming week, we’ll take a deeper dive into the 4 As and provide some tactical advice for strengthening your security posture.

[1]: http://www.emc.com/leadership/digital-universe/iview/information-security-2020.htm

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Proportionality in Ediscovery: Getting Beyond the Academic and Practitioner Perspective

September 17, 2012

Interesting points from a e-legal blog
Point 1: The expanding digital universe will exceed 35 zettabytes by 2020, IDC predicts.
In 2009, global digital data topped 800,000 petabytes and was projected to reach 1.2 mil­lion petabytes in 2010. Storing 1 million peta­bytes on DVD would generate a stack of discs that reaches the moon and back. However, that rate of growth—62% in one year—pales compared with IDC’s prediction that the figure will top 35 zetta­bytes (36.7 million petabytes) by 2020, or 44 times as much as 2009. That stack of DVDs would reach halfway to Mars.

(following graphic originally posted by Tech News Ninja here)

Point 2: Usage of Social Media is increasing: (from comScore‘s US Digital Year in Review 2010)
Point 3: Social media represents significant ediscovery challenges:
The SCA is a formidable obstacle for parties looking to collect data from a social network.  Often the only option is to seek voluntary waiver by the person of interest.  Needless to say, more often that not any request to collect and analyze this type of data will need to be targeted and precise so as to avoid privacy concerns and other rights.  If the information is available on a public-facing portal of a social network then the collection may be easier to accomplish though the ability to do a targeted collection is somewhat limited by the user interface and/or local API.  Further it is difficult to think of this dynamic and changing data as a “document” under traditional ediscovery practices and so reviewing and analyzing presents unique challenges.
Point 4: Data Governance is becoming a stronger practice and discipline – it is also on the rise: (graphic created by DAMA.org)
 
Conclusion: Data – how we use it, how we access it, where we create it – is changing.  All of this leads to more and more data from more and more sources.  The MDM/Data Governance movement is seeking to organize data inside organizations and seeks to make information (which is what data contains and transports) more accessible.  So while the universe of data grows so does the ability to seek and capture only the relevant or useful information (See graph below for a non-scientific illustration.)  So proportionality could eventually be “built into” our ediscovery methods and practices – it simply will not be feasible any other way.
 Thanks to  at http://www.legaltransformationblog.com/2011/04/proportionality-in-ediscovery-getting.html

 

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 746 other followers