Peak Security

How would you feel if your bank told you that only half of your money was safe?  At any given time, 50% of your total assets are subject to theft or loss.

That would be unacceptable. Unfathomable, right?  Banks couldn’t possibly operate with that level of uncertainty and risk.

What about data?  I hate to be a doomsayer, but the findings from our research on data protection is bolstered by IDC’s latest Digital Universe study, which purports that approximately half of the data that needs protection has protection [1].

Some of you are inevitably thinking: “Well, yeah, but that’s data, not money.”

Ahh, young grasshopper. You have much to learn.

A digital society

Like it or not, we’re living in a digital society. In many US cities, I can operate for weeks, months, possibly even years without touching physical currency or, tragically, without interacting with other human beings. Amazon Prime, Square, PayPal, Seamless, Uber, Google Glass, Bitcoin. The analog world has officially been disrupted.

At the core of this societal transformation is one axiomatic thing: data. Hopefully you’ve begun to alter your mindset and will start to treat data as an asset class—one that is constantly appreciating and warrants the same protection as money.

It isn’t paranoia if they’re really out to get you

I can hear it now: “Rob, you’re being too paranoid! Treating data like money? Pfffft. Too extreme. Companies know what they’re doing. My data is safe because I’m careful.”

Please do me a favor: go to Google News, type “hacked”, and press enter. Here’s what I get see right now, at 9:06PM on March, 21st 2013:

Google News results for

A steady stream of data leaks, security fumbles, insider theft, malware, hacktivsm, APTs, and state-sponsored attacks are frightfully now the norm. Java has a paradoxically long 14-day streakwithout a 0-day exploit.  The Ruby on Rails, MySQL, and WordPress core teams are playing the same game of whack-a-mole these days. The success and pervasiveness of a platform is often correlated with the size of the target on its back. It must feel like a constant full-court press.

Have we reached “Peak Security”?

So, have we reached “Peak Security”?  Have we reached a point where we’re producing so much data that our ability to protect it will only degrade further and further over time?

The answer, in my humble opinion, is “no”.  The horse is not out of the barn…yet.  If our research has taught me anything, it’s that the dearth of basic controls means there is enormous room for improvement.  By doing basic “blocking and tackling”, individuals and businesses can make substantial inroads.  If you can master the fundamentals (the 4 As: authentication, authorization, auditing, and alerting) you can guard against all but perhaps the most sophisticated and nuanced APTs.  You can separate yourself from the pack and become a target that simply isn’t worth hitting.

In the coming week, we’ll take a deeper dive into the 4 As and provide some tactical advice for strengthening your security posture.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s