I have been looking in on a few blogs recently, most notably those of Amrit Williams http://techbuddha.wordpress.com/ , nCircle http://blog.ncircle.com/ and Still Secure http://www.stillsecureafteralltheseyears.com/ashimmy/
These guys have been blogging about security for a long time and talking about it for longer than that, but I wonder if any of them have a clue about whats going to be the next big thing? When I say the next BIG thing, I mean the next real move in security. Alan @ StillSecure thinks NAC but then, as far as I can tell, thats what he does. Amrit, he thinks its going to be data protection, which is interesting because isnt that what EVERYONE does? I mean thats infosecurity right? Its like saying that the next big thing is boxing is going to be knocking people out? Its the point of the game.
So I made a comment on Amrits blog about the next big thing being data protection at the endpoint. The endpoint being the laptop. I have a laptop and I bet that everyone reading this blog has one too. What data do you have on it? Is it sensitive data? Is it secure?
The answer for many is that it probably IS secured by a password or encryption program but what is stopping you from giving that data to someone else?
The next BIG thing is doing what we have always done; data protection. But its about doing it everywhere.... and thats going to be a challenge.
Friday, February 02, 2007
Infosecurity - JUST a US affair??
The title of this Blog is Infosecurity - Thoughts of a Brit in Cyberspace. The Infosecurity part is obvious; Its what I do. However, I want to comment on the Brit part. Of course, it could be construed as being obvious too. After all, I am a Brit, but the role of countries outside of the US in Infosecurity seems to be to follow whatever America is doing.
I dont know if that is a good thing. The rest of the world has differing needs, different work practices and different regulations. For instance, in Germany, you are not allowed to monitor an employees machines for many different kinds of information that you ARE allowed to in the US. This leads to the majority of vendor products not matching the requirements of the companies based in Germany. Germany has some of the biggest companies (by numbers of employees) in the world.
This "internalised" view of the needs of the user is quite an annoying thing when you work for one of these companies (as I do) You feel the frustration every day. Now dont get me wrong, I am not US bashing here. I just wish that they would consider other countries when they do anything......
I dont know if that is a good thing. The rest of the world has differing needs, different work practices and different regulations. For instance, in Germany, you are not allowed to monitor an employees machines for many different kinds of information that you ARE allowed to in the US. This leads to the majority of vendor products not matching the requirements of the companies based in Germany. Germany has some of the biggest companies (by numbers of employees) in the world.
This "internalised" view of the needs of the user is quite an annoying thing when you work for one of these companies (as I do) You feel the frustration every day. Now dont get me wrong, I am not US bashing here. I just wish that they would consider other countries when they do anything......
Subscribe to:
Posts (Atom)
