Fallback Plain Failures

By David F. Carr Print this article Print

Judging the threats posed to computer security, and how to combat them, has never been more complicated. What are the big threats, and what do you have to do to be prepared in 2006.

5 - Backup Tape Losses

At the most basic level, recent publicity about the loss of tapes containing consumer data focuses attention on the need to physically transport tapes to a backup location or credit bureau in a safe and secure manner.

By using encryption, companies can also make the data encoded on tapes safe from prying eyes, even if the tapes are lost or stolen.

However, encrypting large volumes of data can take hours, bogging down system operations. A successful encryption strategy requires careful management of the mathematical keys used to scramble the data, or else it won't be possible to unscramble it when it's really needed—perhaps when the backup tapes must be decrypted to restore the operations of a business in the wake of a disaster. In some cases, specialized computer appliances for encryption and decryption from vendors like nCipher are helping businesses accelerate encryption processing and make it more practical.

Particularly in retail industries that handle a lot of consumer data, information managers are giving more consideration to encrypting that data wherever it is stored, or "at rest" in industry jargon, as opposed to encrypting transmissions over a network.

granted, computer security is expensive. Information security spending has been growing at 16% a year for the past couple of years, while overall information-technology spending has only been growing 4% a year, according to Gartner. As a percentage of revenue, corporations are already spending about as much on information security as they are on more traditional ways of managing risk, such as property and casualty insurance, MacDonald says.

But after several years of increasing spending on information security, chief information officers and security officers are going to have to turn their attention to getting more security for less money, according to Pescatore and MacDonald. "We don't believe you have to spend more to be more secure. That's the track that we've been on, but it's not sustainable," MacDonald says.

Controlling costs will require aggressively "operationalizing" the routine aspects of information security by shifting responsibility for those tasks "to people who are good at doing repetitive tasks well," MacDonald says. In other words, you might begin outsourcing management of established security technologies, such as firewalls, and use experienced professionals to figure out, say, which intrusion prevention technologies to deploy.

Security software vendors can also be pressured to reduce costs by combining separate products, such as antivirus, anti-spyware and intrusion prevention, into "converged security platforms," according to the Gartner analysts. Instead of paying $20 to $25 each for antivirus, personal firewall, anti-spyware and other protections, a converged platform will deliver all of this functionality in 2006 for approximately $40 to $50 per machine, Gartner predicts.

So very simple, right? Just protect your company from financial losses, espionage and public ridicule, and do it in the face of new, perhaps more sinister threats—and do it for less. 6 to do's for '06

  • Protect against targeted attacks with more advanced intrusion prevention.
  • Tighten network access control, both inside and outside the firewall.
  • Make sure you know who your users are.
  • Deploy more secure software.
  • Reexamine how you handle backup tapes and data storage in general.
  • Do more with less.
Story Guide:
Beware 2006
  • Targeted Attacks
  • Shielding the Net
  • Fallback Plain Failures

  • <1234
    This article was originally published on 2005-12-13
    David F. Carr David F. Carr is the Technology Editor for Baseline Magazine, a Ziff Davis publication focused on information technology and its management, with an emphasis on measurable, bottom-line results. He wrote two of Baseline's cover stories focused on the role of technology in disaster recovery, one focused on the response to the tsunami in Indonesia and another on the City of New Orleans after Hurricane Katrina.David has been the author or co-author of many Baseline Case Dissections on corporate technology successes and failures (such as the role of Kmart's inept supply chain implementation in its decline versus Wal-Mart or the successful use of technology to create new market opportunities for office furniture maker Herman Miller). He has also written about the FAA's halting attempts to modernize air traffic control, and in 2003 he traveled to Sierra Leone and Liberia to report on the role of technology in United Nations peacekeeping.David joined Baseline prior to the launch of the magazine in 2001 and helped define popular elements of the magazine such as Gotcha!, which offers cautionary tales about technology pitfalls and how to avoid them.
    eWeek eWeek

    Have the latest technology news and resources emailed to you everyday.