Secure Coding mailing list archives
ZDNnet: Securing data from the threat within [by buying products]
From: "Kenneth R. van Wyk" <Ken () krvw com>
Date: Tue, 11 Jan 2005 15:31:18 +0000
Greetings all, I saw a moderately interesting article this morning on ZDNet (see http://news.zdnet.com/2100-1009_22-5520016.html?tag=zdfd.newsfeed for the full text). The premise of the article is about how companies have been building external perimeters for years and now they need to also protect themselves from insiders, because, "...now discontented, reckless and greedy employees, and disgruntled former workers, can all be bigger threats than the mysterious hacker." The article goes on to list some new products, technologies, and methods for protecting data from the insiders. It says, "a whole new class of products has sprung up aimed at keeping employees and other insiders from sending confidential information outside the company." It describes network-level products as well as the need for client-level products for monitoring and controlling data flow. IMHO, what's missing here is a discussion on writing better enterprise applications that make effective use of concepts like role-based access control, transaction/event logging and monitoring, etc. In fact, the article would lead an IT security manager to think that the only solution to insider problems is to buy more security products. Frustrating... To find a fairly "mainstream" article like this that is (again, IMHO) so thoroughly off base really makes me wonder whether the Software Security community is making progress or not. Opinions? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- ZDNnet: Securing data from the threat within [by buying products] Kenneth R. van Wyk (Jan 11)
- RE: ZDNnet: Securing data from the threat within [by buying products] Michael S Hines (Jan 11)
- Re: ZDNnet: Securing data from the threat within [by buying products] Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 11)
- Re: ZDNnet: Securing data from the threat within [by buying products] Crispin Cowan (Jan 17)
- Re: ZDNnet: Securing data from the threat within [by buying products] Kenneth R. van Wyk (Jan 17)
- Re: ZDNnet: Securing data from the threat within [by buying products] Crispin Cowan (Jan 17)
- Re: ZDNnet: Securing data from the threat within [by buying products] Kenneth R. van Wyk (Jan 17)
- Re: ZDNnet: Securing data from the threat within [by buying products] Crispin Cowan (Jan 17)
- Re: ZDNnet: Securing data from the threat within [by buying products] Kenneth R. van Wyk (Jan 17)