General discussion


Isn't "defending the castle" products - aming for certain death?

By niels ·
I've followed IT-security discussions for years - and have approached the problem from a different angle, creating an End-2-End Encryption Platform which is 100% user transparent, 100% controlled and based on solving basically all ?holes in the chain?. It is called KryptoSigri, done with some super intelligent people - but this is really not what I want to start a discussion about ? it is this problem I see coming:

We all want new ways to work. Work is no longer a place we go to ? but something we do, and something we want to do in a flexible way ? not being bound by a corporate computer, VPN clients, PKI solutions etc. etc. (all junk in my mind anyway).

This creates a problem I?ve puzzled with for some time now. How does elderly and mostly ignorant people at the Board of Directors ? make sure the corporate IP is secured ? when we are moving towards the ambient Enterprise or the virtual organisation.

This to me is something I can foresee will grow bigger and bigger unless leadership will acknowledge these problems and put some people on the boards or in advisory boards that can steer them through the next 20-25 years of IT-headaches.

Would like to open the floor for comments on this topic ? there must be other people than me thinking about, why on Earth we are not in better shape when it comes to secure corporate electronic assets.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Because it costs money

by Tony Hopkinson In reply to Isn't "defending the cast ...

Without increased risk, or increased costs for security breaches, corportes aren't going to do anything.

I don't see how not being bound to a corporate computer is going to help, That's an assusmption that our personal kit, is more secure than say a corporate laptop, and that the security mechanism is running (can run even) on someone elses end. That's not even going near how to secure, and stay secure.

Sounds like a classic case of panacea merchandising to me....

Collapse -

Good security is multi-faceted

by cpetit In reply to Because it costs money

Encryption isn't the silver bullet for security. To have good PC security, you need:
- Physical security - if someone gets the PC, any security can be compromised
- Network security - personal firewall, antivirus, antispyware
- Account security - password lengths, password changing policies, account lockout settings
- Data security - minimum amount of sensitive data on the PC, encryption for the sensitive data
- User security - people don't give out sensitive information without verifying the person on the other line

I don't think any of us implement all of these effectively. But no one piece is effective by itself.

Even if we implement all of these, there is no such thing as perfect security.

Collapse -

Well yes

by Tony Hopkinson In reply to Good security is multi-fa ...

Physical security, job one.

So how exactly does this connect any old PC to your system and let whatever's on it get through, given authorisation, not security that, is it, more like a bad joke.

The panacea merchant wants us to by into the idea that if the pipe is secure, then we are secure, completely forgetting that the thing has two open ends.

Collapse -

Totally true

by jmgarvin In reply to Well yes

We always look to the technical solutions, when a simple lock and key will do.

What drives me nuts is that many corporations STILL don't understand multifactor authentication. I recently had a run in with "multifactor" authentication that was simply entering a password, twice. BRILLIANT.

Until corporations take security seriously (as in it WILL effect profits), it will never be taken seriously.

Related Discussions

Related Forums