It’s all in the copier

Following on from a previous post, I wondered how many people had thought of the lowly photocopier as a source of data and therefore at risk of data-loss? New, well not that new, photocopiers have hard disks to cache information before it’s printed along with network access - so? Now let’s just think what might be on those disks, let’s say the photocopier is at quarter or year end. and its on the executive floor or even just a sales floor. While many things are sent by email, more often than not board papers, sales numbers and last minute deals are all printed out for use in meetings or FAX’ing to customers. So, all this information will therefore be on the hard disk - now. what if a person wearing the appropriate uniform came in to ‘fix’ the system or perhaps just to service it and swapped out the hard disks. It sounds a little far fetched, but it has happened - and enough for copier (and printer) manufacturers to begin offering encryption on the hard disks in their systems.When looking for sources of data loss, it pays to think out-of-the-box - the data might be in more places than you first imagined.

February 27, 2008 | Filed Under IT equipment, data-loss, security | Leave a Comment 

I work here, honest guv!

It was reported that a ‘fake’ clerk has been stealing iPod’s from a particular US supermarket chain. How can this happen? The answer is: very easily. He would wear the correct uniform and then act like he worked there - and finally just walk out the door with the stock. While it may seem funny that such a thing can happen I wonder how easy it would be to do the same thing at your place of work? Social engineering is one area where we currently don’t do enough to prevent such attacks. Many companies have name badges, but home many times have you challenged someone whose badge you cannot see? Or, how often have you been challenged when your’s is not visible? I would think it is not many - or even any.
Perhaps it is time to change and becoming a little more enquiring as to who people are - especially if they are carrying IT equipment out of the office?

February 27, 2008 | Filed Under IT equipment, security | 1 Comment 

Hello and welcome to View From The Bunker

Well it has finally happened, I have been persuaded to write a blog. At Symantec I am responsible for Technical Strategy for the Security and Compliance products. Since the merger of Symantec and Veritas (I came from the Veritas side of the house)  it has become increasingly apparent that security and availability are inextricably linked. I had just written the Utility Computing strategy for Veritas and we needed a strong security story - so the Symantec merger was ideal.

Two years plus into the merger and several more acquisitions along the way, coupled with the various high profile data losses ensures that we live in interesting times. Progress on all fronts (threats & security, governance, compliance and availabilty) is rapid and that’s what makes life at work interesting for me. So, without more ramblings, its time to make a start - and I leave you with the following thought.

You cannot have ‘good’ data if you cannot guarantee its security and its availability. One without the other makes no sense.

February 7, 2008 | Filed Under announcements | Leave a Comment