The true cost of a data breach (Part Two)

By Mike Jones | March 28, 2012 | 1 Comment 

Mike Jones

Last week’s Cost of a Data Breach Study update had one particular statistic that stuck with me and to which I keep being drawn to when discussing it with others. In the UK study, they discovered that where an organisation that suffered a breach had a Chief Information Security Officer (CISO) or someone with the equivalent level of responsibility in place, the cost per record dropped by an average of £18. I think the key word in the previous sentence is “responsibility” for a few reasons.

Firstly, we have the increasing amount of fines and penalties that can be applied to the individuals involved in failing to deliver against expectations. These have gone beyond the original highly regulated industries and out into the broader business context. With the coming updates to EU legislation, it’s likely to get more attention in the boardrooms of Briton, not less.

Secondly, and contrary to popular thinking, stopping data loss and protection of the key information assets an organisation has goes way beyond using scanners to prevent credit card details being emailed out. Primarily, it’s not a technical problem, it’s a people-process-technology challenge.

In the past, I have heard references to people-process-technology being like a three-legged stool of which you can’t remove any without falling off! This can be considered a fair comparison but, for me, the ‘people’ part of this stool is the most critical starting point. People have negotiation skills. People have perspective. People drive change.

When it comes to the role of technology in stopping data loss I view it like an exoskeleton to the people involved. That may sound a little sci-fi but what they need to be able to do is say “this stuff is important, please tell me how it’s being used, where it’s going and who uses it”. Technology enables them to reach into network pipes with gigabits of data pumping through them. Technology enables them to piece together a process involving four employees and an outside contractor. Technology enables them to see the HR director does not like using the VPN from his second home in the Cotswolds.

The reason I view it as an exoskeleton is that the knowledge of what’s important comes from the people involved, as does the appropriate response and the negotiation to get from where they are today, to a more secure future-state.

The relentless growth in information and systems shows we’re not moving towards a state where data loss won’t happen anymore. However, this report shows that if you put someone in charge with responsibility and authority to make change happen when it does occur, the impact to an organisation’s bottom-line is significantly reduced. I’m happy to predict the gap between those that take it seriously and those that stick their head in the sand will only get larger in the coming years.

 

IT Strategies During The Downturn

By darren_thomson | February 11, 2010 | Leave a Comment 

darren_thomson

An interesting report was published this week by Information Age and concerning IT strategies in 2009 (a hard year for most !). The report found that most effective IT strategies of the year to be:

1. Support mobile working
2. Server virtualisation
3. Unified IP network architectures

Certainly good news for the Hypervisors..

The least effective strategies were deemed to be:

1. Reduce IT staff costs
2. Outsourcing the IT organisation
3. Offshore development

That should raise a few eyebrows !

Darren Thomson

Next-generation security and storage solutions through the Amazon

By admin | December 10, 2009 | Leave a Comment 

admin

Symantec today announced it is offering its next-generation security and enterprise-class storage management solutions through the Amazon Elastic Compute Cloud (Amazon EC2). Symantec Endpoint Protection and Veritas Storage Foundation Basic are now available on Amazon EC2. Businesses can leverage the Symantec solutions to add additional protection to their Windows servers in the cloud with comprehensive threat prevention and manage their cloud storage online with a single toolset that delivers reliability, scalability and high performance.

“As many businesses increasingly leverage the cloud for applications and services, they want to protect and manage those environments with the security and storage management solutions they are used to from Symantec,” said Greg Hughes, group president, Enterprise Product Group, Symantec. “By taking the same proven security and storage management solutions that organizations have come to rely on in their data center and extending them to Amazon EC2, Symantec is delivering on its commitment to provide value in the cloud.”

“As a web service that provides resizable compute capability on demand, Amazon EC2 makes web-scale computing easier for customers of all sizes,” said Steve Rabuchin, General Manager of Developer Relations and Business Development for Amazon Web Services (AWS). “We’re pleased that our mutual customers can now extend familiar Symantec security and online storage management solutions to the AWS cloud.”

Amazon EC2 users now have access to key protection technologies provided by Symantec Endpoint Protection. Symantec Endpoint Protection combines Symantec AntiVirus with advanced threat prevention to deliver defense against malicious attacks such as viruses, worms, spyware, Trojans, zero-day threats, and rootkits. Symantec Endpoint Protection helps ensure information remains safe and business assets are protected wherever that information resides.

Amazon EC2 users also now have access to advanced online storage management capabilities provided by Veritas Storage Foundation Basic from Symantec, allowing them to manage multiple hosts from a central interface and optimize storage performance and availability online. Storage Foundation enables non-disruptive storage operations through GUI-based management and online configuration with dynamic disks.

“We have been running Symantec Endpoint Protection locally to secure the endpoints and servers in our computing environment and have been very pleased with the level of protection it has provided,” said David Jordan, CISO of Arlington County. “As our infrastructure becomes more of a mix between on-premise and off-premise offerings, we look forward to leveraging these new delivery models for security and storage solutions.”

Today’s announcement marks another significant step in Symantec’s cloud strategy to deliver customers unmatched choice in the adoption of cloud solutions based on the company’s enterprise class products. For more information, please visit http://www.symantec.com/cloud.

Licensing and Availability

Symantec Endpoint Protection and Veritas Storage Foundation Basic are available now in the form of custom Amazon Machine Images (AMIs) that allow customers to run Symantec provided instances on Amazon EC2 on a pay-as-you-go, hourly basis.

Customers can subscribe to these custom AMIs and find additional information about Symantec and Amazon Web Services at http://www.symantec.com/amazon.

Darren Thomson

Symantec Technical Strategy 100

By admin | December 3, 2009 | Leave a Comment 

admin

Over the past few weeks I have been hosting “Symantec Technical Strategy 100” workshops in the UK. The workshops are designed to bring 100 senior technical design authorities from our customer-base together to discuss all things “VERITAS”.

Fifteen companies have been involved so far and, I must say, that it has been engaging and rewarding to see the users and designers of our storage and availability management product coming together and speaking so openly and candidly about this area of their technology stack. There has been a real sense of “community” in the sessions and we now hope to run further workshops, create a secure portal for community discussion and start a series of webcasts to ensure that our most important customers fully understand our storage and availability strategy.

If you think that you would like to represent your company within the community and you are already users of the VERITAS portfolio, please get in touch with me at darren_thomson@symantec.com. Now… off to the continent to gather more community members..!

Darren Thomson

Storage Expo – new trend is Stop Buying Storage!

By darren_thomson | October 14, 2009 | Leave a Comment 

darren_thomson

I’m at the Storage Expo show at Olympia, London.. There is good attendance this year (and it’s not just vendors and analysts!). A couple of observations so far:

First the hardware vendors are getting a pretty tough time of it. The messaging from most people here is around the fact that storage infrastructure desperately needs to be optimised and consolidated.. There seems to be a general theme of “the hardware vendors have been over-selling for years” and that the right thing to do at this point is to step back and re-assess the need to buy more expensive disk.

Secondly, business is getting done here.. Last year was an opportunity for the storage community to look for new job opportunties. This year sees customers researching solutions to their IT infrastructure problems.

I hear that this year is the last for this particular show.. Shame, it’s finally doing what it’s supposed to.

Darren Thomson

Aggressive Cuts To Cost & Complexity

By darren_thomson | August 3, 2009 | Leave a Comment 

darren_thomson

Finding ways to substantially cut costs and complexity in an active, vibrant Data Centre is not easy. CIO’s have spent years trimming here and there and, to many, further demand from the business to reduce CAPEX/OPEX can seem like asking the impossible.

Nonetheless, significant additional reductions and effeciencies can be made possible where companies take a broader look at the way IT serves the business in a broad context. Key to this approach is the bringing together of “IT” and “Business” people in a combined effort to rationalise applications, processes, core infrastructure and operations. I have recently facilitated “IT/Business Alignment” workshops, forced both sides of the house to work together productively and have been amazed as to the opportunities that drop out of this exercise.  Well managed and facilitated workshops are a great way from stakeholders to express ideas, test theory and find “1+1=3″ type opportunities.

The days of the IT organisation behaving as “custodian of technology” need to be brought to a close and the CIO needs to be positioned and fully recognised as a business partner by their peers in the organisation.

Darren Thomson