Feature

Emerging Technologies: How to secure new products

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."

Download it now to read this article plus other related content.

Process, Process
During its pilot, GWU emphasized communication. "I personally called the head of each department before we started," says Kim. Just two problems were encountered and both were aborted without data loss, instilling confidence required for a larger rollout. The pilot also produced a process. "We found that encryption can take two to eight hours," says Kim. "Now we work with departments to pick a time that doesn't impact their business. "

Indeed, everyone interviewed identified people rather than technology as the most essential ingredient.

"Securing data is one thing; retaining the inherent usability of a device is another," says Credant's Stone. "You can't require users to change the way that they work. Don't require the IT organization to change the way that they work either."

According to Watzinger, about 35 percent of SafeBoot's customers use both full disk and file/folder encryption on the same laptop. "When you have an outsourcer administering the CEO's laptop, you need to give him access but stop him from seeing sensitive data," he says.

"After standardizing devices, the biggest thing is having executive management support on who gets encrypted and why, so that you're not fighting that on a daily basis," recommends Marti.

"We put some weight around our laptop protection by making policies heavier," says Clarke American Checks' Means. "Now, if theft is due to negligence, it could cost you your job. One guy

    Requires Free Membership to View

had his laptop stolen twice and he no longer works here. After that, it's amazing how few laptops are stolen."

Take Away
The Real Cost Laptop encryption is expensive. Data breaches are a lot more expensive. Encrypt now, starting with high-risk users.

Follow the Money SOA shifts the security landscape from the infrastructure to business initiatives. Put your security budget where the business is investing its money. You will be a business champion and get management's ear at budget time.

Security is Security Out of sight, out of mind? Virtual servers don't secure themselves, nor is it enough to secure the host. Apply best practices for physical server security with heightened awareness of the dynamic nature of virtualization.

On the Line Prepare now for attacks on your IP-PBX, even if we're not seeing them yet. Don't wait for the bad guys to start DoS-ing your IP telephony infrastructure.

This was first published in July 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: