- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Why is it so hard to secure a laptop? Where are the green fields for identity thieves? What are the security threats that IT professionals are ignoring? IDG News Services recently invited the heads of three security businesses -- Barracuda Networks CEO Dean Drako, Sana Security CEO John Zicker, and Jay Kidd, who runs Network Appliance's Emerging Products Group -- to a roundtable discussion of the trends they see on the horizon and the threats they think IT executives may be missing.
Following is an edited transcript of that discussion.
The VA recently lost a laptop containing information on more than 26.5 million veterans; Ernst & Young GIobal Ltd. lost a laptop containing sensitive information on nearly 250,000 Hotels.com customers. Why do we keep hearing about these missing laptops?
Dean Drako: I think people just did what was easy and convenient and didn't really think about it. Ernst and Young guys used to go in and audit, and they'd have paper and pencil. Then they started getting laptops and they started carrying them in, so they'd create little spreadsheets. And then USB [Universal Serial Bus] keys appeared, and they could say, "Oh, let's just transfer that data to a laptop."
Nobody ever really thought about the repercussions of the fact that these laptops were scooting out of the building every night.
John Zicker: Most people don't buy fire insurance until their neighbor's house burns down, or the mortgage companies require you to have it to buy the house. Laptops and desktops have been one of the last things in the security industry for people to worry about. They worried about perimeters and about central storage, and now they're worried about desktops and laptops because it's not been a big issue before.
Jay Kidd: Security's always a balance between safety and inconvenience. So there's some level of inconvenience with any security. Companies are figuring out: Where is the right balance? And every time you have one of these disclosures, it shifts a little bit more toward safety. But the bias is toward convenience.
How much should we be worrying about laptop theft, really? There must be more efficient ways to steal somebody's identity.
Kidd: That's not the efficient way to get identity. The bigger concern has actually been in the public sector, because it's targeted. You can target everybody in the Pentagon, everybody in the State Department. I know that there's a higher incident of that theft than there is of just general corporate theft. In general, corporate theft is about walking through the office and grabbing a few laptops and selling them for the hardware. It's not identity theft.
What are the new threats that people aren't thinking about?
Drako: There has been a market change over the last five-to-six years, primarily due to Sarbanes-Oxley. It used to be that you actually trusted your employees. What's changed -- and which is really kind of morally and socially depressing -- is that now, the way the auditors approach the problem, the way Sarbanes-Oxley approaches the problem, is you actually put in systems assuming that you can't trust anyone. Everything has to be double-signoff or a double-check in the process of how you organize all of the financials of the company.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment