Had an interesting article cross my email today from techtarget.com. It nicely dovetails with discussions I've had with many in the IdM and Security fields.
The basic fact is that businesses save money when they implement Security and Identity Management projects. The costs of one security breach, password exploit, compliance violation, etc. dwarfs the investment and maintenance of a sound enterprise security infrastructure.
I found it interesting that the experts quoted in the article specifically referenced, encryption, compliance and Identity and Access Management technologies. I would also recommend the use of SSO technologies which make it easier to enforce password policy and promote compliance.
In the war of data security, a good defense is the best offense.
1 comment:
And now for the topic of the moment that I have been reflecting on - how does Governance fit in "The Cloud"?
You are essentially trusting a 3rd party selling commodity computing infrastructure to enforce security controls that you are responsible for.
"The Cloud" sounds a lot to me like "securitisation" of IT services. A vendor packages up services with risks that they may or may not be aware of and they are sold on to corporations as "Cloud computing".
I would suggest that even if a "due diligence" takes place, in many cases different standards will be applied to external vs. internal controls.
So is "the Cloud" really another set of sub-prime risks, packaged up in a AAA-rated wrapper?
Post a Comment