You can't secure what you don't acknowledge.SM

Friday, March 19, 2010

All the reasons you need to NOT buy security products

We've all been subjected to the marketing hype the IT and security product vendors put out daily...Well, if you've been looking for ways to save some money, here's why you should not buy information security products:

9 good reasons not to buy information security products

...the marketing madness will never cease. We just have to grow wise and understand what to buy into and what to ignore.

New tips on 4 facets of encryption

Been wondering about the latest on mobile/backup/database/email encryption? Well, here are some recent tips I wrote to TechTarget that'll help you get the ball rolling:

Securing SMB laptops

Securing removable media with BitLocker To Go

Secure your data backups with encryption key management best practices

Encryption – the great security control that nobody’s using

The true value of transparent data encryption

Is full email encryption the solution to Exchange security?

No need to fix the problem, just ban the tool

Here's a great post from my colleague Dave Paradi talking about how a conference is banning presenters from using PowerPoint. It's an embedded systems conference. So they're telling these highly-technical people they can't use PowerPoint to get their messages across!? I suspect the audience will instead be subjected to overhead transparencies and slide rule demonstrations. Sounds like a great show!

This is just like businesses banning thumb drives and instant messaging on their networks. The ignorant powers that be proclaim "This stuff is too risky so we're going to ban it." Instead of fixing the problem at a higher level and putting in the proper controls to minimize such risks they just ban the technologies altogether.

It'll be tough for presenters at this conference to "sneak" PowerPoint into their presentations. But what happens when computer users are told they can't use certain hardware or software? They find a workaround and do it anyway because the problem isn't addressed at the right level. And thus the cycle continues. Amazing stuff.