Saturday, 10 March 2007

Full transaction security.

What does a transaction look like?

Very simply:

User --> Application --> Storage

Either the application and the storage are housed somewhere on your e-commerce network, the users are outside, or app and storage are in your corporate network and your users are inside and outside.

We have already established that users are a big pain to security, but without them we are nothing!

You might look at the simple picture above and say "Well, we've covered user and network security", and go home and put your feet up, happy that you are covered. The smart cookies might even put in clever management and reporting systems like Nagios, HP Openview, etc. I haven't even mentioned IPS yet, with Snort, RealSecure, TopLayer, Teros, etc. in place, you haven't got a care in the world... have you?

That's all very well, and congratulations to you if you HAVE got this much in place by the way, you are streets ahead of your competition. But you are still missing one major issue. Your data.

Data is THE MOST VALUABLE ASSET in your organisation. You can replace staff, they do pretty much the same job across the board. You can replace hardware, from staplers to security devices, software from SAP to syslog, but you cannot replace your data once it has gone. OK, that's slightly badly phrased, you can back it up and restore it, but once it's stolen, someone else has it and that decreases its value.

Data is only valuable when shared with chosen parties. In my next thread I will explain a bit more about data and what it is, what makes it valuable and how it needs securing.

Right now my wife needs taking out, I've just remembered I live in Barcelona and the sun's out. Cheers...

No comments: