Version: 2008
  • On GameFAQs: The top 10 strangest game bosses

Comments on: So much for secure storage

Jon Oltsik says an industrywide blind spot with an initiative called information lifecycle management could wind up costing storage makers big time--even though everyone knows the right thing to do.

Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
What to do?
by hoellein April 1, 2004 7:22 AM PST
Since I'm not a security expert, I have some questions. What means of protection need to be in place to add that higher level of security, especially to the human-readable information? It sounds like the attributes that make ILM or the like attactive (data searchable and available from a common location) are the very things that make it vulnerable. Especially in the "logic bomb" scenario - how do you counter that in any situation, not just ILM?

For prevention of IP theft, it seems a fairly fine-grained privilege matrix that prevents unauthorized printing/copying of controlled information might work.

What do the experts suggest?
Reply to this comment
is data security really the storage devices issue?
by April 1, 2004 4:32 PM PST
While I would not profess to being an enterprise security expert, I have designed and built systems that contain both secure and non-secure data.

Maybe I'm naive but I always thought that if I really wanted secure data/files/whatever that it wasn't the hard drives problem, rather the responsibility of the app which writes to the hard drive. (I've got software driven file encryption on my personal computer at home so I find it hard to believe that this is rocket science)

Considering the recent CompTIA study that showed human error as the huge winner in causes for breakins (http://www.comptia.org/pressroom/get_news_item.asp?id=424), I gotta think that training will be a much better way to spend budget than another peice of circumvented/ignored software.

just my $.02

B-)
Reply to this comment
The issue is one of policy & So much for secure storage
by April 16, 2004 6:39 AM PDT
The issue here is one of policy & architecture and it is up to the vendors to revisit both. It's like the alcoholic or other substance abuser; they first need to admit that there is a problem before remediation can occur.

Many techniques exist that can be applied to protect content; vendors must familiarize themselves with these and adjust policies to take advantage of the protections they can offer. With all of that, there is still the issue of dealing with the underlying cause of all security issues; insecure operating systems. It's time software builders who care about security look up "mandatory access controls" and see how this applies to application protection at the o/s level. Solutions are out there; use them.
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

Latest tech news headlines

advertisement

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET