ESC Data Security At the Data Level
- By ANY software application
- Through ANY network Protocol
- In ANY data format (compressed, pdf, etc.)
ADDRESSING THE ROOT CAUSE
The Internet has enabled new and exciting uses of the Web, from self-service applications that save money and promote customer intimacy to B2B transaction software that streamlines relationships with suppliers and partners.
However, every application that links corporate information to the Web provides a new potential entry-point into the organization. In the race to develop applications, applications have been developed and deployed with minimal attention to security risks. The result has been, even with all the modern protections we deploy, that most corporate sites, if you are to believe daily news stories, remain susceptible to spyware, viruses, hacking or industrial espionage.
It is a little hidden fact that most companies use firewall's and anti-virus solutions, and at least (FBI Survey) 60% use intrusion detection systems. Yet the same survey stated that 90% still suffered in from security breaches including virus infections, Web site vandalism, credit card fraud and theft of company secrets. The most expensive breaches were cases of financial fraud, causing an average loss of $4.6 million.
Corporate applications today house the most valuable assets a company has, namely their digital information and data. Current approaches to data protection address security issues at the last and most expensive stage of the application lifecycle – deployment, or even worse - not at the application or OS level where the data resides, but at the exits, ie., at the perimeter. With the amount of new code being added or changed every day, it has become impossible to keep up with all the necessary manual patching or fixing. No one today can claim that they have successfully anticipated every combinatorial possibility of vulnerability for data theft, period. So why is so many dollars spent sealing the gates?
With that being said, lets look at why we remain susceptible Since the primary goal is to protect the intellectual, customer, company, et .al. data, wouldn't’t it be more prudent to address data security at the data level and not 4 to 7 layers above it in hopes that you have plugged up every single possible way your sensitive data can be extracted without your permission.
Ironically, most solutions out there actually believe that the best security is at the 10,000 ft level. They address the data that is to be protected by focusing on securing the last bastian of protection, the outer perimeter. It’s akin to trying to protect your valuable in your home by spending all your time locking and bolting the gate at the picket fence, but leaving the back door or your Windows unlocked. Wouldn't’ it be a better use of time, energy, and money in securing what is valuable in the house, e.g., 5000 lbs safe perhaps?
ESC has that 5000 lbs safe - click the navigation links on the left and see how you can own this solution.
| ESC Home Page |
© 2006 Enterprise Systems Consulting, Inc. all rights reserved.