The Future of Data Protection 3/27/08
[Following is the first of what I hope will be regular posts by our new Creative Associate, Rachel Cusick. Watch for Rachel's Corner on the blog all year. -- sh.]
I started working for Steve at the beginning of this year with a lot to learn about the security industry. I guess I’d call my perspective fresh, with a healthy dose of naiveté. With so much to learn I really enjoy listening to the discussions at our events. They’re usually bold and loud which always makes for an interesting evening! So when we hosted The Future of Data Protection in Silicon Valley last month, I got a crash course in the IT world.
Bill Munroe joined us from Verdasys to engage our guests in a topic that’s easy to discuss but very hard to agree on: The future of data protection. I expected the concept to be overridden with terminology and extremely difficult to grasp. In a way it is, but in a very big way, I get it.
Although the setting was serene and the wine was calming, the conversation was tumultuous. Bouncing from all sides of the room were opinions from IT security architects, principal analysts, VPs, CIOs and COOs, all with an interesting tweak to each other’s opinions.
What to do? Steve let the conversation flow, taking the opportunity to slow things down and point out conclusions when he could. The biggest deduction of all, is how darn hard it is to actually derive one.
First there’s the debate of information versus data, and then comes the real argument of who cares about what it’s called, let’s address the value! Then there’s the challenge of who gets access to what, and no matter how secure the business is, there’s always the internal threat. How do you know who you can trust? What if you hire someone you can trust and they turn into someone else? The one overriding agreement was that security is inconvenient and only appreciated after something bad happens.
Security is not in place for security alone, but to protect the business, the money. And of course the most efficient way to do this is to put the proper devices in place before bad things happen. But any IT professional will tell you, that they’re mostly called upon for reaction, not prevention.
It must be hard to constantly protect and improve protection without much reward.