Tuesday, February 10, 2009

Breaches: The collective yawn

Are the breach laws not effective at all? Are the public not concerned or not paying any attention? Not sure what we should expect - outrage, public demonstrations, letters to senators? But as the recent article from NetworkWorld points out, folks don't seem to much care...

Possibly this apathy is picked up by organizations and combined with the multitude of complex regulations and data protection solutions - and the result is folks not knowing how to address these issues. The challenges may seem too much.

I think the right way to approach the problem is take a risk based approach - what is the most vulnerable area, how do we protect that. Start with something small, since inaction does not help at all. For many organization worried about losing assets outside the organization, protect the mobile data - that which goes outside the organization. This would mean laptops, USB devices to start out with and go from there.

Obviously if the threat is internal negligence, maybe look at DLP solutions that can, based on policy, protect sensitive data from leaking outside the enterprise.

The main point it, start on the path. Don't wait to develop a comprehensive plan that takes a year to study and setup - look for quick hits and gains. As you deploy you will be able to develop the right plan for the enterprise.

No comments: