Wednesday, December 9, 2009

New Cisco report on state of security

Cisco has just released their annual state of security report - the Cisco Annual Security Report. It mentions the normal stuff that you hear - more malware, 40% more spam in 2010, more banking trojans etc. Scary stuff, no doubt. Read more about it here.

But the stuff that worries me is what is missing (or not highlighted) in the report - i.e. data security in the enterprise. While I, being also a consumer, appreciate the issues pointed out here, the data breached from enterprises also causes significant pain.

Trojans, malware, viruses will always be around and I think we have to expect this going forward. How do we ensure that these get relegated to just annoyances and not become a security threat? This is where an information-centric approach works best - once the data is protected, only the right user opening up the document with the right application can decrypt it. The malware thus cannot access protected data since it does not have the right permissions. This might reduce the impact of much of today's malware - at least for enterprise data.

For transactional consumer data (i.e. credit card information submitted during a web session etc), we have to think of other but similar techniques...