Due Diligence: Bubble Trouble
By Eric Nee
Could it be that just five years after the frenzied Internet bubble, we are in the throes of yet more irrational exuberance? Columnist Eric Nee thinks so, and the dozens of security start-ups pouring out of Silicon Valley seem to back him up. But there is something different about this bubble. While greed and optimism fueled the first Internet bubble, fear and pessimism are driving this new land rush. There will always be hackers developing new ways to breach networks, and there will always be a need for fresh security products to thwart them. So take advantage of it.
EdgeWise: Return to Sender
By Dan Gillmor
Solutions to the problem of data security typically involve improved technology or more careful human behavior; rarely do they question the concept of corporate control of consumer information in the first place. In his first column for CIO Insight, Dan Gillmor, a longtime technology columnist at the San Jose Mercury News, questions that concept, and suggests that given the manifold failures of the status quo, personal data should become personal property, made available as needed by its owner. The technology is feasible, but giving up control would be a big step for companies to take.
Analysis: Double Identity
By Jeffrey Rothfeder
Given all the cases of data theft since the beginning of the year, it’s no surprise that the vast majority of consumers rate identity theft as a serious problem and believe new laws are needed to protect consumer privacy. In this analysis of upcoming legislative initiatives on personal data security and privacy, Contributing Editor Jeffrey Rothfeder looks closely at the arguments for Sarbanes-Oxley-like certification of data protection efforts, the use of data encryption and its role as a corporate safe harbor in the event of loss of data, and what the brave new world of legislated data security standards will mean for companies.
Case Study: LexisNexis Group
By Dan Briody
For LexisNexis CTO Allan McLaughlin, the nightmare that wakes every CIO up in the middle of the night came true. In March, the company announced that more than 300,000 names and Social Security numbers were stolen from its highly sensitive databases by hackers with passwords and user names taken from legitimate LexisNexis customers. Since then, the company has been single-mindedly focused on shoring up the defenses of its customer base—a tough job when you have more than four million customers who span the spectrum of IT security awareness, and whose security concerns are by no means aligned with your own. Executive Editor Dan Briody explores the delicate balance between sales and security.
Expert Voices: Ira Winkler
With Edward Cone
Former National Security Agency analyst Ira Winkler warns in his newest book, Spies Among Us, about threats to data security ranging from terrorists to organized crime. But he says the real villain at many companies is ignorance, and the vast majority of security lapses could be avoided if people would just bother to turn on the basic security tools already built into their existing systems. Relatively simple and inexpensive technology may not stop the rare clever criminal, and it can’t change human nature, but it can be a remarkably effective remedy for common security risks.
Research: Security
By Allan Alter
Our latest security survey of close to 300 IT execu-tives presents some grim find-ings: Nearly 30 percent of respondents admit that their company’s attitude toward security has become more relaxed as the events of Sept. 11 fade into the past. And 66 percent have experienced some kind of security breach. Employee carelessness and negligence has become the top security problem, but many companies aren’t taking steps to improve awareness and education. The most secure companies have a security strategy that’s grounded in corporate risk management and backed by top management—and such companies more actively protect themselves from employee careless-ness and ignorance.
Strategic Technology: Outsourcing Security
By Debra D’Agostino
As strong as the move to outsourcing has become, security remains one area of IT that CIOs just don’t feel comfortable turning over to a third party. And for good reason: When it comes to security, there is just too much on the line. Some security breaches can cost you millions—or worse, your job. That’s why, despite mountains of evidence in favor of outsourcing security, including better protection and lower costs, most CIOs can’t bring themselves to make the switch. Reporter Debra D’Agostino discusses the fears, some rational, some not, of outsourced security.