The Daily Incite - 10/21/08 - It's the iPhone's fault

Submitted by Mike Rothman on Tue, 2008-10-21 08:30.
::
Today's Daily Incite

October 21, 2008 - Volume 3, #84

Good Morning:
Hi, my name is Mike and I'm an addict. (Crowd: Hi, Mike) App Store Addicti

No, I'm not having a Pragmatic CSO hallucination. I am addicted to political news. Seriously. I spend probably an hour or two a day reading, reading and reading some more about the upcoming election. I check out mainstream media (those devils!), I read political blogs (on both sides of the fence), and I obsess over polling data.

And it's the iPhone's fault. Do you notice how most addicts love to blame their woes on someone else? Well, I'm no different. If I didn't have the iPhone, it would be a lot harder to constantly pull up mobile Safari and see what's the latest on Google news or Politico. I just couldn't do that on my old Blackberry curve, so it's the iPhone's fault.

The reality is I had made my mind up a long time ago about who to vote for. But I'm fascinated (yes to the point of addiction) how each of the campaigns adapts and corrects their messages on a daily basis. It's marketing hand to hand combat day in and day out. I think things move fast in the technology world, but how the momentum of the election perception changes multiple times per day is unbelievable.

So damn you iPhone. The extra hour a day is coming out of my sleep cycle. I'm pretty tired and it's all your fault. Now if Nov 4 would just hurry up and arrive, I'd be able to get that sleep back. But odds are there will be something else with flashing lights to attract my attention. Us addicts are like that.

Have a great day. 

Photo: Comic courtesy of iphonesavior blog
Technorati: , , ,

The Pragmatic CSO

 The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com

Incite 4U

Today's theme is a lot of news about service providers, which shouldn't really be a surprise. In a time of economic uncertainty, most companies will opt to delegate the risk of big projects and significant build outs to someone else. Right, the service provider. Which is fine, as long as the service provider can keep things afloat. As many of us remember from the last bubble, a defunct service provider creates some significant problems. I remember the day NorthPoint Communications shut down in 2001 and took my DSL with it. And there wasn't WiFi on every corner, so it was a big problem. 

  1. One of the keys in a crummy economy is to improve the efficiency of your operations. Security service providers may be able to do that for you. Just maybe. This NetworkWorld piece profiles a few customers that are looking at firewall and IPS monitoring services and what the benefits have been. There is no right answer, but at this point you owe it to your company to at least figure out if someone can do something better and/or cheaper than you can.
  2. FDEaaS. Say that 10 times fast. Full disk encryption as a service. PGP announces a partner program to help service providers offer FDE to their customers. I guess there is some logic there, since many customers only need to encrypt a few laptops and building an infrastructure to support that could be a non-starter. But it's all about key management, so be sure to push the provider on how they are going to protect your keys and how they are going to make sure the other folks in the service can't get to them.
  3. What's next, Big Yellow Nutritionals? Symantec rolls out a "multi-level" SaaS partner program, but that terminology makes me think of Amway. If you recruit all your friends to resell the Norton suite, you can make thousands of extra bucks a month. Of course, they are really just talking about a tiered partner program for their SaaS offerings, but they should be careful with terminology. In this kind of economy, I'm sure a lot of independent agents are looking for the next big MLM idea. Why not AV?
  4. I'm sure information security is on the top of the list for the next President. Right behind: 1) keep the economy afloat and 2) keep the world safe. Jon Oltsik makes a decent point about how security is still important, but I doubt Joe the Plumber is too worried about the number of zombies in his neighborhood. I can't believe I just mentioned that guy. Shame on me!
  5. The Hoff makes a great point about the futility of trying to secure "the cloud." Marketers are wonderfully predictable animals. If there is a bandwagon, we must jump on it. And cloud computing is a bandwagon and therefore everything (in security anyway) is about securing the cloud... Again, we do a crappy job of simple blocking and tackling, so maybe most of us should focus on that first. Hoff's real point is that none of this is new, and he's right.
  6. Martin asks a pretty important question for anyone who accepts credit card payment. Why are you storing credit card numbers? You better have a good answer and "because my application is crappy and I can't change it" isn't a very good one. Thus, I suggest you use the PCI hammer and start asking questions about why you really need to store that data. In most cases you don't and thus, you shouldn't.
  7. Chris Hayes really nails the idea of threat event frequency in this post. It's an important topic to understand and be able to focus on. The reality is there are a lot of things that can kill us and understanding the likelihood of those events is worth spending a little bit of time contemplating. You don't need a lot of precision, but the things that are "likely" need to be dealt with. The things that are "unlikely" can't be. For those unlikely events (like a chimney cap falling on your new car), you need to have a damage containment plan (or decent insurance), since you can't implement controls for every possible scenario. Even if your auditors think you should.
  8. One if by land, two if by sea. McAfee believes their new consumer suites are "revolutionary." Ah, not so much. They say it's faster (so does Symantec). They say it's even more comprehensive. And consumers don't care. Really. They just want to the problem to go away. So unless they've come up with technology to eradicate every bot in the world instantaneously, I don't think revolutionary is the right term.
  9. Todd Fitzgerald's is right. Just get something done. Nowadays we don't have the luxury of a big, broad strategy. We need to prove ourselves every day. This quote sums it up the strategy needs pretty effectively: "build one [a strategy] that is not static, one which incorporates the lessons from the past, which will permit us to do the right things in the present, by thinking about the challenges that we may potentially face in the future, as well as the position where we want to be to help our organizations to be the most successful." Amen to that.