Sort of.
Novell announced yesterday, the availability of ZENworks Endpoint Security Management with expanded encryption functionality. All this means is that they can now do encryption of folders and devices (USB storage devices, DVDs). It doesn't get very granular and it's not data centric.
From looking around at their product info, it looks to be just a bunch of "on/off" switches. e.g. you can use this USB device, but not this one. Or if you put something on this USB device or in this location, it must be encrypted. That doesn't give a lot of context...and we know that with security, context is everything (almost). And getting the policies right and linked to context is an art form in itself. This is darned near impossible without granularity.
What happens with I just want to put an innocuous picture on my USB device? If it's disabled by Novell, I can't do it. Or if I can, it's probably encrypted...which means it's not very useful to me if I take it off-site. I know, there's probably some sort of password protection capability which lets me unlock the file and decrypt it. But that's exactly my point. If the data is not sensitive, I don't want to have to go through the hassle.
Their solution is not granular enough to be useful. It'll get killed in the device control market because they'll lose the feature/function battle. It also won't register in the data security market until they get a heck of a lot more granular and let people write policies that can be data centric. Oh, and don't get me started on other potential leakage points. What are you actually trying to do by encrypting data? You're trying to secure it in case it ever gets out right? What happens if I email it? Game over as far as Novell is concerned...incidentally, it's also game over if you just focus your data security initiatives on device control. You're "sticking a finger in the dam" and hoping it doesn't leak somewhere else.
Novell do have one thing right though. They know that they need to help organisations control the endpoint. They will also no doubt tie this all back into their Identity and Access solutions (if not yet, then soon). I'm sure their professional services people are developing such an offering as we speak. A data security solution that is tied into identity is very appealing and ticks so many boxes (especially those regulatory and compliance ones) it's an easy sell. Implementing something that will work as specified is a heck of a lot more difficult though. First you have to get an adequate set of products together, and Novell can't provide that all by themselves.
There's a missing link in this space at the moment. Mainly because no one's worked out this whole data security thing yet. There's not even a commonly used term (we can't figure out if it's data security, data leakage prevention, information leakage protection/prevention or something else). The term is not important. What we're REALLY talking about is information security. Analysts and marketing people just want to be able to break this stuff up so they can sell more things (products, services, whitepapers, consulting etc.). What we eventually want to get to is an identity driven data security infrastructure that knows what people are doing and can control the movement of all information in a corporate environment, whether structured (e.g. databases and applications) or unstructured (file systems, other storage media) and is all tied into context sensitive security policies. When you simplify it, access controls are really just about limiting or allowing access to information/data based on what you are allowed to do to it. The ability to audit and report on everything is just to keep auditors happy and for the odd incident here and there where forensic analysis may be required. That's it. It's not a complicated concept.
No, there isn't an integrated solution that does this yet. For now, you have to buy the pieces and try to plug them all together. Novell's made little baby steps, but it'll only look good on the marketing slides...for now.
Wednesday, January 16, 2008
Tuesday, January 01, 2008
Season's Greetings, Happy New Year and Thanks
I rarely take the time to write about personal stuff on here. I have another blog to do that.
But I thought I'd take the time to thank everyone who has ever read anything on here. I write to document my thoughts and the fact that anyone even bothers to read what I write is extremely humbling.
When I started blogging just over a year ago, the only readers were my close friends...and only a handful at that. They have since stopped, but I won't hold it against them. They don't seem to care about my professional thoughts and have since moved over to the personal blog. To my surprise, subscriber counts have been increasing so I guess someone out there finds what I have to say mildly interesting.
2007 has been a significant year for me:
That said, Season's Greetings (I know, I'm about a week late with that one) and a VERY Happy 2008 to everyone. Thanks once again and I hope 2008 is a great year for you all.
But I thought I'd take the time to thank everyone who has ever read anything on here. I write to document my thoughts and the fact that anyone even bothers to read what I write is extremely humbling.
When I started blogging just over a year ago, the only readers were my close friends...and only a handful at that. They have since stopped, but I won't hold it against them. They don't seem to care about my professional thoughts and have since moved over to the personal blog. To my surprise, subscriber counts have been increasing so I guess someone out there finds what I have to say mildly interesting.
2007 has been a significant year for me:
- I left IBM.
- I left Sydney, Australia (temporarily but indefinitely).
- I moved to London.
- I saw a heck of a lot of Europe (both for work and for personal weekend trips away).
- I saw a little bit of China (holiday, not work).
- Not surprisingly, I have been on somewhere between 50 and 100 airplanes in the past year. I'm hoping it's not nearer to the 100 mark, but I have a feeling it may be. My sincere apologies to the environment.
- From a professional standpoint, I moved into the data security space and have hence broadened my horizons in terms of my interests in information technology and security.
- I've met many interesting people from different backgrounds, companies and countries (both on here and from my work travels).
That said, Season's Greetings (I know, I'm about a week late with that one) and a VERY Happy 2008 to everyone. Thanks once again and I hope 2008 is a great year for you all.
Subscribe to:
Posts (Atom)