Return-Path: <sentto-279987-3697-1004533864-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 31 Oct 2001 05:12:08 -0800 (PST) Received: (qmail 26233 invoked by uid 510); 31 Oct 2001 13:10:20 -0000 Received: from n7.groups.yahoo.com (216.115.96.57) by 204.181.12.215 with SMTP; 31 Oct 2001 13:10:20 -0000 X-eGroups-Return: sentto-279987-3697-1004533864-fc=all.net@returns.onelist.com Received: from [10.1.1.220] by n7.groups.yahoo.com with NNFMP; 31 Oct 2001 13:11:04 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 31 Oct 2001 13:11:04 -0000 Received: (qmail 23847 invoked from network); 31 Oct 2001 13:11:02 -0000 Received: from unknown (10.1.10.27) by 10.1.1.220 with QMQP; 31 Oct 2001 13:11:02 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 31 Oct 2001 13:11:01 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9VDBA211330 for iwar@onelist.com; Wed, 31 Oct 2001 05:11:10 -0800 Message-Id: <200110311311.f9VDBA211330@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 31 Oct 2001 05:11:10 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Data.Security-The.Rules.Are.Changing] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Data Security-The Rules Are Changing By Fred Moore, Computer Technology News, 10/30/2001 <a href="http://www.wwpi.com/lead_stories/10_25_01/moore.html">http://www.wwpi.com/lead_stories/10_25_01/moore.html> The Sept. 11 Attack on America has greatly heightened our collective awareness regarding terrorism and many related aspects of national security. The overall issue of security is instantly becoming the foremost IT issue. Physical damages from the attack range into the trillions of dollars. The early reports from Wall Street are most encouraging and indicate that most customer and business critical data appear to have been saved by robust, automated, and remotely located data backup systems coupled with effective disaster prevention strategies. A lesson learned, or re-learned, is that critical data should never be kept only on a local basis but should have geographically separate copies. We typically describe the IT industry as a $2-3 trillion business annually but do we have any idea of the value of the data that the IT industry supports? Clearly the value of data far exceeds the value of the supporting infrastructure. The question of how valuable a given businesses' data is has often been asked but is seldom answered. Few if any companies know the value of their data yet many are now realizing that data has become their most critical asset and survival is based on it. For example, the true value of the data being generated from the human genome research project is impossible to determine as its impact is just beginning to take effect and won't fully manifest itself for many years to come. Also, the amount of information gathered about the terrorists in just a few days after the Sept. 11 attack was amazing and would not have been possible without the heavy role contributed by computer systems. IT will play a critical role in the world's quest for safety and security from this day forward. Therefore we must place a greater emphasis on security, disaster recovery, and availability. An informal poll (published in Computerworld Sept. 24, Vol. 35), indicated that 75% of the 700 plus respondents said they had no plans to put IT projects on hold in the aftermath of the attacks. Eleven percent said that they would likely postpone some projects and 14% were undecided. The following areas of the IT industry could change and accelerate as a result of the events of Sept. 11. Changes We Might See As A Result Of The Attacks The remaining SSPs (Storage Service Providers) have a renewed opportunity based on their original value proposition of remotely outsourcing physical storage subsystems, particularly for hosting geographically remote data vaults for backup and recovery. Hot site and disaster recovery strategies will get more attention. Over 100 disaster declarations were filed as a result of the Sept. 11 attack. Backup is important, recovery is mission critical, and the new value proposition for companies offering backup/recovery solutions will differentiate them on how quickly they can recover your IT operations to acceptable levels of functionality. Tape library suppliers (there are 17 at last count) should aggressively develop and offer their disaster recovery and remote data vault strategies. This could mean partnering with backup and recovery software companies and offering high-speed bandwidth access in order to move data over distances greater than 10 kilometers. The use of physically removable media could increase as the capability accelerates to move copies of data to new and safer locations without dependency on the supply of readily available electricity. The demand for bandwidth could accelerate faster than current projections as backup/recovery strategies become implemented more frequently. The abrupt reduction in air travel will increase the use of videoconferencing and further add to bandwidth demands. Fortunately, there is an abundance of installed bandwidth. The demand for more highly effective backup solutions place further emphasis on mirroring, snapshot, incremental, differential, forensic, and new methods that minimize backup and recovery times. SLAs (Service Level Agreements) will take on new dimensions with emphasis on anticipated recovery times. The fight on cyber-crime must and will accelerate as the biggest challenge for the continued evolution of the Internet is security, though some may argue it is latency. In 1990, the "Jerusalem" virus took three years to become prevalent. In 1999, the "Melissa" virus took four days to become prevalent and did an estimated $385 million in damages. In 2000, the "I Love You" virus became prevalent worldwide in just five hours and did over $700 million in damages. The Internet is the most widespread communications vehicle of all time and also can be used to communicate both good and bad information globally in a few hours. Security providers targeting Internet virus detection and prevention become even more critical to future success of the Internet and will have to deliver a new generation of security solutions. Significant opportunities exist in eliminating the root cause of virus creation. The implementation of Wide-Area SANs should accelerate as server-less backup and recovery capability over long distances now take on a new meaning. PC backup strategies will no longer be optional as the value of data at the single-user system is significant. The position of Chief Security Officer will gain emphasis as companies identify the staff and teams responsible for data security. Key recovery staff should attain certification through facilities such as the Disaster Recovery Institute in Falls Church, VA. Look for a new IT security index to evolve and gain popularity, similar to the number of nines (99.xxx) of availability that describes the level of security for the IT operation within a company. The biometric industry and its role in security should get a significant boost. Biometrics means life measurement. Much of the activity in biometrics is beginning to center around security using automated methods to identify people based on their behavioral traits or physical characteristics. Face recognition, fingerprints, hand geometry, iris scanning, voice recognition, retina scanning, thermal face recognition, and handwriting analysis are the most common types of biometric methods. Thermal face recognition is extremely difficult to fool, works under nearly any condition, and is possibly the most expensive of today's biometric technologies. The cost of the technology to perform thermal face recognition is typically over $50,000 compared to a $3000 cost for the camera to perform a retina scan and $50 to $1,000 for finger scan technology. The high expense of biometric solutions has previously slowed its usage but the cost of not using these techniques is now painfully obvious to the world. Preparing for the unthinkable is no longer an option for many businesses. Information Technology will contribute heavily in providing vastly improved national and global security. Though the price will be steep, the long-term payback will be measured in terms of survival. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST