http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/
From the left hand doesn't know what the right hands is doing department:
Ngair Teow Hin, CEO of SecureAge, noted that smaller companies
tend to be "hard-pressed" to invest or focus on IT-related resources
such as security tools due to the lack of capital. This financial
situation is further worsened by the tightening global and local
economic climates, which has forced SMBs to focus on surviving
above everything else, he added.
Well, lets leave the vested interests of security sales aside for a moment.
I read recently an article about the "IT Doesn't matter" thread that basically said part of that case was that staying at the bleeding edge of IT did not give enough of a competitive advantage. Considering that most small (and many large) companies don't fully utilise their resources, don't fully understand the capabilities of the technology they have, don't follow good practices (never mind good security), this is all a moot point.
http://www.zdnet.com/blog/virtualization/when-organizations-put-a-lot-of-eggs-in-one-basket-desktop-side-of-the-story/2103?tag=nl.e539
This is a chicken-little story.
We've been putting many computer eggs in one hardware basket for a long, long time.
What do you think mainframes running MVS and VM/CMS were?
What were things like air traffic control?
The 'desktop' is a fuzz concept that gets confused with a GUI.
Those mainframes - think airline ticket and reservation - could handle many hundreds of remote terminals, keeping them updated.
What's a dumb terminal if not the ultimate in 'thin clients'?
When did you last secure your laptop?
The last year seems to have been a bumper one for stolen laptops, especially ones stolen from high profile companies and which contian plenty of personal information.
Many of the companies concerned seem to think that having passowrd proetction is adequate. Others think that because the laptop was stolen "for the hardware" and not for the information on it, all is OK. A couple think that firing the person who was using the laptop makes everythng OK.
"If thieves read the newspaper, they can readily figure out that they have got more than just a piece of hardware."
Well, I don't think so.
Will things change?
At the very least, the publicity has made it clear to theives that tTell me about when you saved the company a million dollars. Or when you successfully managed the million dollar project to deployment, on schedule and on budget. The infomation on the laptop is more valuable than the hardware. This year, 2007, any thief with any sense will sell the data and throw away the laptop. Perhaps on a rubish tip - oh, I see one did that 🙂
Here is a summary of some news articles from 2006
