Monday, May 11, 2009

$202 Per Consumer Record Data Breach

The Washington Post had a very interesting article Tuesday February 3rd titled, "Data Breaches Are More Costly Than Ever". The author Brian Krebs quotes a survey by Ponemon Institute that reviewed 43 organizations that spent approximately $202 on each consumer record that was compromised.

The article also states: "Eighty-four percent of the companies surveyed had at least one data breach or loss prior to 2008, said Larry Ponemon, the institute's founder. The cost of a breach in 2007 was $6.3 million, and roughly $4.7 million in 2006".

The figures above do not reflect the loss of confidence that consumers and other companies will have when they see these types of CNN moments. This is where the importance of having a open and secure operating system and infrastructure becomes mandatory - as does having all of your data encrypted on disk. How often to we read about notebooks stolen that are loaded with confidential or classified data?

This is just one of the reasons why Solaris with Trusted Extensions and ZFS will just continue to gain market share

Tax Day and Security

April 15th is tax day for Americans. A day everyone just loves :-) When I think of April 15th, I think of security and how it is more important than ever. There is an article today that I just saw on Yahoo!

Hackers grabbed more than 285M records in 2008

  • By JORDAN ROBERTSON, AP Technology Writer - Wed Apr 15, 2009 12:05AM EDT

Jordan Robertson states: "Hackers made off with at least 285 million electronic records in 2008, more than in the four previous years combined, according to a new study that shows identity thieves are getting better at exploiting careless mistakes that leave companies vulnerable to attack."

The rest of the arrticle can be read here.

I believe the days of single factor authentication are over and the days of securing at the pipe level alone are over as well. As much as I am not a proponent of big government, I do think there are many valuable services that government has and will do for society. Does the Internet happen if not for DARPA funding? I don't think so. When I think of the right way to do identity management, I think of the DoD's Common Access Card (CAC) program.

Sun Microsystems was a big part of the CAC program and, we at Sun have taken a similar approach with our Java Card.

Now for a controversial suggestion :-) Have the US government follow DoD's lead and issue CAC to every single US citizen above the age of 6. I have kevlar underwear on for this one :-)

Getting away from policy and back to technology, two extremely important standards going forward for security will be SAML and XACML. More on those in coming days....

Solaris TX Could Have Saved San Francisco

The story that came out of San Francisco on August 12th, 2008 should be extremely frightening for all IT Managers. The Washington Post, has a great article on this written by Ashley Surdin.

Ashley brings out, "San Francisco is being forced to overhaul security measures on the computer network that controls data for its police, courts, jails, payroll and health services, as well as other crucial information, after the technology administrator entrusted with the system blocked access for everyone but himself last month and for days refused to reveal the password, even from jail. "

There is a misconception that Solaris with Trusted Extensions is only for the three letter government agencies and it is simply not true. A very important aspect is how Solaris Trusted Extensions - Labeled Security for Absolute Protection - simply extends Solaris security. The paragraph below is brought out on the Solaris TX page and is key for everyone to understand:

"It utilizes User and Process Rights Management, Solaris Containers, file systems, and networking and doesn't require a new or separate kernel. Best of all, it doesn't require ISVs to requalify their applications to run them with sensitivity labels. And because it's an extension to the Solaris 10 OS's security policy, Solaris Trusted Extensions technology is flexible and quick to deploy: You can add new applications, new users, and more, very quickly, without extensive analysis of each application — and without the need to write complex, error-prone security policies that require a system reboot."

Solaris has been and will continue to be a leader in being the most open and secure operating system on planet earth.