Dan Geer on Trade-Offs in Cyber Security
A speech by cyber security expert Dan Geer
If you haven't caught this speech by security luminary Dan Geer over on the Schneier on Security blog, read "Trade-offs in Cyber Security," also in its entirety here: http://geer.tinho.net/geer.uncc.9x13.txt.
Dan was Chief Scientist at Verdasys and has been a long-time friend and consultant to the company. His group at MIT ran the development arm of Project Athena, where staff on his watch pioneered Kerberos, the X Window System and much of what we take for granted in distributed computing. Dan serves as Chief Information Security Officer at In-Q-Tel, as well as writing, speaking and just generally reminding us how important intellectual property protection is in companies "that don't accept half measures" when it comes to data protection. We recognize his apt description of what we strive to do here at Verdasys:
"I previously worked for a data protection company. Our product was, and I believe still is, the most thorough on the market. By "thorough" I mean the dictionary definition, "careful about doing something in an accurate and exact way." To this end, installing our product instrumented every system call on the target machine. Data did not and could not move in any sense of the word "move" without detection. Every data operation was caught and monitored. It was total surveillance data protection. Its customers were companies that don't accept half-measures. What made this product stick out was that very thoroughness, but here is the point: unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data."
Dan wrote a great piece here on this blog about how companies that are building their future on intellectual property can affford protection sufficient to protect their IP through managed services.