“If I see it–I can take it”
I am the CTO of a cyber-security software provider based in Southern California. I’ve always been mystified by the basic lack of security knowledge that pervades all companies, at all levels. Today I am addressing the average layman who deals with security, as a user. The next edition of this “security blog” will speak to the trained and educated IT professionals who must secure their companies from hacks and breaches.
Over these last five years, I have developed several fundamental laws of data protection principles, or “Gleason’s Principles”, that I use to describe to the non-tech, “average” person to use in their everyday business practices. I usually speak with the executive, senior-level manager, or business owner engaged with the responsibilities for the purchase and oversight of the Information Technology (IT) areas and operations of their business.
I want them to “really” understand this one very important principle or caveat, “if I see it–I can take it”. This refers to the everyday activity of going online and conducting business over the internet. The idea here is to convince them that whatever security fence they have placed around their businesses, there will be intruders that were never identified or anticipated in their plans.
As a corollary to the “if I see it–I can take it” is the second law of Gleason’s principles, “not if-it’s when”. Everyone who is online or has a presence on the internet will be hacked or breached at some point in time, no matter the precautions.
This may be a hard pill to swallow, often met with some skepticism and disbelief by executives and practitioners of the “Arts of IT security.” However, at this stage, I am talking to executives who are ignoring or misunderstanding that their operations are constantly being probed, monitored, and under some level of threat from unseen attackers. That is the point I want to drive home and lead them into the third rule of Gleason’s principles.
“Harden the target”! Make the company’s files and confidential data so hard to “pilfer and read” that the “bad guys” will, after a while, move on to softer targets. Hackers know that files yield the largest payout in the black market. One little Excel might be worth $100s or $1000s for that one file. Encrypting the files and important corporate data will render the files and data worthless if a thief gains access to the system. The spoils are useless to them for profit.
The reality is, we all live with the notion of “threat and theft” no matter what business we are in. And, we all know the headlines and stories and my sermon is; “if I see it–I can take it”, “not if-it’s when”, and to protect the assets “harden the target”, encrypt the data.
I have been in this industry for over thirty years, being involved with the evolution of Microsoft’s software and services, programming and architecting Cloud infrastructures and Data Centers across the US. As CTO of Active Cypher, I have been engaged with Microsoft’s evolution and transformation over these many years. We’ve created Active Cypher Cloud Fortress (ACCF) to be deeply integrated into Microsoft’s Active Directory and Microsoft’s Azure cloud. The solution is ACCF and it encrypts files using security permissions controlled by Active Directory which adheres to the company’s policies and permissions. It is a downloadable solution.
In the next edition of my principles, laws, and solution description, I will direct my discussions, not to the layman or generalist, but to the more seasoned IT professional. I am passionate about getting honest, no “baloney” info out to the person who is overwhelmed with buzz words, marketing hype, and spin. You can go to www.activecypher.com to learn more about Active Cypher Cloud Fortress. Until the next edition.