Rich Freeman on 27 Oct 2014 10:59:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Spark Core (corrected)

On Mon, Oct 27, 2014 at 1:49 PM, Keith C. Perry <> wrote:
That asks Rich's question a different way.  If someone says, "we keep your data safe and here's how", sure the client should want to verify what is being said but what about internal audits?  Where is the "inspector general" for these companies that has the autonomy to say, "yes, I've verified this" or "no, we're getting this wrong and it needs to be fixed".  Basically, IT personnel with executive level enforcement power.

The problem is the whole risk/benefit thing.  Money spent on security is only money well-spent if you actually have a security incident, in the same way that money spent on fire insurance is only well-spent if you have a fire.

A company that doesn't buy fire insurance will probably be more competitive than one that does. The same is true of a company that doesn't waste money on securing their credit card readers, like Home Depot.  When those companies bear the full costs of their actions, you MIGHT see a change.

It is a bit like how people point out that Facebook didn't plan for the necessary scalability and internally had a lot of struggles keeping up with demand.  The thing is, it is a MUCH better situation for a company to have a ton of demand and have to work hard to meet it, versus having spent all their money on preparing for demand and not having any money left for marketing/features/etc to create that demand.

Often companies that are successful are just the lucky ones.  Managers don't realize that, so they figure that whatever worked for somebody else will work for them.


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --