David Bianco on laptop encryption
I just discovered David Bianco’s InfoSec blog, called Infosec Potpourri , via a post on joatBlog. I like Mr. Bianco’s technical posts. He gives some good info on network monitoring. From what I have read, it seems to be a practical security blog with good advice and pointers.
As I was reading, I came across his recent post about laptop encryption. My comment to his post is below. You can read it here or view it on his post.
Mr. Bianco,
I must ask that you clarify who you are speaking to in the last paragraph of your post. I can somewhat gather from the next to last paragraph that you may be speaking towards execs, owner types, sales guys, etc. (and possibly lazy “security” guys who don’t bother with due diligence), but you also speak directly to the security pro in the first sentence of that paragraph by saying “If mobile users need access to data in the field, make them VPN back to the corporate network and work on it there.”
I am seeing no thought or exception for those security pros who work for cheap or brainless execs / owners who see no reason for the measures of which you are speaking. If you are referring to all security pros, including those who have fought the battle but have lost, then you are really beating up on the wrong people. Yes, those security pros can leave that brainless company, but that is not always an immediate consideration. Many companies bring in security guys to make themselves look like they are serious about security, then they don’t give them any resources with which to do their job. There are those of us who fight this day in and day out and cannot make a dent. Sorry if I sound like I am whining, but the truth is the
truth.
I really don’t mean this as an attack. I just want to make sure that people know the difference between lazy security admins and those of us who fight and fight for stuff and can’t get it.
Vet
