An Information Security Place

Here’s my response to LV’s data in use post that has garnered some attention:

One thing my instructor in Taekwondo has taught me is that when sparring in competition, your opponent is at his most vulnerable when attacking. Basically, you wait for his move, then you use it against him. I liken data in use to an attack in Taekwondo. Data in use is when the data is most vulnerable. The opponent has to attack at some point if he is going to win the fight. Just the same, we have to allow the data to be used or it is useless.

Yes, I think it is a concern. But like you said, there is really no way to fully stop that data from being pilfered if the person who has access to it decides to use less technical means of theft. Technology can only carry us so far. Policies have to be the means to which we can prosecute if a less-than-ethical exec or other user. It doesn’t stop it from happening, and it can cripple the company if it is very valuable data, but hopefully the company has good procedures for weeding out bad potential employees.

Vet