Wow, looks like I annoyed someone!

Jun 2nd, 2007

Comments: 3
Category: Misc.

Wow, looks like I annoyed someone!

IT Security, the view from here: A kick in the teeth
Well looks like I annoyed Rob Newby, with some comments on the challenges I think that Data-Centric security will have. To be honest I’m a little disappointed in the tone he chose to take in his post and that he didn’t trackback which would’ve allowed me a chance to respond, as it was I only found his post ’cause Hoff chased down the non trackbackers… anyway here’s my response which I’ve commented on his blog as well…

Hi Rob,
Thanks for replying (although I almost missed your comment no trackback!). I must say I’m a bit dissapointed, in that I thought I raised some valid points in a reasonably constructive way, but you seem to have annoyed you a bit.
Allow me to respond to your points
1. How do you mean I don’t have to manage it? My role is at a corporate and one of the challenges I see in corporates implementing this kind of security is that with not standards it’ll be impossible for it to work
2. You’ve not really passed on anything new to this. Again in many companies I’ve worked with the idea of getting users to understand and manage security rights has caused a load of problems and I think that anything else which adds to that burden is probably a non-starter.
3. Didn’t think I said it too hard. Wouldn’t you agree that the only DRM usage (music files) that has had widespread take-up has been, in my opinion, a disaster. Now I’m not familiar with EMC etcs DRM products and how they solve these problems, perhaps you could tell me more about that.
4. Sorry I’ve NEVER seen those models of security used outside the military and the police. Modern corporates in my experience all use DAC style because there are no products which are considered manageable which implement those pieces.
Yes I have studied security for many years thanks. Just because I don’t think that one direction that people are going in for security is the best doesn’t mean I’m anti-security. What I’ve found however is that companies are focused on having information available to make business decisions and any security measure that makes that difficult/impossible is not one which will see wide adoption.


  1. Rob Newby June 2, 2007 at 1:20 pm

    Hi Rory,
    As I’ve commented already, blogger doesn’t allow for trackback as yet, so apologies for that. As for the tone of the blog, perhaps I’ve been in Spain too long, however, I’m trying to do a job of educating people about data-centric security, and when another learned blogger such as yourself misunderstands something it puts my cause back a few months. I thought Hoff’s post was pretty clear, but there seems to be something fundamental that you aren’t getting. I think it’s the difference between DRM and data-centric security. They are NOT the same thing. I hope my next post clears things up a bit.
    I’ve posted a response now. Still no trackback, sorry. I will migrate to WordPress soon, but it means migrating all my subscriptions too.

  2. Rob Newby June 2, 2007 at 2:07 pm

    I would have backtracked now I’ve installed Haloscan, but there was no trackback on this post…

  3. Rory June 2, 2007 at 6:47 pm

    Cool, no worries. I’ll need to keep reading, perhaps I am missing something on the nature of data-centric security…

Add a comment

Your email address will not be shared or published. Required fields are marked *