Information Assets

I am back from the RSA show in San Francisco I can now outline my impressions of the show and some of the things I learned while I was there.

First, out of approximately 425 vendors represented there were a grand total of 6 that included the term "NAC" in their business descriptions. This compared to a "bazillion" that featured this technology term last year. What to take from this? NAC is a solution that may get built into network infrastructures and other desktop agents in the future but it is not the "magic bullet" that everyone was dreaming about a year ago.

The major theme for this year was clearly data protection. There is a huge market out there for data that an enterprise has and that market is getting more sophisticated by the hour. Anyone with a bit of cash can turn it into gold by mining for data that is easily taken from many organizations and sold in the electronic marketplace. You no longer have to be a hacker to get to it. You can rent time on a botnet now, rent or own your own malware, and gain access to personal account information which you can then sell on a ready made marketplace for a tidy profit. Until enterprises get to the point that they realize they have created a virtual storefront for "information assets" they will continue to be robbed without knowing it.

The smart organizations are now understanding that there is no perimeter anymore that needs to be protected. The wolves are at the door and they are taking what they want. If you want to keep any of these assets, start treating them like to have them stored away in a vault or safe deposit box. You would not give away the location and the key to these vaults to allow someone to steal from you, would you?

The key here is to get your CFO on board with the idea that information is really an asset that needs proper management and control. Once you do, the funding to do the management job the right way will be made available and there will be no discussion of ROI for the investment.