We got a message from a listener asking for some discussion about putting the data first and securing it with that mind - the inside out, rather than looking at the perimeter and infrastructure and working back toward the data - outside in.
And since we love our listeners and your feedback, we took the chance to cover this topic in depth. In the process we also covered:
Data Loss Prevention - Is it possible to improve this without the painful data classification, startup work or culture change?
When doing data analysis for attacks (or fraud) you have to account for the fraud already baked in the normal you know today
We can’t meaningfully count on IP address for geography…thanks to security asking for more use of VPNs
The pros and cons and risks to ponder when securing data in on premise vs. cloud/SaaS arrangements
When is the right time to establish a security team in a growing company? And how bad will the data sprawl be when they arrive?
Will the CTO/CIO and the CISO merge into a single role? Will the CIO report to the CISO eventually? It depends, of course, on the people and the organisation
Controls today may not be the controls we need for tomorrow
We try to secure things, but there’s also important value in good use of data to improve a business
Sunk cost fallacy and Security: when to burn it all down and start over
Audit is the best friend of the CISO: a new set of eyes and accountability partner makes all the difference
Dan also goes on a small tirade over the way security professionals use the term “the business” as something distinct from the security team that is absolutely part of the business itself. Enjoy that soapbox moment.
We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.
Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.