IDC Released their 2011 Digital Universe Study and the results are pretty amazing: data is doubling every two years! This is the fifth year that the IDC has released this study and each year I continue to be surprised by the results, just when I think things have started to reach terminal velocity around data growth they accelerate more. Currently data growth is outpacing Moore’s Law, suddenly the phrase Big Data just doesn’t seem to cut it any more. There are all sorts of findings in the study and the repercussions for our industry will require many changes.
I recently wrote here about the need for automation in security, and Christopher Hoff has suggested some practical ways to get started here and has started an initiative around Security Automata here. This is one of the ways that the growth of data is impacting security, the very framework for how we approach protecting assets needs to change in light of the deluge of data. Continue reading The ever expanding Digital Universe
Recently there’s been some chatter about the role of automation in Security and whether it is appropriate or not as a business strategy much less a security strategy. Jeffrey Carr states that EMC’s wrong that automation is an efficiency and security necessity and that you shouldn’t automate because “An automated solution will never stop a customized attack because the attack was designed to circumvent it!” (his emphasis). First, if there’s one thing I’ve learned over the last twenty years you should avoid absolutes when talking about security. Second, not automating something because someone may develop a solution to defeat it is like not brushing your teeth because it may not prevent all cavities. This seems like cutting off your nose to spite your face. Jeffrey seems to conflate EMC recommending automation in security as a necessity for efficiency’s sake and abandoning all other security policies and methods. It certainly makes for good headlines, but I don’t think that people would read the three articles/whitepapers quoted and really think that EMC is going with an “automation is everything” approach. Continue reading Security needs Automation