Friday, June 13, 2008

Patching

Premise: You cannot do an organization-wide push of security patches without major transaction costs.
Solution: Transaction costs must be lowered.

Options:

  • Enable automatic updates via the builtin software mechanisms and deploy ad-hoc instead of structurally
  • Break it down into smaller bits that aren't dependent on each other to faster get to 80% saturation.
  • Allow pulls as well as pushes; let the mass decide how to deploy within a chosen framework.

Others?

Wednesday, June 11, 2008

Border Patrol vs Endpoint DLP Security

This is a bit of old news but I've had an index card note to mention it for awhile. Schneier posted an article for the Guardian regarding the government's allowance to let search or seizure of ones laptop while crossing the border.

Shortly after reading this I met w/ an endpoint DLP provider. This wasn't an SE, but a head developer. I asked said head developer the implications of bad border experiences when the HD itself is encrypted and the OS itself prevents data from being removed.

There was no answer. The real answer is to make sure you keep your data in the cloud and not on the HD. But that doesn't limit the border officers frustration that your laptop isn't being a good citizen, which may lengthen your stay at customs.