Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

A Busy Time For IT Architects

It looks like it's going to be a busy summer and fall for data security architects. Just a glance at the recent headlines confirms that protecting sensitive data is tricky business--one that's gone unattended too long in too many companies. Sure, some of the gaffes have been the result of garden-variety negligence, but others have been more nuanced--usually the result of a "we're as safe as our competitors" attitude.

It's tempting to ascend one's soapbox and chastise the BJ's Warehouses of the world for not doing something as simple as encrypting sensitive data like credit card numbers. But while it's appropriate to chastise sloppy or cavalier business processes and security policies, the truth is that figuring out just when and what to encrypt requires careful study. On the client-facing side, for example, encrypting data can render devices such as Application Front Ends (AFEs) impotent. On the back end, encrypted Fibre Channel packets could easily break storage virtualization systems.

Encrypting entire databases might seem like a good idea, but that may render the stored data useful only for one application. Security architects who try and sell that policy to business managers will be on the street before lunch.


One thing is certain, however. This isn't a problem that can be solved by simply buying an appliance that attempts to inspect WAN or Internet-bound packets for sensitive data. Data protection is a discipline that requires business policies, security procedures, applications, and infrastructure to all be architected with data safety in mind. Beware the quick-fix appliances that are now appearing--they're snake oil of the worst kind.

  • 1