Featured Author - Laura Taylor
- February 16, 2002
Fail To Understand The Technology
Despite advances in security technologies, securing confidential and proprietary information has become more challenging than ever. In an attempt to keep pace with the on-slaught of security woes, new technologies are often unleashed and implemented before due diligence and real understanding of these technologies occurs. New products are selected in haste resulting in the deployment of products that might not be the most optimal ones to get the job done.
Though understanding security technologies is a noble, and certainly diligent undertaking, the recent trends in corporate technology deployments have shown that most organizations do not have the resources and time, to fully understand the technologies that they are deploying. When this occurs, firewalls or VPNs are often deployed with configuration bugs, which allow the very security that they are trying to create to be circumvented.
Since users do not have time to understand security, CIOs have relied on their elite security team (if they have one) to solve and fix the security problems for the entire corporation.
The security model most often attempted to put in place is the classic Bellovin and Cheswick hardened perimeter with a soft and trusted inner interior. A hardened security perimeter still is, and always will be, considered a worth-while endeavor, however, it is no longer enough.
Security is not black and white. A firewall, if configured properly, will keep out 95% of the trouble-makers. However, time and again we have been shown that it only takes a few bad apples to create a lot of work for everyone else. That wee 5% is a powerful force that only needs small trinkets of security holes to invade the corporate immune system. Anyone who has worked as part of an incident response team knows that once security has been violated, repairing the damage is duly time-consuming and often creates liabilities with alliance partners, suppliers, and customers. We don't want to get rid of the hard-crunchy perimeter, but clearly we need something to augment it.
Asking a CIO, and a small security team to secure an entire enterprise is an inhuman task. Clearly users needs to play a larger role in organizational security. It is time for IT departments to empower users with security technologies that they don't want to, or don't have time to understand. Users need secure eBusiness technologies that are so intuitive that using them and implementing them can be done by on the fly with little to no training on things like complicated cryptographic authentication principles. You don't need to understand how a fuel-injection system works in order to drive a car. Why should users need to understand the fundamentals of challenge-response concepts in order to secure their data? Users need to be able to secure and exchange data based on a no-time-for-training paradigm.
Lexias, Call It 'Revolution'
Along comes a smart new company called Lexias (www.lexias.com) that has come up with a revolutionary new suite of user security products based on the no-time-for-training paradigm.
With DigiVault(TM) and Lexiguard(TM), if you can point, click, and type, you can secure and exchange data with the best of them. Users can encrypt and exchange information using PKI concepts with little understanding of the challenge-response underpinnings.
The key features of DigiVault are:
Client side software is not required
Users can be held accountable for owning the security of their data
You can secure and transfer huge 300-500mb files include jpegs and other image formats
You own the private labeling of the vault, and can outsource all the maintenance to Lexias
Faster and less expensive to implement than a VPN
Users: Escapees From Complexity
When it comes to user interfaces, Lexias has done for PKI what Microsoft did for operating systems - they have made the technical operations invisible to the user. Microsoft realized early on that an intuitive user interface would appeal to the masses in greater numbers than historical UNIXish and VMSish geeky command line speak. Traditional technologies can work flawlessly, but if the presentation layer is not intuitive, they never appeal to the masses. By developing a presentation layer that is not complicated and intuitive, Microsoft enabled traditional TCP/IP concepts to be used by the masses of people who cannot even tell you what the acronym "TCP/IP" stands for. The technical snobbery market is very small. The technically uneducated market is very large.
Security has long been one of the last hold-outs of the technical snobbery market. Ask the person in the office next to you to explain how a Certificate Authority works and they will tell you which search engine to use so that you can find out yourself. In short, data encryption and exchange needs to be stupid-proof. Security products for your average users need to be based on a no-time-for-training paradigm so that CIOs have a way to hold the owners of the data responsible for the security. Two security savvy individuals, and a CIO, cannot protect an entire enterprise. The responsibility needs to be shared by the data owners.
When you empower users with tools like Lexiguard and DigiVault, you can more easily hold the data custodian, or owner responsible, for the security of the document. By arming users with Lexiguard and DigiVault, a large burden of responsibility can be taken off the shoulders of the CIO and shared by the users. CIOs are constantly taking the heat for a large number of security issues they have little power to control -- the security compromises caused by unaware users. By exchanging pre-secured and encrypted documents through a simple point and click interface, users will have all the tools they need to control the security of their own data without even knowing what "PKI" stands for.
When you use Lexiguard in conjunction with Digivault, you can even send encrypted lists of passwords safely to their destination. The days of having to speak passwords over the telephone, or fax them to a fax machine will soon be winding down. With an advanced forced encryption feature, DigiVault will not let users leave the vault if any documents are left decrypted. Even dummies will learn how to keep their data secure, because the vault can be setup to not let anyone out until everything is encrypted. The dummie-proof feature will instruct a user to point, click, and secure the unencrypted document before they can exit the vault. Unless a technology is smooth and buttery, users will not embrace the technology and make use of it, which is what makes the Lexias suite of products so promising.
The Lexias suite of products is a CIOs security dream come true. It is the first security product of its kind where users are empowered to participate in an organizations security, at an extremely low total cost of ownership. By implementing a Lexias solution, CIOs will have more time to do what they do best. CIOs don't have time to handhold users through desktop security practices. By empowering your users with a Lexias eBusiness solution, data security for dummies is now a real option.
Taylor is the Chief Technical Officer of Relevant
Technologies a leading provider of original information
security content, research advisory services, and best practice IT
management consulting services.
can contact her by e-mail on: email@example.com