Application security

Moving data securely requires a good tool kit

For decades we have fussed around with how we describe our profession. It started with “data security,” evolved to “computer security,” and then took off in several directions. Today most professionals are pretty well satisfied with “information security.” It fits for us and it helps others understand our jobs. It also should remind us that we are here to protect the data, not just the enterprise. We protect the enterprise in order to protect the data. If we had no data, we'd need no enterprise.

Click here for the Email Security 2007 Group Test.
Click here for the Secure Content Management 2007 Group Test.

With that in mind, we took a strong look at what it means to move data around safely — to provide “information security.” What we found surprised us a bit. It was kind of what a colleague refers to as an “a-ha moment.” Over the past months, we have focused on products for protecting our network infrastructures, fighting malware, and other types of products that help provide a safe environment for our data. But we have not focused on protecting the data itself. So, this month we look at some types of protection for that data.

Arguably, the most sensitive data an organization has is its email. Employees are likely to discuss all sorts of things in email, many of which are company secrets. Everyone knows that an email message is like a postcard unless you take explicit steps to put it in an envelope. So our first Group Test this month was email security, a broad term if ever there was one. We got some very pleasant surprises there and you can read about them in that section.

We also looked at the even broader class of secure content management products. In both these groups we found that the old bugaboos of marketing hype are alive and well, obscuring real definitions of the product genre and what it really includes. Justin took a solid swing at cooling the hype and focusing on what we really mean by secure content management, while Mike shouldered the somewhat heavier load of email security products.

What we learned was that these both are fairly mature product types, but like everything we've been seeing lately, convergence is in the air. These products are building up their feature sets and soon will become part of a larger whole that sits at the gateway to the enterprise protecting both data and infrastructure. That said, we see the next great challenge, then, to be the smooth transition from standalone products to offerings that cover a broader spectrum. The results from this crop really do seem to bode well for that challenge.
— Peter Stephenson, technology editor

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.