January 28th, 2008
Developing Information Risk Management Stories
My what a dull sounding post title but one of the fun things about being a specialist is developing the stories we tell to help the technology make sense. Not stories in the fictional sense, we couldn’t get it past legal! I’m privileged to work on a bunch of products that are genuinely integrated and not just thrown together by somebody in marketing looking to meet some new buzzword requirement.
The usual corporate-PowerPoint-hell exists at Symantec with 50 slide monsters containing everything you ever wanted say written on the slide itself. I apologise if you’ve ever been subjected to one of ours! Personally I try and use whiteboard wherever possible and I’ve been re-thinking the one I usually give recently in the light of our Vontu acquisition.
Vontu as a standalone entity focused on data loss prevention (DLP .. Another fab TLA) which is fundamentally about discovering where your important data exists within your organisation and keeping in the hands of only the people that need it. I think as I’ve been reviewing their messages and slides that the thing that most jumped out at me was the fact that “policy” was the core of all they do. Describe data. Describe access. Describe retention. Discover. Protect and prevent leakage. All those kinds of words and phrases revolve around policies. If you don’t know what your policy is handed down from a legal body, or an internal body, then how on earth are you going to decide how long to keep that pile of emails from your customers?
I think the biggest relief for me though as I discover more about the Vontu technology is that it’s not some toothless auditing or reporting tool but can actually impact and change user behaviour. You can run it in “Monitor/Discover” mode or “Prevent” or both. It’s not hard to build stories when you can impact the behaviour of thousands or millions of interactions of individuals using “our” information within an organisation!