I came across this post on the BreakingPoint blog this morning: The Cost of a Data Breach? | Blog | BreakingPoint.
It’s interesting to me that a company that makes hardware to test network and server performance and security is asking questions about data breach. I see the connection – an unsafe firewall isn’t really complying with the PCI DSS and it isn’t really protecting client data. But to go from testing to finance is too big a jump.
Corporate America doesn’t understand that. We can only look at one angle at a time. Tell someone “I have a device that is the best firewall ever” and they may believe you, but tell them “I have the best all-purpose security device ever” and they will laugh in your face. Don’t you know that devices, like staff, can only do one thing properly?
As much as I like the idea of translating between testing and finance it seems like a waste of time to me. Unless it is at this level, “Hey Mr. CFO, data breaches cost money, I can provide solid figures later, so I want to buy this test equipment that will protect us. Yes, of course I can demonstrate ROI in 3 days.”
Related posts:
- Correlation Between Stock Price and Data Breach
- Trend Micro Expands Data Protection Portfolio to Secure Data from Endpoints to the Cloud
- Trend Micro on the Future of Data Protection
- RSA 2011- Industry Focusing on Virtualization, Mobility and Data — CIOUpdate.com
- New Atomic Games Military Action Shooter, “Breach”
Follow the dog on Twitter 
Loading ...
Hey Matt, thanks for the comment on the blog post. I guess my first question is, what is “too big a jump”? Is it too big a jump to be talking about this stuff on a blog that hits on industry topics, or too big a jump to walk into the CFOs office and talk about this stuff. I’m guessing you meant the latter, so I’ll respond to that assumption.
More and more we are seeing the CFO (and CEO) involved in the decisions around protecting their network. And rightfully so, they are dropping a bunch of money on pieces of network equipment that simply aren’t working as advertised, yet there are not means of accountability.
These folks want assurances the next time they do a product eval, or sign a requisition for a new data center upgrade, or put their name to the piece of paper that declares them PCI compliant, or purchase an endpoint DLP solution…the list goes on and on. I think that the idea of measuring the resiliency of network infrastructure is starting to resonate throughout all levels of corporate America. Obviously it is harder to make it resonate the higher up you go, but there is a lot of pressure there to find the right solutions.
For me it is not about translating between testing and finance, it is simply the acknowledgment that these folks have a lot on their plate, that breaches are costly and that there are ways to ensure that what you put in place is actually going to work. If we are going to move out of the legacy days of “testing” I think up leveling the conversation is critical.
BTW, love the blog layout and the game reviews!
/kff