[SecurityRatty] tag: tight

Chairman Tata Surprised by Tricky Terrorists

Sun, 30 Nov 2008 22:29:00 +0000

Chairman Rata Tata, whose company owns the Taj hotel in Mumbai, gave a frank and honest interview to CNN. I would imagine that the Tata Group's PR people and General Counsel are scrambling at the moment trying to do as much damage control as possible.

The sad part of this unfolding story is the feeling one gets that the terrible loss of life at the hotel may have been prevented or at least mitigated had proper security measures been implemented and if the security that had been in place prior to the attack had not been removed.

One eye witness who stayed at the hotel a week before the terrorist assault spoke about metal detectors and baggage being checked. The same witness then went on to say that those security measures had been removed within the last week, allowing people to enter without being checked.

The most surprising news to surface must be the Chairman's comments regarding the terrible event. Unbelievably, he actually said; "They knew what they were doing and they did not go through the front. All of our arrangements were on the front entrance".

Who is Tata's security advisor, a kitchen worker? Actually, he might have been better off if that were the case since the terrorists entered the hotel through the rear kitchen door. ANNOUNCEMENT TO ALL CHAIRMEN AND CEO's; Terrorists are Tricky. That is their job. They are watching your businesses and will do the opposite to what you expect.

In the case of the TAJ HOTEL, you made it easy for them. Did nobody in Mumbai ever stop to think that a bad person can go through the back door? It is one thing for a cafe in a pedestrian area to be attacked as anyone can walk right by or walk through the front and open fire, but how can a major landmark that attracts Western vistors drop their security measures AFTER they have received terrorist alert warnings that the hotel may be the target of terrorsit attacks?

I don't know if it was the case with the Taj Hotel, but cutting corners where security is concerned is common place in corporate culture. Security is often seen as a necessary evil and usually the first department to experience budgetary cutbacks. It is very difficult to convince some clients that nothing happening is really a good thing and that by cutting out security may open the door to evil.

This appears to have been the case with the Taj. There is no doubt that the terrorists had conducted hundreds of hours of surveillance in and around Mumbai. Was it a coincidence that the attack occurred the week after security measures had been removed? What might have been the result if security had remained tight (if you could call watching the front entrance and disregarding the back as "tight security")? Maybe the terrorists would have held back another month or two...maybe in that time they would have been detected...

One thing is for certain, places like the Taj Hotel have to get serious about security. Mr. Tata's claim that; "If I look at what we had...it could not have stopped what took place", must be replaced by more progressive, proactive thinking. If the Tata Group had spent an adequate amount of funding on ensuring that a strict security policy was in force - if only for the period in question - then they might not now be facing a 5 Billion Rupee reconstruction bill. Who knows how high the civil suits against the Taj will run when compensation and punitive costs are calculated.

Kudos though to Chairman Tata for at least recognizing that the Indian authorities may not be able to handle the situation on their own. "These attacks underscore the need for Law Enforcement to seek outside expertise for training, equipment and strategic operations", he said.

We agree Mr. Tata. We also hope that you will recognize the need for the Tata Group to seek similar outside expertise to assist you with your security planning and training.

Is That a Coffee Table or a Munition?

Tue, 25 Nov 2008 09:40:20 +0000

One of the standard software security prescriptions for the SDLC is to data classification and enforce least privilege. From a security perspective this sounds fantastic, especially on a whiteboard. When the rubber meets the real world road, things often turn out slightly different.

It turns out that it is hard to conduct business with excessive granularity.

Here is an article from The Economist on the challenges of space technology, commercialization and information sharing. This is widely applicable to corporate information security policies:

Gravity is not the main obstacle for America’s space business. Government is
IN THE spring of 2006 Robert Bigelow needed to take a stand on a trip to Russia to keep a satellite off the floor. The stand was made of aluminium. It had a circular base and legs. It was, says the entrepreneur and head of Bigelow Aerospace in Nevada, “indistinguishable from a common coffee table”. Nonetheless, the American authorities told Mr Bigelow that this coffee table was part of a satellite assembly and so counted as a munition. During the trip it would have to be guarded by two security officers at all times.

Exporting technology has always presented a dilemma for America. The country leads the world in most technologies and some of these give it a military advantage. If export rules are too lax, foreign powers will be able to put American technology in their systems, or copy it. But if the rules are too tight, then it will stifle the industries that depend upon sales to create the next generation of technology.

It is a difficult balance to strike and critics charge that America has erred on the side of stifling. They claim that overly strict export controls have so damaged the space industry that America’s national security is now threatened by its dwindling leadership in space technology. The system, they complain, fails to distinguish between militarily sensitive hardware that should be controlled and widely available commercial technologies, such as lithium-ion batteries and solar cells. The zealous application of the export rules is the American space industry’s biggest handicap.

Read the whole thing its fascinating. So what started off as well intentioned asset protection eventually compromised the most important asset of all - strategic advantage.

So what's a better model? I am partial to think about these sorts of problems as free trade agreements. Each integration point should have a set of policies, and enforcement mechanisms that also include compensating transactions.

For example, did you know that in the US you can buy companies that trade on other exchanges through ADRs? You buy the ADR of say a French Telco which trades on a European exchange only you buy the ADR on the NYSE or Nasdaq. Then the French Telco issues you a dividend because you are a shareholder, but the French government withholds the dividend for foreign owners. Yet because there is a free trade agreement between the two countries, the US lets you write off the unreceived portion of the dividend on your taxes. (this may or may not be the case in US-France just an example). Anyway, its not a silver bullet but its an interesting strategy.

As Minnesota awaits recount, e-voting is ruled out as issue in tight U.S Senate race

Tue, 11 Nov 2008 02:00:00 +0000

The state's optical scanning equipment did not play a role in the tight race that led to a vote recount for the U.S. Senate election in Minnesota, according to a state official.

Study: Viagra spam is profitable, but margins are tight

Sun, 09 Nov 2008 21:00:00 +0000

One of the most notorious networks of hacked computers used for sending spam could be generating as much as US$3.5 million per year peddling drugs such as Viagra, according to new research.

Opinion: How to sustain security on a tight budget

Tue, 28 Oct 2008 01:00:00 +0000

There's little doubt that an adequate budget helps keep companies secure, says consultant Andreas Antonopoulos, but there are other things you can do when resources tighten.

How to sustain security on a tight budget

Mon, 27 Oct 2008 21:00:00 +0000

Whether you believe we are in or about to enter a recession, IT budgets are certainly tightening up for 2009.

Halloween Came a Little Early...

Wed, 15 Oct 2008 20:00:00 +0000

Halloween came a little early for Rob Enderle. Is he right to be very, very afraid..?

Rob Enderle recently attended an EMC conference where, among the speakers, he heard from Uri Rivner regarding the growing sophistication–and mass-production capabilities—of the online fraud industry. In his excellent piece in Dark Reading on the subject entitled “How RSA/EMC Scared Me Half to Death”, Rob admitted to being more than a little scared by what he heard. And among his fears is that, in these tight economic times, companies will not make the investments needed to ensure that they and their customers are secure against these increasingly robust threats...

Can You Believe It? With the Financial Markets in Turmoil, the Hosting Industry Continues to Thrive!

Thu, 18 Sep 2008 11:00:18 +0000

I am participating in the 4th annual Hosting Transformation Summit in sunny Las Vegas today and have just listened to some heartwarming news from Dan Golding the head of Tier1 Research. Dan kicked off the morning with his Keynote “Managed Hosting and Colocation in 2009 and beyond.” As you may know, ScienceLogic has maintained a large group of customers in the Managed Service Provider industry so we love to keep our ears to the pavement regarding industry trends. (image from: Siemens)

Dan described the Managed Hosting and colocation sector as “on fire” The sector is humming – incredible growth, outstanding execution, blowing away expectations. I must say, looking back 5 years ago after the tech bubble collapse, I can’t believe how strong the sector bounced back from those very difficult times.

His presentation was focused on a future, and a longer view for the industry. The HTS conference is packed this year with the largest attendance of Datacenter owners, Managed hosting and colocation companies ever to attend this conference.

Demand steady or increasing in all markets, driven largely by capex constraints and greater awareness and choices.
Supply is growing more slowly in the past 18 months as the credit crunch has hurt the ability of providers to expand ( it is very hard to get mortgages, loans only on new datacenter projects). Expansion build-out of existing shells is occurring, but very little on spec.
Demand Growth of 15% in 2008. (Steady and increasing in the out years) However after supply growth peaked at 7.5% in 2007 supply growth now has slowed to 5%
Dan believes that supply growth will pick back up again in 2011

Conclusions – supply is tight, demand is high and growing…this very good news for the industry.

Some other trends:
- The green initiatives are more than just a trend as datacenter owners who don’t figure out how to maximize power efficiency will be painted as villains.
- Internet traffic and services consumption are linked as Internet traffic growth has been doubling every year (2005-2007)
- Prediction: 2011 -2012 - internet traffic will get an exaflood – it is coming with a new breed of applications (set to boxes HD Video, games, etc.) that will drive new traffic patterns. Growth driven by consumer broadband + applications (HD video) applications, which in turn will drive demand for Managed Hosting / Colocation Services…

Managed Hosting Services Highlights

Incredibly fast growth 30%+
$10 Billion worldwide revenue by end of 2008
We’ll keep growth pace until at least 2011
Good news, Dan believes that fears about slowdown in growth are wildly overblown.

Why is managed hosting growing so fast?

Demographic shifts – new breed of IT employees that embrace outsourcing
Growth in internet applications (SaaS) The acceptance and growth of browser based applications has been enormous!
Ambiguity between web hosting and managed hosting has turned positive

Dan’s Key success factors managed hosting and services

High margin services – and not too many – it is so tempting in our day to day business when a customer comes along and wants to come and give us money for a unique on-off service… at this point the answer has to be no – or do it through a partner.
High level of support delivery is critical – don’t cut pay in support people or outsource support to save a nickel… what you are selling is support. Keep doing this well or you will head into a bad place… just as examples in retail like Home Depot and others who have struggled with customer service challenges – the whole business starts to slide into the toilet… High levels of support delivers a strong word of mouth buying cycle

Final thoughts, the industry is healthy and will continue to thrive. Customers are looking for the one stop shop, one company that is a trusted advisor to the customer. As customers place more eggs in the Managed Service bucket, the industry will need to tighten-up those SLA’s. Today some parts of the industry have been getting away with loose SLA’s… as customers get more sophisticated and have more on the line, they will become more demanding and require robust multi-component SLAs and back-it –up.

Case Study - Hilcona Foods Benefits from Strong Security, Simply Done

Tue, 16 Sep 2008 09:00:00 +0000

(Source: WatchGuard) With an increasingly complex network, Hilcona Foods, a large frozen foods packager began a search for a security solution that was geared more precisely to their specific needs. With a tight budget at the top of their mind, Hilcona turned to WatchGuard to provide everything they needed while reducing the resources needed to support it.

RNC

Thu, 04 Sep 2008 07:34:05 +0000

Yup, we have the RNC here in MN. Downtown is locked down pretty tight, you would need the combined powers of Chuck Norris and Bruce Schneier to even get a cup of coffee down there. Here is the round up from The Economist's blog

You'll have to pardon me this morning if the round-up seems a bit off. I'm still a little stunned at the spectacle of an arena full of (seemingly sober and sane) adults chanting, "Drill, baby, drill".

So let's see, what's in the news? Well, last night Republicans trotted out a Massachusetts venture capitalist and governor, the former mayor of New York City, former executives of eBay and HP, and an Alaskan neophyte pol who as mayor of a small town delivered $4,000 in federal pork for every man, woman, and child, in railing against coastal elites and Washington politics, while supporting a candidate who's been in the Senate for 26 years.