News: Allstate Illinois Data Center Achieves LEED Gold Certification
Blogs: M&M’s --- Part I - This stands for Marketing and Money
Blogs: Sometimes not making money is ok....
Q&A: Jeff Reich, RackspaceIn an email interview with the WHIR, Rackspace chief security officer Jeff Reich discusses his session, "Who Do You Trust? How Knowing Who and What Your Users are Determines How Secure Your Information Is," at this week's InnoTech conference in Austin, Texas.
By Liam Eagle, theWHIR.com
October 15, 2008 -- (WEB HOST INDUSTRY REVIEW) -- Information security is a widespread matter of concern in the hosting business, simply because it is an issue of tremendous importance to hosting customers, and a matter of much regulatory scrutiny.
But in addition to information security's obvious technical side, there is a more practical side, that involves practices surrounding personnel - one of the greatest potential threats to information security at any business.
In a presentation at this week's InnoTech conference in Austin, Texas, Rackspace's chief security officer Jeff Reich will participate in a panel entitled "Who Do You Trust? How Knowing Who and What Your Users are Determines How Secure Your Information Is," during which he will attempt to impart some of his experiences in trying to deal with the security threat presented by people.
And these are not lessons that are necessarily limited to the hosting business, though Reich certainly holds a position of authority on information security, given his role with Rackspace.
The session will take place Thursday at 11:00 a.m.
In an email interview with the WHIR, Reich discusses the objectives of the session, and some of the possibilities he will present to companies of all kinds, interested in information security.
In describing your session, you refer to "implementing a security and controls program," which doesn't really identify a specific kind of business, or a specific set of security demands. How broadly applicable do you think the ideas you discuss in your session are?
Jeff Reich: The basics of implementing a security and controls program can apply to virtually every business situation. The key for a successful program is flexing your resources to the areas of highest risk and need.
Do you have a certain type of business in mind?
Every business can apply this principle.
Your basic topic is that the security of information relies on trust in the users who are handling that information. Can you give a specific example of a way in which information might be put at risk by users? The most common and potentially dangerous opportunity for information to be put at risk is putting it in the hands of people that may not be able to determine the effects of misuse. Undoing problems stemming from information misuse is daunting, at best.
Are there effective strategies for ensuring that the trust placed in the people using these secure systems is well founded?
You need to determine the knowledge, skills and characteristics of the individuals that will be entrusted with your data. The hardest part might be truly determining those characteristics. After that, you can use tests, interviewing, background checks and other tools to validate that you are about to entrust the right individuals.
Is there a sort of effective philosophy or system for combining the well known technical controls for security with practices for ensuring the trustworthiness of people?
A very basic strategy for ensuring that trust is well-founded is by first, educating users of information about the value and proper uses of the information, as well as some common misuses. The second portion of the strategy is using systems that behave in the manner that you expect. Systems do not need to perfect but you need to know what to expect and confirm that your expectations are met.
Monitoring the security of information on the technical side is a pretty broad and well-understood discipline. Beyond the initial vetting process, is there a good ongoing practice for managing monitoring the trustworthiness of people? The best way to monitor the trustworthiness of people is to manage them. People should be very clear on your expectations of them and then be held accountable to those expectations. Technology and systems can provide you with some monitoring statistics but I offer that anyone depending strictly on those metrics will not be able to demonstrate continued trust.
To read an interview with Rackspace's Troy Toman, on his InnoTech panel "The Evolving Data Center: From Red To Green," click here.
Read Back Issues of WHIR Magazine
October 2009 - Web Hosting's All Star Team
This has been, for us, one of the most interesting, exciting and challenging build-ups to an issue of the magazine yet, Web Hosting's All Star Team. The balloting process was our first experiment with a kind of user participation we're planning to do a lot more with in the months to come. We had thousands of ballots submitted, with hundreds of write-in suggestions and a demonstration of user engagement that has us feeling super positive about the project.
About This Issue | Read Digital Edition
July 2009 - What am I Worth?
One of the interesting luxuries of working on a project like the printed WHIR magazine is that it allows us to play with things like our point of view from one issue to the next. In recent months we've been giving added attention to the kind of practical and applicable advice aimed at smaller hosts and resellers. This issue carries on with that point of view, asking, in our cover story, "what am I worth?" It's a complicated question without a clear-cut answer.
About This Issue | Read Digital Edition
May 2009 - The Blueprint for a Small Web Host
I was a little surprised by how difficult it became to see this idea through. We set out to assemble a blueprint for a small hosting business, but butted up pretty quickly against the general impossibility of covering all the territory that was out there to be covered. The basic constraints of a printed magazine, and the less-than-infinite amount of time we had available forced us to face the fact that we could never produce an exhaustive guide to starting a hosting company.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.