How To Stretch Your Security Dollar 51
itwbennett writes "Taking an aspirin a day will keep you headache-free but it can also reduce your risk of heart attack. You're definitely getting your money's worth out of that bitter little pill. But experts say you can also get additional ROI from security, business continuity, disaster recovery and compliance investments, writes Daniel Dern in a recent article. In fact, you can get 'double or triple the value from "side effects,"' observes Jim Cuff, VP of strategy, Iron Mountain Digital. For example, tools purchased for compliance management can also help identify redundancies and other inefficiencies. Security appliances don't just provide security; they can also be used for performance and bandwidth management, and enforcing acceptable use policies. Or take the next step and use disaster recovery resources 'for part of your active environment, like load balancing, test and develop and QA, and backup, not something you have just in case,' urges Greg Schulz, founder and senior analyst of the StorageIO Group. And for the ultimate bang for your buck, take your facilities and knowledge and turn them into an external business offering."
Press release (Score:4, Insightful)
Since when do press releases merit posting on /.?
Re: (Score:2)
The last word of the title of it may give you a hint. ^^
Cannot compute analogy (Score:5, Funny)
Re: (Score:3, Funny)
Changing your timing belt before it fails?
Back to security (Score:5, Funny)
Shutting down your computers improve your security, but you'll also get a girlfriend.
Re:Back to security (Score:5, Funny)
Bad analogy. The article(?) is about SAVING money, not money bleeding.
Re: (Score:1)
Since when slashdotters spend money on their girlfriends? Girls pay to *be with a /. guy*. On top of that slashdotter's girlfriends also cook delicious food, invite their cute girl friends to have group sex on friday night (or any night you want) and buy new computers to them. You've got all of this wrong!
Re: (Score:2)
Dude, I told you already, she's MY girlfriend, not yours!
Re:Cannot compute analogy (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Uh... if by "higher grade" you mean higher octane, you're mistaken. In fact, if the "cheap gas" doesn't cause pinging in your engine, the "higher grade" fuel gives you nothing but more expensive exhaust gases.
Unless, of course, your engine was designed for the higher octane (i.e. sports cars / turbo cars). You'll destroy your engine. Or your ECU programming from the factory was crap and it pings on a hot day (I've seen this).
But yes, in your Honda Civic it won't give you much (if anything).
Re: (Score:3, Informative)
That's kinda why I said, "if the 'cheap gas' doesn't cause pinging". Detonation is a real bitch and can crack pistons, thrash pins and rod bearings, and just generally be a real pain in the wallet come repair time. But a broken piston is a good excuse to increase the bore... :-) Still, if you're not getting detonation, all you get from high octane gasoline is expensive exhaust gas.
If you get pinging only on hot days or only at high altitude, try curing it the same way you'd cure vapor lock on a carbureted e
Re: (Score:3, Informative)
Any vehicle built in the last 15 years will have a knock sensor to prevent detonation, so it's a tricky business to determine whether you are getting anything out of premium fuel. The lower gas mileage (caused be the ignition being retarded by the knock sensor) from running on regular gas in a vehicle designed for premium can sometimes outstrip the cost savings of using regular gas. This has to be evaluated on a case-by-case basis... there is no hard and fast rule. The compression ratio and head material
Re: (Score:2)
A crash test a day keeps the thieves away.
Re: (Score:2)
For a car analogy... (Score:1)
If only the poster had tried quoting the opening of the (my) article proper,
"Like the airbags in your car..." rather than offering an example not found
in the article.
Of course, I can't think of an ROI for airbags when they're not being deployed for
safety reasons. Arguably a full-sized spare tire might be value-recouped, by
putting it into your tire rotation, although that may not be as good an idea as it used to be.
Daniel Dern (who wrote the article)
Or... (Score:2, Funny)
Or follow the herd and move off-shore.
I've got a great idea for the US Mint... (Score:5, Funny)
OK, you ready? Here it is...
Silicone bills
Ever felt a need to stretch your dollar further? Now you can, with silicone bills...
I need an asprin (Score:3, Funny)
...after reading that terrible analogy.
Making disaster recovery part of your capacity? (Score:2)
Problem with that is, when you need to use your disaster recovery to recover from a disaster, it won't have enough capacity--because you've sized yourself that your load needs your "regular" servers *and* your "disaster recovery" servers, and when you have just your "disaster recovery" servers, it'll all freeze up under a load it can't handle.
Re:Making disaster recovery part of your capacity? (Score:4, Insightful)
Oh, no, it's far worse than that. As soon as I read that suggestion, I immediately had words going through my mind that I won't say in public, even on Slashdot. If your backups are online AT ALL, you have no backups. All it takes is one malicious employee who decides to nuke all your systems at once, and you've lost everything. Not to mention that if those systems are part of your normal operation, that usually means they're in the same building as your normal operations center, and thus all it takes is one fire and you've lost everything.
The requirements for a proper backup are that it must be A. periodically checked for functionality, B. off-site, and C. not connected to the Internet in any way. The ideal implementation involves a vault made of 30 feet of concrete. Most people forget that first one, admittedly, and that causes a lot of problems when disaster strikes. That's still no excuse for ignoring the last two instead.
An online hot swap spare is not a real backup, period, no matter how you use it or implement it. It's great for getting up and running again quickly, but when the hackers compromise your password database, your replicated hot swap spare is compromised, too. When you accidentally introduce a bug that treats social security number 999-99-9999 as an end of record marker and causes records of resident aliens to be deleted or corrupted, your replicated hot swap spare is corrupted, too. Online spares (in any capacity) are to backup as RAID is to backup. They solve a limited class of failures, but do nothing whatsoever for several much larger classes of failures.
Indeed, it is this sort of thinking that is costing Microsoft a pretty penny. Given that the Danger incident just happened a few weeks ago (and they're still cleaning up the mess even today), it's amazing to me that a VP of a computer firm could have already forgotten it. It is this very sort of recommendation from so-called "consultants" that ends up utterly destroying companies in spectacular ways when a real disaster actually happens. To the VP in question, please stop giving such TERRIBLE advice.
Re: (Score:2)
I agree that an ideal backup solution would be something along the lines of Cheyenne Mountain's basement--with armies of mole-men transcribing the data onto titanium slabs. (Mole men are secure, because all you need to keep them in check is a couple of big sun lamps!)
But, I would say that the old Meatloaf song would make a good compromise to your 3 criteria: "Two out of Three Ain't Bad." In my particular case, I had a medical customer who needed reasonably up-to-date backups of everything...worst case sc
Re: (Score:2)
Disclaimer : yes, IAMDRS (I Am A Disaster Recovery Specialist...yeah, like I can brag about it whenever I want 8p)
We offer something along the same line for enterprise class backup. Except we install a vendor agent on the server and send the "diff" to an EMC array in a Tier3 datacenter.This array is replicated real time to another location situated 20 miles from there using a dedicated high speed private network (aka Chunk O' Fiber on two different routes), and the first copy is backuped in full everyday.Th
Re: (Score:2)
An ad for... (Score:2, Funny)
Re: (Score:1)
Ixnay on the olicypay... (Score:2)
they can also be used [for] enforcing acceptable use policies.
I dunno, somehow it seems just wrong to say that on /.
Aspirin shmaspirin (Score:3, Informative)
A Aspirin a day? WTF? (Score:2, Insightful)
I really hope, that that is not a normal attitude in the USA. I mean, I hope that everyone here is perfectly aware how any why this is a really fucked up way of thinking.
It's basically the same thing, as automatically filtering all error messages regarding the risk of hardware failures out of your log files. It keeps you just as "error free".
Oh, wait. No. It's even worse. Because aspirin has side-effects. Like causing stomach ulcers on daily intake, in people that have problems with its acidity. And many ot
Re: (Score:2)
An asprin a day has nothing to do with headaches and such. Asprin (typically an 81mg daily dose) is a cheap and effective mild blood thinner with relatively minimal side effects and has been studied extensively for decades.
Re: (Score:3, Insightful)
An asprin a day has nothing to do with headaches and such. Asprin (typically an 81mg daily dose) is a cheap and effective mild blood thinner with relatively minimal side effects and has been studied extensively for decades.
Mild effects? Sure, unless you take too many, or take Vicodin or have liver/kidney problems. Then it can kill you dead.
Re: (Score:3, Informative)
In Europe, the most medical doctors scoff at the notion of taking medicine "just in case", "even" if it's an aspirin. If there is no medical reason to apply medications to your body, then DON'T DO IT. That is the widely spread and accepted attitude.
Now, of course you can choose not to believe MDs and rather to design your own medication programs instead, but you should not mod a person down saying this would be a dangerous and a stupid thing to do. Disag
Re: (Score:2)
I would never trust a company to keep me healthy when it's most profitable for it to have as many people ill as possible. Therefore, I never take any meds.
related: http://science.slashdot.org/article.pl?sid=09/09/07/1526234 [slashdot.org]
Security !~ ROI (Score:1)
If someone talking about security starts to mention ROI, I tune them out. They don't know the basics about security.
When I talk security to upper management I never use the term ROI. That term is too steeped in revenue generation that you cannot separate the term from the expectation of increased sales or increased profitability.
Security is like insurance it protects against loss. Security (for almost all companies) never generates revenue, therefore it can never have ROI in the traditional sense.
Some secur
Re: (Score:1)
I have to disagree. When discussing security and insurance then return on investment is a perfectly valid term.
Security and insurance are opposites. Security is stopping something going wrong and insurance is getting some money so you can rebuild/replace after it does.
Increasing your security can decrease your insurance costs; bang you've got a return on the investment.
Why are all the quotes from Marketing people? (Score:2)
Aspirin (Score:4, Informative)
Taking an aspirin a day will keep you headache-free
Dear submitter,
Since you insist on doling out pharmaceutical advice be aware that your statement is utterly false. Fortunately you won't be held as accountable as we practitioners are. Lucky you. I could lose my house because of something like this.
You obviously have never heard of analgesic rebound headaches.
Just [health-cares.net] in [migraines.org] case [healthcentral.com] you don't believe me [inist.fr]. There, I'm bored. You look for the rest.
A tip - if you have constant headaches, see your doctor instead of taking aspirin or some other analgesic every day.
Love,
A physician.
Keep your door locked... (Score:2)
... and be wary of strangers who knock. Make sure your home is well-lit outside and trim away the foliage from your windows.
Oh, computer security.
Nevermind.
Aspirin. (Score:3, Insightful)
"Taking an aspirin a day will keep you headache-free"
No, actually it won't.
Lies and damn lies. (Score:2)
Aspirin can be addictive and dangerous to your health if taken in inappropriate doses. Curiously enough, the rest of what they have to say is complete bullshit also.
Re: (Score:2)
And they didn't even bring in "statistics"....guess that would have been too much of a giveaway...
Enforcing acceptable use policies? (Score:2)
Security appliances don't just provide security; they can also be used for performance and bandwidth management, and enforcing acceptable use policies.
Slashdot just better hope that many of our employers don't find out about this.