Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

How To Stretch Your Security Dollar 51

itwbennett writes "Taking an aspirin a day will keep you headache-free but it can also reduce your risk of heart attack. You're definitely getting your money's worth out of that bitter little pill. But experts say you can also get additional ROI from security, business continuity, disaster recovery and compliance investments, writes Daniel Dern in a recent article. In fact, you can get 'double or triple the value from "side effects,"' observes Jim Cuff, VP of strategy, Iron Mountain Digital. For example, tools purchased for compliance management can also help identify redundancies and other inefficiencies. Security appliances don't just provide security; they can also be used for performance and bandwidth management, and enforcing acceptable use policies. Or take the next step and use disaster recovery resources 'for part of your active environment, like load balancing, test and develop and QA, and backup, not something you have just in case,' urges Greg Schulz, founder and senior analyst of the StorageIO Group. And for the ultimate bang for your buck, take your facilities and knowledge and turn them into an external business offering."
This discussion has been archived. No new comments can be posted.

How To Stretch Your Security Dollar

Comments Filter:
  • Press release (Score:4, Insightful)

    by Anonymous Coward on Friday October 23, 2009 @06:14PM (#29852337)

    Since when do press releases merit posting on /.?

  • by a1210 ( 869230 ) on Friday October 23, 2009 @06:16PM (#29852349)
    I don't quite get the asprin analogy, can someone give me a car analogy please? :)
    • Re: (Score:3, Funny)

      by piojo ( 995934 )

      Changing your timing belt before it fails?

    • by Normal Dan ( 1053064 ) on Friday October 23, 2009 @06:49PM (#29852623)
      Using a higher grade fuel will get you better gas mileage but it can also reduce your chances of breaking down. Disclaimer: I am not a car doctor.
      • Uh... if by "higher grade" you mean higher octane, you're mistaken. In fact, if the "cheap gas" doesn't cause pinging in your engine, the "higher grade" fuel gives you nothing but more expensive exhaust gases.
        • Uh... if by "higher grade" you mean higher octane, you're mistaken. In fact, if the "cheap gas" doesn't cause pinging in your engine, the "higher grade" fuel gives you nothing but more expensive exhaust gases.

          Unless, of course, your engine was designed for the higher octane (i.e. sports cars / turbo cars). You'll destroy your engine. Or your ECU programming from the factory was crap and it pings on a hot day (I've seen this).

          But yes, in your Honda Civic it won't give you much (if anything).

          • Re: (Score:3, Informative)

            by asackett ( 161377 )

            That's kinda why I said, "if the 'cheap gas' doesn't cause pinging". Detonation is a real bitch and can crack pistons, thrash pins and rod bearings, and just generally be a real pain in the wallet come repair time. But a broken piston is a good excuse to increase the bore... :-) Still, if you're not getting detonation, all you get from high octane gasoline is expensive exhaust gas.

            If you get pinging only on hot days or only at high altitude, try curing it the same way you'd cure vapor lock on a carbureted e

            • Re: (Score:3, Informative)

              Any vehicle built in the last 15 years will have a knock sensor to prevent detonation, so it's a tricky business to determine whether you are getting anything out of premium fuel. The lower gas mileage (caused be the ignition being retarded by the knock sensor) from running on regular gas in a vehicle designed for premium can sometimes outstrip the cost savings of using regular gas. This has to be evaluated on a case-by-case basis... there is no hard and fast rule. The compression ratio and head material

    • by Jurily ( 900488 )

      A crash test a day keeps the thieves away.

    • Taking an car a day will keep you headache-free but it can also reduce your risk of heart attack. You're definitely getting your money's worth out of that bitter little car.
    • If only the poster had tried quoting the opening of the (my) article proper,
      "Like the airbags in your car..." rather than offering an example not found
      in the article.

      Of course, I can't think of an ROI for airbags when they're not being deployed for
      safety reasons. Arguably a full-sized spare tire might be value-recouped, by
      putting it into your tire rotation, although that may not be as good an idea as it used to be.

      Daniel Dern (who wrote the article)

  • Or... (Score:2, Funny)

    by UncleWilly ( 1128141 )

    Or follow the herd and move off-shore.

  • by Tetsujin ( 103070 ) on Friday October 23, 2009 @06:22PM (#29852397) Homepage Journal

    OK, you ready? Here it is...

    Silicone bills

    Ever felt a need to stretch your dollar further? Now you can, with silicone bills...

  • by syousef ( 465911 ) on Friday October 23, 2009 @06:26PM (#29852435) Journal

    ...after reading that terrible analogy.

  • Problem with that is, when you need to use your disaster recovery to recover from a disaster, it won't have enough capacity--because you've sized yourself that your load needs your "regular" servers *and* your "disaster recovery" servers, and when you have just your "disaster recovery" servers, it'll all freeze up under a load it can't handle.

    • by dgatwood ( 11270 ) on Friday October 23, 2009 @07:22PM (#29852823) Homepage Journal

      Oh, no, it's far worse than that. As soon as I read that suggestion, I immediately had words going through my mind that I won't say in public, even on Slashdot. If your backups are online AT ALL, you have no backups. All it takes is one malicious employee who decides to nuke all your systems at once, and you've lost everything. Not to mention that if those systems are part of your normal operation, that usually means they're in the same building as your normal operations center, and thus all it takes is one fire and you've lost everything.

      The requirements for a proper backup are that it must be A. periodically checked for functionality, B. off-site, and C. not connected to the Internet in any way. The ideal implementation involves a vault made of 30 feet of concrete. Most people forget that first one, admittedly, and that causes a lot of problems when disaster strikes. That's still no excuse for ignoring the last two instead.

      An online hot swap spare is not a real backup, period, no matter how you use it or implement it. It's great for getting up and running again quickly, but when the hackers compromise your password database, your replicated hot swap spare is compromised, too. When you accidentally introduce a bug that treats social security number 999-99-9999 as an end of record marker and causes records of resident aliens to be deleted or corrupted, your replicated hot swap spare is corrupted, too. Online spares (in any capacity) are to backup as RAID is to backup. They solve a limited class of failures, but do nothing whatsoever for several much larger classes of failures.

      Indeed, it is this sort of thinking that is costing Microsoft a pretty penny. Given that the Danger incident just happened a few weeks ago (and they're still cleaning up the mess even today), it's amazing to me that a VP of a computer firm could have already forgotten it. It is this very sort of recommendation from so-called "consultants" that ends up utterly destroying companies in spectacular ways when a real disaster actually happens. To the VP in question, please stop giving such TERRIBLE advice.

      • I agree that an ideal backup solution would be something along the lines of Cheyenne Mountain's basement--with armies of mole-men transcribing the data onto titanium slabs. (Mole men are secure, because all you need to keep them in check is a couple of big sun lamps!)

        But, I would say that the old Meatloaf song would make a good compromise to your 3 criteria: "Two out of Three Ain't Bad." In my particular case, I had a medical customer who needed reasonably up-to-date backups of everything...worst case sc

        • Disclaimer : yes, IAMDRS (I Am A Disaster Recovery Specialist...yeah, like I can brag about it whenever I want 8p)

          We offer something along the same line for enterprise class backup. Except we install a vendor agent on the server and send the "diff" to an EMC array in a Tier3 datacenter.This array is replicated real time to another location situated 20 miles from there using a dedicated high speed private network (aka Chunk O' Fiber on two different routes), and the first copy is backuped in full everyday.Th

    • If you're big enough, you can run in N+1 capacity - lose a DC and your servers get hotter. Even a scaled version of the site somewhere else can keep you limping for a bit. Depends on what exactly you're doing, as with everything.
  • by cosm ( 1072588 )
    Norton ViagraWorks 2010?
  • they can also be used [for] enforcing acceptable use policies.

    I dunno, somehow it seems just wrong to say that on /.

  • Aspirin shmaspirin (Score:3, Informative)

    by musicalmicah ( 1532521 ) on Friday October 23, 2009 @07:23PM (#29852835)
    Actually, daily doses of aspirin can be harmful to many different sorts of individuals [mayoclinic.com], though the parallel still stands, I suppose: just as many industry-prescribed security policies can have beneficial "side effects" for your business, they can also yield unintended consequences that generate more cost--and real risks (the feeling of security often leads to less of it!)--due to lack of careful planning or proper implementation.
  • I really hope, that that is not a normal attitude in the USA. I mean, I hope that everyone here is perfectly aware how any why this is a really fucked up way of thinking.

    It's basically the same thing, as automatically filtering all error messages regarding the risk of hardware failures out of your log files. It keeps you just as "error free".

    Oh, wait. No. It's even worse. Because aspirin has side-effects. Like causing stomach ulcers on daily intake, in people that have problems with its acidity. And many ot

    • An asprin a day has nothing to do with headaches and such. Asprin (typically an 81mg daily dose) is a cheap and effective mild blood thinner with relatively minimal side effects and has been studied extensively for decades.

      • Re: (Score:3, Insightful)

        An asprin a day has nothing to do with headaches and such. Asprin (typically an 81mg daily dose) is a cheap and effective mild blood thinner with relatively minimal side effects and has been studied extensively for decades.

        Mild effects? Sure, unless you take too many, or take Vicodin or have liver/kidney problems. Then it can kill you dead.

    • Re: (Score:3, Informative)

      Now, why in the world is this modded as "troll"?

      In Europe, the most medical doctors scoff at the notion of taking medicine "just in case", "even" if it's an aspirin. If there is no medical reason to apply medications to your body, then DON'T DO IT. That is the widely spread and accepted attitude.

      Now, of course you can choose not to believe MDs and rather to design your own medication programs instead, but you should not mod a person down saying this would be a dangerous and a stupid thing to do. Disag
  • If someone talking about security starts to mention ROI, I tune them out. They don't know the basics about security.

    When I talk security to upper management I never use the term ROI. That term is too steeped in revenue generation that you cannot separate the term from the expectation of increased sales or increased profitability.

    Security is like insurance it protects against loss. Security (for almost all companies) never generates revenue, therefore it can never have ROI in the traditional sense.

    Some secur

    • by jman11 ( 248563 )

      I have to disagree. When discussing security and insurance then return on investment is a perfectly valid term.

      Security and insurance are opposites. Security is stopping something going wrong and insurance is getting some money so you can rebuild/replace after it does.

      Increasing your security can decrease your insurance costs; bang you've got a return on the investment.

  • VP of strategy, Director of Marketing, etc. etc. for companies that sell Backup, Storage and Virtualization. And they are suggesting you implement those so you can justify the expense by showing security ROI. Nice. I agree with the central point being made, which is that the same HW can be used for security and other non-security purposes. The door that keeps out intruders also keeps out the cold. But please do not call that ROI. Ask any security person, and s/he will tell you that security has no ROI,
  • Aspirin (Score:4, Informative)

    by Dunbal ( 464142 ) on Friday October 23, 2009 @08:04PM (#29853069)

    Taking an aspirin a day will keep you headache-free

          Dear submitter,

          Since you insist on doling out pharmaceutical advice be aware that your statement is utterly false. Fortunately you won't be held as accountable as we practitioners are. Lucky you. I could lose my house because of something like this.

          You obviously have never heard of analgesic rebound headaches.

          Just [health-cares.net] in [migraines.org] case [healthcentral.com] you don't believe me [inist.fr]. There, I'm bored. You look for the rest.

          A tip - if you have constant headaches, see your doctor instead of taking aspirin or some other analgesic every day.

          Love,

          A physician.

  • ... and be wary of strangers who knock. Make sure your home is well-lit outside and trim away the foliage from your windows.

    Oh, computer security.

    Nevermind.

  • Aspirin. (Score:3, Insightful)

    by Geoffrey.landis ( 926948 ) on Friday October 23, 2009 @11:41PM (#29854053) Homepage

    "Taking an aspirin a day will keep you headache-free"

    No, actually it won't.

  • Aspirin can be addictive and dangerous to your health if taken in inappropriate doses. Curiously enough, the rest of what they have to say is complete bullshit also.

  • Security appliances don't just provide security; they can also be used for performance and bandwidth management, and enforcing acceptable use policies.

    Slashdot just better hope that many of our employers don't find out about this.

I never cheated an honest man, only rascals. They wanted something for nothing. I gave them nothing for something. -- Joseph "Yellow Kid" Weil

Working...