Security, et al

I found some pretty cool stuff at RSA. Some new technologies that I’ve never thought of before and others that are just as fun as they are valuable.

Fun and an effective solution to a vexing problem – old hard drives full of sensitive information. Garner Products’ booth showed off some epically cool machines to take care of that problem. Using a magnet rivalling those in MRIs, the HD-3WXL, can degauss one hard drive every 10 seconds. But even cooler is the PD-5 which physically breaks drives in half.

 

You have to watch this video– http://www.garner-products.com/PD-5.htm. How fun is that? Plus the drive can still be disassembled and recycled as opposed to shredders which create a toxic waste disposal problem.

My Neat-O-Meter redlined at Dispersive Technologies’ booth when I grasped what they do, which is a new way to securely send information over the Internet. Quantum Encryption you ask?  Ha! That is so passé. The VSV products use a “spread spectrum” approach to breaking data up and sending it over many, unpredictable paths over the Internet as a way to defeat man-in-the-middle attacks. Any given observation point only sees a fraction of the data being transmitted. There’s not many entities that could even begin to try to observe every path (see my Elephants and Irony at RSA post). With VSV products both endpoints securely negotiate and dynamically adjust their use of multiple “deflectors” on the Internet to scramble their data and send different bits of it along completely different paths. Sounds slow? Rob Smith (no relation to yours truly) explained that the endpoints automatically and dynamically stop using deflectors on slow paths and sometimes produce greater throughput than traditional shortest path network.

Finally, we all know that at the end of the day, with every security technology deployed, your weakest link remains the human element. And we all tend to pay lip service to the need for security awareness training. But what do we do about beyond putting up some posters and having new hires sign some documents when they first come in? And how many managers will approve and pay for in-person training sessions which users quickly forget about? How do you increase security awareness and sustain it over the long haul?  That’s what I liked about what I saw at Visible Statement’s booth. Their software integrates with your endpoint with just the right amount of animated security awareness training and supports many different languages.