2008-05-04

In matters concerning IT security, John Pescatore of Gartner is supposedly an expert. That may be so, but he evidently does not know the first thing about logistics.

According to this story, DaimlerChrysler Financial Services Canada lost a data backup tape when they sent it via UPS courier to a credit agency. Apparently, the tape was not encrypted - at least Chrysler have not confirmed so.

The story concludes with Pescatore's comments that Chrysler should have bought more insurance on the shipment, because "You can get higher levels of insurance on any items you’re sending, so if it's lost, stolen or damaged, you can get some financial payments back". More proof that these Management Consultant types don't have a clue what they're talking about: insurance does not guarantee delivery - the package would still be routed through the same hubs on its way to its destination; it does not give the package "special treatment" or "special handling instructions". Also, unlike the physical medium it travels on, the data itself cannot be insured - and even if it was, this copy has still gone astray.

This is the same guy who said that "Organisations should aim to spend less of their IT budgets on security". So, by buying more insurance for a shipment - instead of investing in encryption technology - an organisation is increasing its costs and, in the process, not decreasing the likelihood that sensitive personal data will fall into the wrong hands.

As someone once said... words to the effect of "Better to keep quiet and be thought of a fool, rather than to open your mouth and remove all doubt."

Way to go, Gartner!

No comments: