Hayek wrote in his Nobel lecture – “I confess that I prefer true but imperfect knowledge. . . to a pretence of exact knowledge that is likely to be false.”
One of the biggest sins of man is hubris. The Obama administration is guilty of hubris. As an American living outside the US in the Middle East – I can say that where I live – we see a US President who projects an image of a superstar/saviour/media-star, who turns his back on old relationships, who delivers ultimatums, who waffles on dictators and who bases his foreign policy on appeasement and his domestic policy on regulation.
OK – now that I got that rant out of my system – let’s talk about data loss prevention and the sin of hubris.
A good deal of data security spending on products from companies like Fidelis Security Systems, Verdasys, Mcafee, Websense, Symantec and RSA is driven by privacy compliance and to a lesser degree (since it’s less direct) by corporate governance (SOX says you shouldn’t cook the books which is not exactly a data loss threat but DLP is often part of an enterprise security policy for monitoring data leakage inside the company and detecting certain types of fraudulent activity).
It is a given that the US economy is the most highly regulated on earth – over 1percent of the GDP is spent on corporate governance and compliance to laws like SOX and GLBH. It is a simple observation that despite privacy compliance regulation – the US is a world leader in large scale data loss events.
Therefore – it stands to reason that privacy regulation and all the technology we’re throwing at the problem is not an effective data security countermeasure. IT spend on security and governance is what – about $10BN/year?
And we pretend to be able to prevent data leakage?
This is a sin of hubris.