Copy Notify!: Best Computer Security. USB Port Security. Device Control and Detection. Attachment Blocking.

Best Computer Security

Mr. CISO,you do not even know how many computers you have!??

By Mr. Zarir. M. Karbhari - Founder & CEO of CopyNotify!

It all starts with a prospective customer usually represented by the CISO (Chief Information Security Officer) or system administrator giving me a call, telling me he has evaluated our data theft prevention software and now wishes to purchase licenses. So naturally I ask regards the number of licenses of CopyNotify! he wishes to buy .. and then comes that familiar eerie 'PAUSE' followed with a reply that he will get back to me. Of course he does get back to me with the required information however that eerie 'PAUSE' seems to come up more often than usual while speaking to other prospective customers as well. 

Why this uncomfortable 'PAUSE' when I ask how many licenses they require ? The answer is both shocking and surprising ...they do not have up to date information as to how many computers they have in their organization readily available. Mind you, my prospective customers are not the 5000+ computer in office kind of organization, they usually are the Small or Medium Business Enterprises having much fewer computers / laptops.

I know that the system administrator or CISO have contacted me as they are worried about Data Theft and want to install the best computer security software and that is why they downloaded our security software but to me not having an idea how many computers (computing assets) they have really defeats the whole purpose of having a data protection software in the first place.

Confidential data resides on your PC, lets monitor the physical presence of the PC first and then worry about the security of the data that resides on that PC. A CISO should know at all points of time how many PCs/Laptops there are in office, where are they located and who are using these computing assets. If one does not such updated information at all points of time then how will one know if an asset is missing, is lost or is stolen. Should a computing asset go missing so does the data on it. We spend millions for data loss protection software but all this expense is useless if the physical monitoring of the existence of a office computer or laptop, its location as well its user is also not kept track of.

To reinforce my point of how crucial continuous physical monitoring of a computing asset is, let me give you an example of how a customer lost a laptop but he got to know that it was missing only 2 weeks later. This means the classified data on that laptop got categorized as breached, lost or stolen the day the laptop went missing and the organization realized it only 2 weeks later. Had correct and continuous computing asset management policies been in place, the organization would have been notified of the loss or theft far earlier.

What is the use of having state of the data loss prevention software if a far more basic requirement of computing asset management and monitoring is not in place. A CISO must know the state of his computing assets at all points of time !

CopyNotify! on Twitter