Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Stretch Your Security Dollar

Posted by ryuzaki0 on from the time-to-ask-for-new-toys dept.

itwbennett writes "Taking an aspirin a day will keep you headache-free but it can also reduce your risk of heart attack. You're definitely getting your money's worth out of that bitter little pill. But experts say you can also get additional ROI from security, business continuity, disaster recovery and compliance investments, writes Daniel Dern in a recent article. In fact, you can get 'double or triple the value from "side effects,"' observes Jim Cuff, VP of strategy, Iron Mountain Digital. For example, tools purchased for compliance management can also help identify redundancies and other inefficiencies. Security appliances don't just provide security; they can also be used for performance and bandwidth management, and enforcing acceptable use policies. Or take the next step and use disaster recovery resources 'for part of your active environment, like load balancing, test and develop and QA, and backup, not something you have just in case,' urges Greg Schulz, founder and senior analyst of the StorageIO Group. And for the ultimate bang for your buck, take your facilities and knowledge and turn them into an external business offering."

51 comments

  1. Press release by Anonymous Coward · · Score: 4, Insightful

    Since when do press releases merit posting on /.?

    1. Re:Press release by Hurricane78 · · Score: 1

      The last word of the title of it may give you a hint. ^^

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  2. Cannot compute analogy by a1210 · · Score: 5, Funny

    I don't quite get the asprin analogy, can someone give me a car analogy please? :)

    1. Re:Cannot compute analogy by piojo · · Score: 2, Funny

      Changing your timing belt before it fails?

      --
      A cat can't teach a dog to bark.
    2. Re:Cannot compute analogy by Normal+Dan · · Score: 3, Insightful

      Using a higher grade fuel will get you better gas mileage but it can also reduce your chances of breaking down. Disclaimer: I am not a car doctor.

      --
      A unique way to learn a language: http://languageloom.com
    3. Re:Cannot compute analogy by Jurily · · Score: 1

      A crash test a day keeps the thieves away.

    4. Re:Cannot compute analogy by swanzilla · · Score: 1

      Taking an car a day will keep you headache-free but it can also reduce your risk of heart attack. You're definitely getting your money's worth out of that bitter little car.

      --
      0 = 1 + e^(Alt something)
    5. Re:Cannot compute analogy by asackett · · Score: 1

      Uh... if by "higher grade" you mean higher octane, you're mistaken. In fact, if the "cheap gas" doesn't cause pinging in your engine, the "higher grade" fuel gives you nothing but more expensive exhaust gases.

      --

      Warning: This signature may offend some viewers.

    6. Re:Cannot compute analogy by frosty_tsm · · Score: 1

      Uh... if by "higher grade" you mean higher octane, you're mistaken. In fact, if the "cheap gas" doesn't cause pinging in your engine, the "higher grade" fuel gives you nothing but more expensive exhaust gases.

      Unless, of course, your engine was designed for the higher octane (i.e. sports cars / turbo cars). You'll destroy your engine. Or your ECU programming from the factory was crap and it pings on a hot day (I've seen this).

      But yes, in your Honda Civic it won't give you much (if anything).

    7. Re:Cannot compute analogy by asackett · · Score: 2, Informative

      That's kinda why I said, "if the 'cheap gas' doesn't cause pinging". Detonation is a real bitch and can crack pistons, thrash pins and rod bearings, and just generally be a real pain in the wallet come repair time. But a broken piston is a good excuse to increase the bore... :-) Still, if you're not getting detonation, all you get from high octane gasoline is expensive exhaust gas.

      If you get pinging only on hot days or only at high altitude, try curing it the same way you'd cure vapor lock on a carbureted engine -- I don't mean clamping wooden clothespins on the fuel lines and leaving them there forever, but that's a good way to prove whether or not that's your problem. If it is, just reroute the fuel lines away from the heat sources and call it good. Sometimes the heat source is the automatic transmission or the exhaust pipes so you have to look all the way back to the tank to find the likely suspects, but if you're doing it yourself the one-time expense of rerouting is a lot less than the every fill-up expense of higher octane fuel.

      --

      Warning: This signature may offend some viewers.

    8. Re:Cannot compute analogy by mister_playboy · · Score: 2, Informative

      Any vehicle built in the last 15 years will have a knock sensor to prevent detonation, so it's a tricky business to determine whether you are getting anything out of premium fuel. The lower gas mileage (caused be the ignition being retarded by the knock sensor) from running on regular gas in a vehicle designed for premium can sometimes outstrip the cost savings of using regular gas. This has to be evaluated on a case-by-case basis... there is no hard and fast rule. The compression ratio and head material (aluminum is less likely to knock than iron) need to be considered.

      As for pinging at high altitude, that's unlikely... octane requirement decreases with increases in altitude as their intake charge is less dense, so the baseline fuel map will be richer compared to sea level. Many cars advertise the ability to compensate for altitude change, but that is highly dependent on having a correctly working oxygen sensor.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
  3. Or... by UncleWilly · · Score: 2, Funny

    Or follow the herd and move off-shore.

  4. I've got a great idea for the US Mint... by Tetsujin · · Score: 4, Funny

    OK, you ready? Here it is...

    Silicone bills

    Ever felt a need to stretch your dollar further? Now you can, with silicone bills...

    --
    Bow-ties are cool.
  5. In other words... by Anonymous Coward · · Score: 0

    BUY MY PRODUCT!

    No that there's anything wrong with that.

  6. I need an asprin by syousef · · Score: 2, Funny

    ...after reading that terrible analogy.

    --
    These posts express my own personal views, not those of my employer
  7. Making disaster recovery part of your capacity? by Chris+Mattern · · Score: 1

    Problem with that is, when you need to use your disaster recovery to recover from a disaster, it won't have enough capacity--because you've sized yourself that your load needs your "regular" servers *and* your "disaster recovery" servers, and when you have just your "disaster recovery" servers, it'll all freeze up under a load it can't handle.

    1. Re:Making disaster recovery part of your capacity? by dgatwood · · Score: 3, Insightful

      Oh, no, it's far worse than that. As soon as I read that suggestion, I immediately had words going through my mind that I won't say in public, even on Slashdot. If your backups are online AT ALL, you have no backups. All it takes is one malicious employee who decides to nuke all your systems at once, and you've lost everything. Not to mention that if those systems are part of your normal operation, that usually means they're in the same building as your normal operations center, and thus all it takes is one fire and you've lost everything.

      The requirements for a proper backup are that it must be A. periodically checked for functionality, B. off-site, and C. not connected to the Internet in any way. The ideal implementation involves a vault made of 30 feet of concrete. Most people forget that first one, admittedly, and that causes a lot of problems when disaster strikes. That's still no excuse for ignoring the last two instead.

      An online hot swap spare is not a real backup, period, no matter how you use it or implement it. It's great for getting up and running again quickly, but when the hackers compromise your password database, your replicated hot swap spare is compromised, too. When you accidentally introduce a bug that treats social security number 999-99-9999 as an end of record marker and causes records of resident aliens to be deleted or corrupted, your replicated hot swap spare is corrupted, too. Online spares (in any capacity) are to backup as RAID is to backup. They solve a limited class of failures, but do nothing whatsoever for several much larger classes of failures.

      Indeed, it is this sort of thinking that is costing Microsoft a pretty penny. Given that the Danger incident just happened a few weeks ago (and they're still cleaning up the mess even today), it's amazing to me that a VP of a computer firm could have already forgotten it. It is this very sort of recommendation from so-called "consultants" that ends up utterly destroying companies in spectacular ways when a real disaster actually happens. To the VP in question, please stop giving such TERRIBLE advice.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:Making disaster recovery part of your capacity? by happyslayer · · Score: 1

      I agree that an ideal backup solution would be something along the lines of Cheyenne Mountain's basement--with armies of mole-men transcribing the data onto titanium slabs. (Mole men are secure, because all you need to keep them in check is a couple of big sun lamps!)

      But, I would say that the old Meatloaf song would make a good compromise to your 3 criteria: "Two out of Three Ain't Bad." In my particular case, I had a medical customer who needed reasonably up-to-date backups of everything...worst case scenario being the building burned down. So, with that in mind, I ended up using rdiff-backup over ssh to our own servers. Reasoning as follows:

      • Periodic checks were done by me and my staff at varying hours...check.
      • Off-site backup...check. Customer could reasonably get up and running with a big check, a trip to Walmart, and about 12-24 hours of coffee for me and my folks.
      • Users were complete "Users", as in, did not know, care, or desire to learn how things worked--they just "should."

      Because of that last item, relying on them to perform an off-line backup, take the data to an off-site facility, and remember to bring them back in in the morning for another cycle was out of the question. Also, I was being paid well, but not well enough to make the trip every single day to personally conduct the work myself...or pay a minion to do it.

      (Funny how a doctor will by a brand new Escalade for show, then scrimp on paying for extra work and extra security...probably not the only industry that way...)

      Overall, it worked great. Problems were identified quickly, never lost any data over 3-1/2 years of servicing the contract, and went through 3 various upgrades and major replacements without any data lost.

      This isn't to promote online-offsite backups, just to say that there are times where we all compromise....and as for my backups, they were periodic, off-site, and offline...and included the customer's data...just less frequent snapshots.

      --
      Never confuse movement with action. --Hemingway
    3. Re:Making disaster recovery part of your capacity? by Fulcrum+of+Evil · · Score: 1

      If you're big enough, you can run in N+1 capacity - lose a DC and your servers get hotter. Even a scaled version of the site somewhere else can keep you limping for a bit. Depends on what exactly you're doing, as with everything.

      --
      "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
    4. Re:Making disaster recovery part of your capacity? by da5idnetlimit.com · · Score: 1

      Disclaimer : yes, IAMDRS (I Am A Disaster Recovery Specialist...yeah, like I can brag about it whenever I want 8p)

      We offer something along the same line for enterprise class backup. Except we install a vendor agent on the server and send the "diff" to an EMC array in a Tier3 datacenter.This array is replicated real time to another location situated 20 miles from there using a dedicated high speed private network (aka Chunk O' Fiber on two different routes), and the first copy is backuped in full everyday.The system also allows for versionning, dedupe, encryption, restoration of a single file in the backup, bare metal restore, etc ad nauseatum.

      What you put together with a remote, direct to disk copy and off site tape is the best you can get nowadays without too much compromises and a good service level if you are serious about ups's and temperature control etc.

      I should know. It's what I have at home between my place (FTTP 50Mb up) , vpn to the "backup and everything else" server in the basement of my parents house - Cable, officialy up to 100 Mbps down - but Nagios forgot to tell me about it the day it happened... - yes, it runs linux 8p

      Only difference with you is I offsite the tapes to my workplace 8)

      --
      It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
  8. how much did scuttlemonkey get paid by Anonymous Coward · · Score: 0

    to run this ad?

  9. An ad for... by cosm · · Score: 2, Funny

    Norton ViagraWorks 2010?

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:An ad for... by cosm · · Score: 1

      It would explain why everybody pictured on their packaging is smiling...

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
  10. Ixnay on the olicypay... by nsayer · · Score: 1

    they can also be used [for] enforcing acceptable use policies.

    I dunno, somehow it seems just wrong to say that on /.

  11. Back to security by sopssa · · Score: 5, Funny

    Shutting down your computers improve your security, but you'll also get a girlfriend.

    1. Re:Back to security by DiegoBravo · · Score: 4, Funny

      Bad analogy. The article(?) is about SAVING money, not money bleeding.

    2. Re:Back to security by Anonymous Coward · · Score: 0

      Shutting down your computers improve your security, but you'll also get a girlfriend.

      Bad analogy. The article(?) is about SAVING money, not money bleeding.

      Don't follow up a "girlfriend" comment with a "bleeding" comment!

    3. Re:Back to security by sopssa · · Score: 0

      Since when slashdotters spend money on their girlfriends? Girls pay to *be with a /. guy*. On top of that slashdotter's girlfriends also cook delicious food, invite their cute girl friends to have group sex on friday night (or any night you want) and buy new computers to them. You've got all of this wrong!

    4. Re:Back to security by mister_playboy · · Score: 1

      Dude, I told you already, she's MY girlfriend, not yours!

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
  12. Aspirin shmaspirin by musicalmicah · · Score: 3, Informative

    Actually, daily doses of aspirin can be harmful to many different sorts of individuals, though the parallel still stands, I suppose: just as many industry-prescribed security policies can have beneficial "side effects" for your business, they can also yield unintended consequences that generate more cost--and real risks (the feeling of security often leads to less of it!)--due to lack of careful planning or proper implementation.

  13. A Aspirin a day? WTF? by Hurricane78 · · Score: 2, Insightful

    I really hope, that that is not a normal attitude in the USA. I mean, I hope that everyone here is perfectly aware how any why this is a really fucked up way of thinking.

    It's basically the same thing, as automatically filtering all error messages regarding the risk of hardware failures out of your log files. It keeps you just as "error free".

    Oh, wait. No. It's even worse. Because aspirin has side-effects. Like causing stomach ulcers on daily intake, in people that have problems with its acidity. And many other things.
    Oh, and making you addicted, because as soon as you stop taking them, the headache and all the other masqueraded problems come back with a 100% guarantee. And most likely even much worse.

    Just as with pretty much every common pill out there.

    Sorry, but I refuse to read the rest of TFS, when it's written by someone with that attitude.

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
    1. Re:A Aspirin a day? WTF? by compro01 · · Score: 1

      An asprin a day has nothing to do with headaches and such. Asprin (typically an 81mg daily dose) is a cheap and effective mild blood thinner with relatively minimal side effects and has been studied extensively for decades.

      --
      upon the advice of my lawyer, i have no sig at this time
    2. Re:A Aspirin a day? WTF? by Fulcrum+of+Evil · · Score: 2, Insightful

      An asprin a day has nothing to do with headaches and such. Asprin (typically an 81mg daily dose) is a cheap and effective mild blood thinner with relatively minimal side effects and has been studied extensively for decades.

      Mild effects? Sure, unless you take too many, or take Vicodin or have liver/kidney problems. Then it can kill you dead.

      --
      "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
    3. Re:A Aspirin a day? WTF? by Anonymous Coward · · Score: 0

      sir,
              you are confusing aspirin with tylenol ...
      you are quite a luddite,
      please stop evilyfing the result of statisticaly sound research

    4. Re:A Aspirin a day? WTF? by IllForgetMyNickSoonA · · Score: 2, Informative

      Now, why in the world is this modded as "troll"?

      In Europe, the most medical doctors scoff at the notion of taking medicine "just in case", "even" if it's an aspirin. If there is no medical reason to apply medications to your body, then DON'T DO IT. That is the widely spread and accepted attitude.

      Now, of course you can choose not to believe MDs and rather to design your own medication programs instead, but you should not mod a person down saying this would be a dangerous and a stupid thing to do. Disagree != Troll!

    5. Re:A Aspirin a day? WTF? by Anonymous Coward · · Score: 0

      It's amazing, I recently started working in the US and it has shocked me just how many people are on multiple prescription meds. It's just not seen as an issue or problem over here for the vast majority of people, it's perfectly normal to be popping handfuls of pills for various perceived ailments and illnesses.

      It's frightening actually, it's something I had never thought about before moving. The pharmaceutical companies are having an absolute field day and most people seem to be completely oblivious to it.

    6. Re:A Aspirin a day? WTF? by harry666t · · Score: 1

      I would never trust a company to keep me healthy when it's most profitable for it to have as many people ill as possible. Therefore, I never take any meds.

      related: http://science.slashdot.org/article.pl?sid=09/09/07/1526234

  14. Security !~ ROI by KnowlerLongcloak · · Score: 1

    If someone talking about security starts to mention ROI, I tune them out. They don't know the basics about security.

    When I talk security to upper management I never use the term ROI. That term is too steeped in revenue generation that you cannot separate the term from the expectation of increased sales or increased profitability.

    Security is like insurance it protects against loss. Security (for almost all companies) never generates revenue, therefore it can never have ROI in the traditional sense.

    Some security companies will try to say that the Return is [insert some intangible benefit here].

    They should really sell it like insurance where they mention the protection from loss in tangible terms.

    1. Re:Security !~ ROI by jman11 · · Score: 1

      I have to disagree. When discussing security and insurance then return on investment is a perfectly valid term.

      Security and insurance are opposites. Security is stopping something going wrong and insurance is getting some money so you can rebuild/replace after it does.

      Increasing your security can decrease your insurance costs; bang you've got a return on the investment.

  15. Why are all the quotes from Marketing people? by walmass · · Score: 1

    VP of strategy, Director of Marketing, etc. etc. for companies that sell Backup, Storage and Virtualization. And they are suggesting you implement those so you can justify the expense by showing security ROI. Nice. I agree with the central point being made, which is that the same HW can be used for security and other non-security purposes. The door that keeps out intruders also keeps out the cold. But please do not call that ROI. Ask any security person, and s/he will tell you that security has no ROI, or should not. That horse is dead. If someone is still peddling that security ROI cool-aid, ask them what is the ROI for the insurance they have. Or some pointy-headed boss is going to call his poor security guy and demand ROI figures for all the security projects. He may even demand that the firewall rules be mauve. http://www.andrew-eells.com/wp-content/uploads/2008/09/mauve.jpg

  16. Aspirin by Dunbal · · Score: 3, Informative

    Taking an aspirin a day will keep you headache-free

          Dear submitter,

          Since you insist on doling out pharmaceutical advice be aware that your statement is utterly false. Fortunately you won't be held as accountable as we practitioners are. Lucky you. I could lose my house because of something like this.

          You obviously have never heard of analgesic rebound headaches.

          Just in case you don't believe me. There, I'm bored. You look for the rest.

          A tip - if you have constant headaches, see your doctor instead of taking aspirin or some other analgesic every day.

          Love,

          A physician.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Aspirin by Anonymous Coward · · Score: 0
      No kidding. I used to take aspirin daily and ended up with multiple ulcers. Then I had to take omeprazole for a loong time to cure those ulcers...

      Still, taking omeprazole was lovely compared with the gastric endoscopy.

      My headaches turned out to caused by a sinus infection anyway...

  17. Keep your door locked... by Hawthorne01 · · Score: 1

    ... and be wary of strangers who knock. Make sure your home is well-lit outside and trim away the foliage from your windows.

    Oh, computer security.

    Nevermind.

    --
    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
  18. Aspirin. by Geoffrey.landis · · Score: 2, Insightful

    "Taking an aspirin a day will keep you headache-free"

    No, actually it won't.

    --
    http://www.geoffreylandis.com
  19. Lies and damn lies. by Nazlfrag · · Score: 1

    Aspirin can be addictive and dangerous to your health if taken in inappropriate doses. Curiously enough, the rest of what they have to say is complete bullshit also.

    1. Re:Lies and damn lies. by happyslayer · · Score: 1

      And they didn't even bring in "statistics"....guess that would have been too much of a giveaway...

      --
      Never confuse movement with action. --Hemingway
  20. Enforcing acceptable use policies? by jayme0227 · · Score: 1

    Security appliances don't just provide security; they can also be used for performance and bandwidth management, and enforcing acceptable use policies.

    Slashdot just better hope that many of our employers don't find out about this.

    --
    But then I realized the cable was blue, so I only gave it one star. I hate blue.
  21. For a car analogy... by Daniel+Dern · · Score: 1

    If only the poster had tried quoting the opening of the (my) article proper,
    "Like the airbags in your car..." rather than offering an example not found
    in the article.

    Of course, I can't think of an ROI for airbags when they're not being deployed for
    safety reasons. Arguably a full-sized spare tire might be value-recouped, by
    putting it into your tire rotation, although that may not be as good an idea as it used to be.

    Daniel Dern (who wrote the article)

    --
    Daniel Dern - Freelance technology writer dern at pair{dot}com