Vendors Say Data Protection Software Too Complicated To Use 153
jfruhlinger writes "With a series of major data breaches over the past few months, you'd think more and more companies would be investing in data protection software, which can help keep data secure even on systems that have been compromised. Unfortunately, even organizations that have paid good money for this software often don't use it, because, as one of the vendors admits, it's often too complicated to use."
Hire better people? (Score:5, Insightful)
Am I the only one who read this as: It's too complicated for the entry level IT guys we hire to use....
It's another security buzzword product (Score:5, Insightful)
These things come and go in the security market faster than you can believe. The problem isn't the lack of need, it's that the security software market is a "me too" market filled with companies cranking out software that has the latest buzzwords. In the security industry, everyone just copies everyone's fad else instead of innovating and trying to find a more elegant solution to the underlying problem.
But it doesn't matter anyway, since these companies all target the suits instead of the IT folks. The suits will just buy whatever product sounds nice without consulting the people who will use or administer it. There's effectively no interaction between the vendors and their user-base. /rant
Re:Hire better people? (Score:3, Insightful)
Re:Alot of Enterprise Software is "too complicated (Score:4, Insightful)
No, what it means is that a lot of responsibility that IT managers (and higher) are given, such as ensuring that confidential data is kept confidential, is either too hard for them, takes too much time or they are simply incompetent to fulful that role. I don't mean technically - it isn't just an IT managers role to tick the right boxes in a menu, I mean if THEIR managers are unwilling to spend the time, money and effort on their own, then it falls to the person to convince them of the need to do so.
Re:Hire better people? (Score:3, Insightful)
Can't protect broken systems (Score:5, Insightful)
You can't just pile software on top of a broken system/design and magically have everything secure.
What surprises me in all this is that the banks are *not* jumping all over these companies for exposing consumer credit card information - whatever happened to PCI Compliance?
Re:Average IT person is too simple (Score:4, Insightful)
And the new trend from above seems to be shifting from Design, Test, Deploy to Imagine, Deploy, Damage Control.
Imagine? Hardly. More like Purchase design, Outsource development, Purchase damage control.
Also, there is a shift away from understanding to knowing, and in this industry, knowledge is worthless. There's a man page for that. Understanding what really happens and why is what you need. Someone who knows why SElinux won't allow you to do something, and not just how to (far too common) turn off SElinux or (taking slightly more skills but no more brains) create rules to allow every complaint SElinux has.
There's also a management belief that security is a product you can implement after the fact. That's as futile as buying a kevlar vest to protect yourself from heart attack. To turn existing insecure infrastructure secure takes months or years of hard and continuous work - sometimes more than redesigning from scratch would do.
Re:Hire better people? (Score:4, Insightful)
Back in the late 90s, these companies actually trained their employees and gave raises that matched performance.
It was really amazing. Nowadays companies don't train their employees, and it shows.
It's funny to read the article and not think about training budgets being a thing of the past. It's the software's fault, not managements for sucking away the training dollars.
Re:Alot of Enterprise Software is "too complicated (Score:5, Insightful)
It's like having recipe software which you put recipes in, along with cooking instructions, and a robot makes the item. Then, once you have all the ingredients in, you realize you didn't have any cooking instructions. So you complain that the software doesn't have default cooking instructions programmed in that would just magically make cookies or cupcakes without you having to do all that extra work.
The problem isn't the software. It couldn't be any more user friendly. Just tell it what you want, and poof, it will pop right out. The problem is that the users can't be bothered figuring out what they want, so the software is at fault.
Re:Alot of Enterprise Software is "too complicated (Score:3, Insightful)
say it, mean it and give em a lot of shit when they balk at the end result. Next time, they find time for the non coding parts of the SDLC.