It's lonely in the middle -- but it doesn't have to be



For the middle class of companies, information protection is especially hard.

On the one hand, you now have information that is both a present corporate operational necessity and information that is what will build your future. The new and/or tiny firm may have intellectual property that is what their future is made of, but when a company is small the problem of protection is more straightforward because some one person still knows what it all is and where it all is. The Fortune 100 industry leader may have trade secrets that are likewise what their future is made of, but by virtue of their size they can buy protections sufficient to keep the protection problem and the apparatus to solve it inside the company.

For the middle size firm, keeping the protection problem inside the company is closer to intractable than it is for either the small firm or the large because the mid-range problem gets too big for one person to handle much before the mid-range firm can afford a full, in-house protection regime. This note is written for those middling firms that are not yet resource-rich enough for how information-rich they already are. Read more.

NOTE: This post originally appeared on CSO Online on January 21, 2013.

Dan Geer

Please post your comments here

Related Articles
The Evolution of Authentication and Identity Management: A Q&A with Duo's Wendy Nather

Wendy Nather discusses the evolving consumerization of security and how it affects the future of authentication.

Friday Five: 4/5 Edition

Employee theft at SMBs, fighting stalkerware, and a "hacker-proof" new cryptographic library - catch up on the week's infosec news with this roundup!

Breaches are inevitable, but sensitive data loss isn’t – thinking like an attacker to keep your data safe in the face of a breach

When thinking about data protection in today’s world, there is no shortage of attack vectors. Data is everywhere: on laptops, with vendors, on mobile devices, and in the cloud.