More Layers Than a Wedding Cake

I just ran across an interesting example of the challenge of assuring information security in thick-client environments. Ireland’s ROISoft offers a security suite called ExSafe that’s aimed at improving security for the data and the intellectual property that are stored in Excel-format spreadsheets. It provides audit-trail capability, cell-level access control, and closure of some security loopholes whose existence had not occurred to me: for example, via the unsecured temporary files that may be left behind when an Excel session has an abnormal termination.

This refreshes my concern about the almost uncountable avenues of leakage that are opened when people are downloading entire data sets, using them and storing them on all kinds of different workstations and storage devices — instead of keeping primary data collections on securely administered systems, and bringing only the minimal working sets of current items or query results out to the edge of the network.

And woe betide the administrator, these days, who dismisses the On Demand option by saying "I’d never trust my data storage to someone else’s machines." I’ll bet the sysadmins at TJX said something like that, at some point, and I’ll bet they don’t enjoy eating those words. There’s never been a better time to take proactive measures to reduce the number of places where data is kept, to minimize the number of links between points of storage and points of use, and to call upon outside providers to undertake IT tasks that offer no competitive advantage when done right — but threaten catastrophic harm when done wrong.

April 6, 2007