It's about the data not the technology.

I was asked about the best way to secure a computer yesterday and caught myself going into a list of security software, hardware and best practices, when my answer should have been a follow up question. What kind of data do you want to protect? We so often get caught up in all the cool security technology that we forget the reason for the technology is to support the goal of protecting our information.

When I started in computers in the 90’s I built a few custom systems for various people and businesses. My first question was always the same to both groups. What do you plan to use the computer for? After I got that question answered, I could ask the right questions about software and hardware to give them the “solution” they needed.

I think we need to make more of an effort to get back to that. I think the first question that should be asked of anyone, individual or business, is what kind of data do you plan to store, process and transmit? After knowing the answer to that question can we then start to ask the right questions about software, hardware and recommend the right “solution” to customers.

I know that sometimes the right questions are asked. I know that many businesses and individuals are doing the right things when it comes to security. My question is how do we get everyone else on board? Vendors sell solutions. The problem as I see it is nobody bothers asking the right questions, thus nobody knows the right "solution" for the customer.

Let me know what you think in the comments.