On Mon, Feb 16, 2015 at 1:48 AM, Florian Bösch <pya...@gmail.com> wrote: > On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> For the second point, and as a security architect, I regularly reject >> browser-based apps that operate on medium and high value data because >> we can't place the security controls needed to handle the data. The >> browser based apps are fine for low value data. > > I'm not sure what "high value data" is. But I'm fairly sure that just about > any e-banking solution in existence is browser based. So I'm guessing your > definition of "high value data" doesn't include banking access. You work for > the NSA? Oh snap, the high value data just walked out there on a USB stick.
Each organization classifies its own data according to its own risk posture. High value data would include, for example, Executive Compensation, Pending Litigation, and Mergers & Acquisitions. Heck, even some movie studios classify movie trailers as high value until they are released in theaters. I don't work for the NSA, but I have done a lot of work in US Federal and the US DoD. I have not drank the Web 2.0 koolaide. We still need security controls commensurate with the data sensitivity level. Jeff