I was reading the latest report published by Deloitte titled “The 6th Annual Global Security Survey.” I did enjoy the survey results and I do intend on using a portion to help shape my general information security strategy in my practice. Certain fundamentals are always sound and always obvious. One quote that I’ll comment on is this, “While a large number of respondents (38%) indicate an equal concern for the misconduct of both internal and external people, it is clear that internal people alone are the biggest worry – 36% versus only 13% for external people. Organizations clearly recognize that internal people, the machine that makes the business run, are a concern.” The notion that is prevalent in the information security space is that there is even a debate on insider threat versus outsider threat. Why is there a debate at all? The crown jewels of the enterprise has always been our data sources. You lose your database, you run the risk of losing business. Simply put, “No Data, No Business!” Philosophically speaking, I don’t believed that my network or enterprise actually has a perimeter, however, my database does. I keep it simple by defining the perimeter to my data sources and anything outside of that perimeter to be an “outsider” connection. My rules of engagement or treatment are defined by this relationship. With the advent of the networking and Internet enabled applications, we have compromised the traditional concept of the perimeter. Yes, we still need controls such as the humble firewall. These are the symbolic locks on our homes that are designed to keep out honest people, but, not criminals. Reasonable layers are prudent. Treat your corporate data sources with the utmost care and concern and information security, business continuity, and disaster recovery just becomes simple and less expensive.