<div dir="ltr">Shachar, Geoff<br><br>"Mechila" if I used circular logic previously<br><br>If I may -<br><br>One can take a "live free or die" approach - that is ok.<br><br>Or can take a "practical threat" approach that considers asset value, probability of threats, amount of damage caused by threats that exploit vulnerabilities and cost of the security countermeasures.<br>
<br>In our business operations:<br><br>a) we have sensitive assets - business plans, customers, sales pipeline. See point d) below<br><br>b) the threat probability of one of our operations getting a US court injunction is so low that I don't even bother with security countermeasures. OTOH - the threat of dos/web defacing/site downtime/poor response time is high enough that we considered and eventually deployed outsourced services for messaging and hosting. We use slicehost, <a href="http://rackspace.com">rackspace.com</a> and Google Apps. Dev servers are inhouse.<br>
<br>c) Yes Google has vulnerabilities - being able to search your content, being liable to disclose your content during a lawsuit discovery....In my estimate, the probability of of these vulnerabilities causing us damage is close to zero.<br>
<br>
Our estimate is not "one size fits all" - but since we are not likely to
become embroiled in California lawsuits - I am comfortable with the
business vulnerability analysis I've done.<br>
<br>>>> Apropos - My personal estimate is that the probability of a privacy breach is higher in the Israeli Ministry of Defense than in GooglePlex.<br><br><br>d) We deploy security countermeasures to protect assets:<br>
0) We don't use Google docs, Never.<br>1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail<br>2) if we really need to
send them to someone - we encrypt or use secure copy.<br>3) we physically destroy hard disks (it's fun...)<br><br><br>d<br><div class="gmail_quote">On Tue, Aug 18, 2009 at 2:58 PM, geoffrey mendelson <span dir="ltr"><<a href="mailto:geoffreymendelson@gmail.com">geoffreymendelson@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"><br>
On Aug 18, 2009, at 2:47 PM, Shachar Shemesh wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Your claimed price of "zero" disregards certain costs. For example, you do not count the cost in loss of privacy and the cost of having your emails available for parties to summon from Google using the court system without your knowledge. Obviously, these may not be concerns for you, and as such, may not be something you count as cost. That is fine, so long as you do not have the hubris to claim that this applies to everyone.<br>
</blockquote>
<br>
<br></div>
Good point. I just want to point out that since Google is in the State of California, not the State of Israel, if your company is not incorporated in the US, or registered with the State of California as a "foreign" (out of state) corportation it's a court system in which you have no legal standing. IAMNAL, but a similar condition exists for the Federal court system too.<br>
<br>
Geoff.<br><font color="#888888">
-- <br>
geoffrey mendelson N3OWJ/4X1GM<br>
Jerusalem Israel <a href="mailto:geoffreymendelson@gmail.com" target="_blank">geoffreymendelson@gmail.com</a><br>
<br>
<br>
<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Danny Lieberman<br>-------------------------------------------------------------------------------------------------<br>Protect your data: <a href="http://www.software.co.il">http://www.software.co.il</a><br>
Twitter: <a href="http://twitter.com/onlyjazz">http://twitter.com/onlyjazz</a><br>Skype: dannyl50<br>Warsaw:+48-79-609-5964<br>Israel: +972 8 9701485<br>Mobile: +972 - 54 447 1114<br>
</div>