> it's all about managed servers and dedicated firewalls
The product I spend most of my time working on sells as a managed service to the investment/advice banks, and even though we only deal with the T&C side of things (no money, very little by way of client data (it should be zero client data really, but as names and other identifying info sometimes creep into file-check records and such they have to take precautions based on the service having more than just employee details within)) we have to keep with that sort of standard: ISO27001, everything dedicated including firewall boxes between "their" machines and us (& the rest of the DC, obviously), regular penetration tests, they even require background-checks and other vetting of our staff.
One of the other products worked on from here is used by the Met Police and several local councils. Even though it is only their procurement departments (bulk order of paperclips, ...) the hosting security standards are similar (in some ways more stringent).
> People need to start taking this stuff a little more seriously.
For bitcoin definitely. Companies like our clients already take it very seriously (the regulators would fine them heavily if they didn't, and if they didn't and information leaked out because they didn't the PR could be disastrous). What many of the individuals dabbling in bitcoin don't realise is that if they want a decentralised currency where no bank or government department has control, no bank or department can protect them so they need to make sure they provision sufficient security themselves which means properly vetting any suppliers or keeping the wallet in their own environments.
It surprises me that people running towards bitcoin because it is decentralised then immediately run to a centralised coin store to make life easier... They seem to want their cake and its icing without taking precautions to defend it from ants.
(OK, so many are running to it ATM because of the hype, rather than because of the decentralised nature, but they often claim otherwise)
The product I spend most of my time working on sells as a managed service to the investment/advice banks, and even though we only deal with the T&C side of things (no money, very little by way of client data (it should be zero client data really, but as names and other identifying info sometimes creep into file-check records and such they have to take precautions based on the service having more than just employee details within)) we have to keep with that sort of standard: ISO27001, everything dedicated including firewall boxes between "their" machines and us (& the rest of the DC, obviously), regular penetration tests, they even require background-checks and other vetting of our staff.
One of the other products worked on from here is used by the Met Police and several local councils. Even though it is only their procurement departments (bulk order of paperclips, ...) the hosting security standards are similar (in some ways more stringent).
> People need to start taking this stuff a little more seriously.
For bitcoin definitely. Companies like our clients already take it very seriously (the regulators would fine them heavily if they didn't, and if they didn't and information leaked out because they didn't the PR could be disastrous). What many of the individuals dabbling in bitcoin don't realise is that if they want a decentralised currency where no bank or government department has control, no bank or department can protect them so they need to make sure they provision sufficient security themselves which means properly vetting any suppliers or keeping the wallet in their own environments.
It surprises me that people running towards bitcoin because it is decentralised then immediately run to a centralised coin store to make life easier... They seem to want their cake and its icing without taking precautions to defend it from ants.
(OK, so many are running to it ATM because of the hype, rather than because of the decentralised nature, but they often claim otherwise)