With all of the discussion of hackers, advanced persistent threats (APT's) and email scandals, I thought it was timely for me to discuss my philosophy on data consolidation. Before delving into the concept of data, you must be able to compare it to its physical equivalent. So many people, supposed professionals and hobbyists, pretend that data (or digital assets) are somehow not physical. This is because many folks in our space believe the digital realm to be a fairy-tale kingdom where they can set the rules. It isn't. The digital world is subject to the same laws and limitations as the physical world. As ether-like as charlatans want you to believe it is, data always physically exists somewhere. What makes it appear omnipresent is its ability to be copied and distributed on a mass level with little effort.
It is for this reason that I am a huge proponent of server consolidation. The most successful method in physical security is to put all of your ‘crown jewels' in one place so that you may concentrate on its fortitude. Just as in the physical world, it is great to have multiple locations and redundancies for the less valuable data, but the most valuable must be in one spot. Two at most. Mind you, these are the data that make your company's secret sauce. There is a reason there is a second, locked, kitchen at Crustacean in Beverly Hills. If their data gets out, they'd become like every other seafood joint in town. Some may say that redundancy is important to insure prevention of data loss. Again, that works for the data that will not ruin your company if stolen. If it will not ruin your company if revealed, it isn't the same valuable data of which we are speaking. I belong to the world's oldest fraternity. Yes. I'm a Freemason. For more than three thousand years, the process of transferring data from mouth to ear has worked perfectly. Did you know that the Central Intelligence Agency modeled their communications after that of the Freemasons? Now you do. Since the building of King Solomon's temple, we've not written anything down. I'm not kidding. This is the truth. In fact, I've probably told you too much.
The true major-leaguers in the infosec world know that sensitive data is better lost than stolen. I repeat. Better lost than stolen. Don't forget it.
Now, I'm going to finish my coffee.