- From: Jeffrey Walton <noloader@gmail.com>
- Date: Mon, 16 Feb 2015 03:06:10 -0500
- To: Florian Bösch <pyalot@gmail.com>
- Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, public-webapps WG <public-webapps@w3.org>
On Mon, Feb 16, 2015 at 1:48 AM, Florian Bösch <pyalot@gmail.com> wrote: > On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloader@gmail.com> wrote: >> >> For the second point, and as a security architect, I regularly reject >> browser-based apps that operate on medium and high value data because >> we can't place the security controls needed to handle the data. The >> browser based apps are fine for low value data. > > I'm not sure what "high value data" is. But I'm fairly sure that just about > any e-banking solution in existence is browser based. So I'm guessing your > definition of "high value data" doesn't include banking access. You work for > the NSA? Oh snap, the high value data just walked out there on a USB stick. Each organization classifies its own data according to its own risk posture. High value data would include, for example, Executive Compensation, Pending Litigation, and Mergers & Acquisitions. Heck, even some movie studios classify movie trailers as high value until they are released in theaters. I don't work for the NSA, but I have done a lot of work in US Federal and the US DoD. I have not drank the Web 2.0 koolaide. We still need security controls commensurate with the data sensitivity level. Jeff
Received on Monday, 16 February 2015 08:06:37 UTC