|
Isn't this sort of necessary, given the miniature wave of ransomware/cybercrime that we've been going through? We've been saying that companies need to improve their security - isn't this it? ------------------------------------ This is somewhat tangential, but a really good "emotional transfer moment": This is exactly how some people feel about government regulation - this emotion, right here - that it's arduous, stifles innovation, hurts startups trying to get off the ground with a shoestring budget, and just gets worse every year. (now, of course, the thing that those people need to understand is that some amount of regulation is necessary. but, the thing that other people need to understand is that just because some amount of regulation is necessary, doesn't mean that you can be loose with it and allow it to metasize - law needs to be written with the same care and eye toward the future as code, and then also like code, needs to be refactored to reduce "tech debt" and keep it sane. this, currently, does not happen, and virtually nobody advocates for it) (ironically, we have way more leverage over what kinds of regulations the government puts in place than over the effective regulations like SOC2/HiTrust that are "enacted" on clients of larger companies. not sure what to do about that one...) |
I think its similar to running a bank, if you cannot protect the value (money) then you are not really a good bank. The problem is people have been pretending they are not a bank and trying to skirt protecting their customers for the better part of 20 years, especially in SaaS.