Reproduction permitted for personal use only. For reprints and reprint permission, contact

Security goes beyond technology into common-sense practices

As I have warned in previous editorials, presentations at national conferences, and network security courses, many organizations that have acquired enterprise security packages are still vulnerable to major security breaches.

Some have found out very quickly that information on their systems isn't really secure. Intellectual property and other confidential material can leak out to competitors very innocuously. Why? People give up secure information in many other ways:
• Talking in bars
• Working on a PC while commuting
• Working on a PC while traveling
• Being careless with strategic corporate information

Here is the latest incident of a lack of security and a clear demonstration of no security policies on confidential reports.

Sara Lee vs. Kraft

Before I left on vacation recently, I heard that Sara Lee was going to jettison all of its non-food divisions and focus on foods and food services. Corporate strategies are always of interest to many people: competitors, analysts, the media and others.
Sara Lee launched a new product in the U.S. more than a year ago - a coffee brand called Senseo - and it's doing just OK. It is focused to the individual coffee drinker with a single-serve system built by Philips and the coffee blend by Douwe Egberts in the Netherlands.

Even though it had great results in Europe several years earlier as a premium single-serve coffeemaker system, it is not doing as well in the U.S. There are several reasons for a lackluster performance: competition, price points of various individual brew coffeemakers and other market issues like consumer acceptance.

Kraft has a similar offering in the marketplace called Tassimo. This is a combination of Kraft's coffee offering and Braun, which is providing the coffeemaker hardware.

In the first half of this year, Senseo revenues only rose 7 percent as compared to 2005's domestic sales revenues. Maybe they charge too much for the proprietary coffee "pods".

How do I know so much? Didn't you know I'm a consumer products expert? I'm not. A competitive analyst with unorthodox research techniques who understands the value of simple corporate espionage tactics? I was simply reading a very detailed report on a PC in an airplane as I was flying back from a business trip.

The report was very thorough, was in PDF format and had about 20 different exhibits along with the strategic review of what was happening with this product. It compared it with the major competitors: Tassimo (a combination of Kraft and Braun), Keurig, Flavia and other premium brands. It discussed the four groups of coffees:
• Whole bean
• Ground
• Instant
• Ready to drink

The study even discussed the major decline in the instant coffee market. It also said that the coffee consumer would not give up quality for convenience.

It even gave a listing of the top retailers that sold the individual single-serve coffeemakers for the individual coffee drinker. It compared coffee-brewing devices and the proprietary ways they have developed "coffee systems" for the individual drinker.

This new way of marketing individual-use coffeemaker systems reminds me of the Gillette approach of selling razors. Once you buy the razor, you are locked into buying the blades from the same manufacturer forever. It's the same with the coffee packages (Senseo calls them "pods" whereas Keurig calls them "K-cups").

This is some very interesting consumer and product information that should never have been out in the open on an airplane. After reading some criticism of the Senseo pod system on another Web site a couple days later, I'm not too sure if every coffee drinker wants to be locked into one brand from one source.

Anti-Intrusion Software

Corporate executives, get a clue. Your competitor could be sitting right next to you on an airplane. You don't leave strategic reports on the future of one of your critical product lines in an open environment.

Many may know that security goes beyond the four walls of the office and understand complex network capabilities that must be in place for security. Few understand the simple corporate espionage techniques that do not employ complex technology and software.

There is also the security of when you are just sitting in a very close space like a train, a café or on a plane where you just don't start reading next year's corporate strategy or the dismal results of a product launch where anyone can read along with you.

Security is not always a "techie issue". I am sure budgets were loaded up with dollars to buy software and other anti-intrusion devices as security became the No. 1 priority of CIOs and CTOs a couple years ago. Too bad they don't guard against a lack of common sense.

Security goes beyond installing technology and software. It is a strategic issue and should be part of the overall policies and procedures of an organization. You would think with Sarbanes-Oxley focusing on information security at public companies that general security on company trade secrets and confidential reports would be included.

Many companies are very lax when it comes to teaching and enforcing to guard against breaches in confidentiality. The idea of practicing good security over confidential information should be a very basic concept especially for those entrusted with higher-level information.

Maybe Sara Lee should send me a free coffeemaker and some pods for uncovering this lack of security. Better yet, their competitors should send me a lifetime supply of their coffee and their coffeemakers. Espresso, anyone?

Carlinism: Security is everyone's job 24 hours a day.

James Carlini is an adjunct professor at Northwestern University. He is also president of Carlini & Associates. Carlini can be reached at or 773-370-1888. Copyright 2006 Jim Carlini.

The opinions expressed herein or statements made in the above column are solely those of the author, and do not necessarily reflect the views of Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.

-Add Your Comment


Comment Policy: WTN News accepts comments that are on-topic and do not contain advertisements, profanity or personal attacks. Comments represent the views of the individuals who post them and do not necessarily represent the views of WTN Media or our partners, advertisers, or sources. Comments are moderated and are not immediately posted. Your email address will not be posted.

WTN Media cannot accept liability for the content of comments posted here or verify their accuracy. If you believe this comment section is being abused, contact

WTN InGroup
FusionCIO InGroup
SupraNet Communications
WTN Media Presents