"I often ask, 'Everyone in the audience who thinks they're going to be using the same word processor in ten years, raise your hand.' No hands go up. 'Everyone who has data around that's going to have value in ten years?' After a minute's thought, every hand goes up. The lesson is clear: information outlives technology."
- Tim Bray
Starfish Systems
information security by design
(604) 916-7871
Services Software Community About Us

"Computer security consulting requires a high level of expertise, which few firms can economically maintain in-house."
- Richard Nolan and Larry Bennigson, Harvard Business School

There is no secret to protecting your computing environment.
It really comes down to reasoning about security.
For this, only four essential steps need to be followed:

Identify your assets and risks
Computing environments vary enormously in how they are used, how well they are built, and how much they cost to maintain. If you can estimate the value, operating costs, and risks within your environment, you can prioritize the areas which would benefit most from attention. This is an important exercise because it gives you the means to compare your environment before and after a proposed improvement. That's because even though total risk is hard to estimate, you can track component risks directly, and therefore show the value to your organization of a given improvement.
Build systems against a model
Systems are essentially characterized by two factors: design and implementation. All system issues become much easier if you can separately reason about each factor. Therefore, never build systems by hand, even experimentally. Instead, invest in an automated system configuration tool which builds each system from a specified model and a library of components. Then you can independently evolve the model to suit your requirements, while applying security patches to just one set of components. As a bonus, any system which fails can be identically replaced with zero configuration effort.
Monitor your systems
Automatically scan your network for policy compliance and vulnerabilities. In the best of worlds, this will simply verify that your systems were configured correctly. Sometimes, however, it will reveal problems that had not been foreseen at configuration time. It's also the fastest way to catch emerging problems and detect incidents in their early stages.
Stay informed
It's ironic that although computer systems are purely human artifacts, we no longer completely understand how they work. Their emergent properties are just as important as the properties intended in their design. Your technical staff needs encouragement to develop the habit of thinking about system design as set against the evolving landscape of products and vulnerabilities. Make sure also that you have clear security policies which are understood and supported by everyone in your organization.
Our Capabilities

Starfish Systems helps you to design and manage advanced computing environments which are stable, secure, and highly interoperable.

Our specialty is transplanting proven techniques from large scale system administration to smaller computing environments.

If you need an agile computing infrastructure, one which supports your innovation, which you can maintain at minimal expense, and which will evolve gracefully to meet future needs, you owe it to yourself to talk to us!