Security: It’s all about the data. Now that seems simple enough. “It only makes sense that our computer security defense plan is data-centric,” Roger Grimes explains. But first you have to locate that data. Then comes classification. Next up: create a threat model. Those and nearly half-a-dozen more steps will get you started. “Many other experts have been preaching a data-centric approach toward computer security over the last year or so. The government has recognized this approach for the last century or so. The rest of us are late.”From the Test Center: Even though they existed prior to the emergence of AJAX, rich-client frameworks JackBe and Nexaweb are refining the art of enterprise Web apps. “Both show how far the world of AJAX -based clients have come while illustrating just how lost they can be without adequate server support. The Web is a dangerous place and these applications need a good back end,” Peter Wayner writes. “Nexaweb and JackBe Presto are ideal tools for the folks responsible for moving an enterprise’s Web presence into Web 2.0 and beyond.” Read the full review.Storage: After waiting years for a vendor to proclaim the death of disk-storage, Mario Apicella saw his prediction become reality, in ink. That vendor was Sun, and its CEO Jonathan Schwartz made the declaration, just not in so many words. “The days of developing storage solutions independently from (or, I’m tempted to say, in opposition to) application servers are gone — at least at Sun, but other vendors take note,” Apicella writes in Storage arrays are dead; long live tape. “Wouldn’t it be ironic if the tape drive, a device that has been declared dead so many times by so many experts, were to be the only survivor of the storage years?” Best of the blogs: Protecting users from spam without blocking legitimate messages is tricky, to say the least. “But one thing my readers agree on is that AOL’s approach is clueless,” Ed Foster writes in this Grip Line post. “It seems that all it takes is a few ‘Clueless Ones’ to erroneously report your message as spam to guarantee that AOL will periodically block all your e-mail to all AOL customers, one reader found. “Of course it would be even better if AOL came up with a spam blocking technique that doesn’t impact so many legitimate senders. What’s your suggestion?” Security