Archive for the ‘Data Security’ Category

« Older Entries
Newer Entries »

It’s Not Personal – It’s Business

Monday, March 7th, 2011

Employees at Wells Fargo really shouldn’t take it personally that their CIO, Wayne Mekjian, won’t let them use personal devices to access the corporate network – it’s just business.  In today’s Network World article entitled “Wells Fargo says no to personal smartphones and tablets, period” it’s obvious Wayne is serious about financial data security and responsibility.  And who’s to blame him, after the financial scandals and meltdown of the past few years, CIOs in the financial industry should be on red alert to avoid embarrassing data breaches.  You have to applaud Wayne for taking a stand for information security.

It’s not like Wayne won’t let his folks use smartphones and tablets – he just wants them to be Wells-Fargo issued.  So who’s complaining? Provisioning employees with the necessary tools to be efficient and productive, whether that be devices or software, seems a reasonable responsibility for any organization.  As long as the organization isn’t too restrictive in their provisioning.

We continue to be amazed at how many organizations still fail to provision their users with the ability to securely share information across organizational boundaries. Legal documents, contracts, product designs, software under development, medical records, marketing campaigns, sales data, financial results, board communications are routinely shared with people outside the corporate network and all potentially contain sensitive IP and confidential personal information. Yet many enterprise users are not provisioned with an approved method for sharing files securely.  The use of personal file sharing accounts is an unfortunate but common workaround. If ever there was a security hole to plug, the file sharing hole is one to plug, and fast.

So Wayne Mekjian, thanks for taking a stand for security, you are our Accellion CIO hero of the week.

Posted in Accellion, Data Breach, Data Security, Financial | No Comments »

Enterprise File Sharing – IT Jeopardy

Wednesday, February 16th, 2011

Promoted as the biggest contest of “man vs. machine” since Deep Blue took on Kasparov, this week’s Jeopardy face-off betwen Watson, IBM’s computer creation, and the show’s previous grand champions is great entertainment. Regardless of who, or what ultimately wins, it’s a thought provoking experiment and spectacle.

I checked out the New York Times online link to play a personal, one-on-one game of Jeopardy against Watson. I was reasonably sharp on “Historic Fashion” and “What me Worry?” but Watson had the edge on “Before and Now” and “A Musical Pastiche”. For each question, whether you get it right or wrong, Watson provides details on what it would have answered and the other possible answers it considered. For example:

Question: This 19th-century dress support is a synonym for excited activity; don’t be alarmed if there’s one in your hedgerow
Answer: Bustle
Other Answers Watson considered: Boot, Bodice, Crinoline

It got me thinking about questions that might give Watson or the other contestants an advantage.  Recognizing that Watson is after all a computer, it probably has the edge on any computer, IT-related questions – you would think.  In tribute to this great computer experiment/media stunt, here’s our proposed question category with some sample questions.  Too easy you may say, but try asking these questions within your organization. May the best human/machine win.

Category – Enterprise File Sharing

Question: Information that takes up most of the storage on an email system?
Answer: Files

Question: A small device, named after part of the hand, used to transport files, easy to lose?
Answer: Thumb drive

Question: Healthcare regulation that restricts the sharing of personal health information?
Answer: HIPAA

Question:  An event that typically makes headline news involving the loss of information?
Answer: Data Breach

Posted in Accellion, Data Breach, Data Security | No Comments »

European Data Protection Supervisor Recommends Regulation…

Wednesday, January 19th, 2011

I just read the recent “Opinion” from the European Data Protection Supervisor on the communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions.  Are you still with me?  Hang in there, because it’s easy to get lost in this story.

On January 14, 2011 the European Data Protection Supervisor, Peter Hustinx, gave his written opinion regarding the Review of the Data Protection Legal Framework and he gave it a qualified thumbs up – I think?

Here is the text …

“Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions – A comprehensive approach on personal data protection in the European Union”

…and then follows 36 pages in total, which you can read here.

The “Opinion” only came out this week and I noticed a scarcity of people have jumped in yet and distilled this “Opinion” down to anything that the rest of us simpletons can understand. Fortunately this morning I woke up to the V3.co.uk article entitled “EU data protection supervisor backs new law”.  It looks like a qualified “thumbs up” is a good assessment.

In my quest to understand this “opinion” I did also find interesting links to the European Data Protection Day on January 28 and an impressive program of events organized by the Council of Europe and the European Commission.  Mr. Peter Hustinx is one of the featured speakers.  Hopefully his speech will provide the simplified version of what he was trying to say.

In the meantime – I’m taking his “Opinion” as a thumbs-up for data-protection in the European Union – and that’s good news.

Posted in Accellion, Data Security, UK | No Comments »

FAX Data Breach Gets Costly

Tuesday, November 30th, 2010

We are getting ready to move offices and the topic of the FAX number came up in our pre-move planning session. The claim was made that no-one uses the FAX machine any more.

I imagine the Hertfordshire County Council in England wishes their employees also hadn’t used the FAX machine. The County Council just got slapped with a £100,000 fine by the Information Commissioners Office (ICO) in the UK after a data breach originating at the FAX machine in June 2010. As reported last week in SC Magazine, employees in the childcare litigation department FAXed information to the wrong recipients on two separate occasions.  The size of the fine was determined in part because the two incidents were 13 days apart and the County Council failed to take sufficient steps to prevent the second breach. Sometimes people over think the solution – unplugging the FAX machine would have done the trick.

We’ve written before about the security hazards of the multi-function copier, scanner, printer in Digital Time Bombs. After hearing about this latest data breach perhaps we should ditch the FAX machine in the move.

Posted in Accellion, Data Breach, Data Security, UK | No Comments »

Cloud Killer – Qu’est-ce Que C’est

Wednesday, November 17th, 2010

What are the 3 surefire ways to kill a cloud project:

  1. Not understanding compliance
  2. Betting on the wrong horse
  3. Not including IT

Thanks to David Linthicum for his recent excellent short article “3 surefire ways to kill a cloud project.”

These 3 cloud killers are particularly relevant to deployment of secure file transfer in the cloud.  I thought it would be worth reviewing how Accellion defends against these cloud killers:

1. Not understanding compliance – It’s all about compliance

From Accellion’s perspective it’s all about compliance.  Ensuring compliance is foremost in any secure file transfer deployment, whether it be on-premise or in-the-cloud.  Since Accellion secure file transfer deployments can span on-premise and in-the-cloud we have implemented comprehensive data protection features to provide the control, tracking and reporting necessary to demonstrate compliance.

• Data in Motion - To protect the data moving through the Accellion secure file transfer system Accellion provides not only business level authentication but also encryption for data in motion.  Data is transferred using the Secure Socket Layer (SSL) protocol including 128 bit encryption, and Accellion includes additional file encryption capabilities before upload using the AES 128 bit encryption scheme.
• Data at Rest - Accellion provides disk encryption using 128 bit encryption to protect stored data. File names are de-referenced when stored by the Accellion secure file transfer system to ensure that files are inaccessible on the server.

2. Betting on the wrong horse – Betting on the right horse

Accellion utilizes the Amazon Web Services AWS Cloud Computing Platform to deliver our hosted Cloud Accellion Secure File Transfer service.  We picked Amazon Cloud because of its SAS70 Type II Certified Data Centers, 99.5% annual uptime service levels and its global distribution of data centers designed to anticipate and tolerate failure while maintaining service levels.  We think we are betting on the right horse, however we also give our customers the option to deploy Accellion secure file transfer in the cloud of their choice, either public or private.

3. Not including IT – Including IT

Accellion believes that ensuring data security and compliance should not be left to business users.  We don’t support adoption of rogue applications, in fact we think they are particularly hazardous for file transfer. Allowing business users to utilize free online file sharing services provides no visibility or control of the flow of enterprise information. At Accellion we work closely with IT organizations to deploy secure file transfer systems and provision business users to keep enterprise data transfer safe.

Thanks again David for the tips on staying away from 3 common cloud killers.

Posted in Accellion, Cloud, Data Breach, Data Security | No Comments »

Facebook e-mail – a new security loophole

Tuesday, November 16th, 2010

Yesterday’s announcement by Facebook that they are introducing email capabilities should provide organizations with yet one more reason for banning the use of Facebook at work.  In the hope that it will raise additional awareness of the security and compliance risk with unmanaged data transfer I posted the following comments at cio.com:

In case you missed it, today Facebook announced the addition of e-mail capabilities for its users. The initial rollout (US only) starts today and will continue over the next few months. One of the most alarming things to note, Facebook says it doesn’t have a set limit on the size of files that can be sent/received via its e-mail. So, if you don’t have a secure, easy way for employees to share large files… watch out, Facebook e-mail can easily become the next insecure IT workaround.

Let’s face it, smart people will find a way to get the job done, and unfortunately, security is often of secondary concern when evaluating IT workarounds. To keep your employees away from the temptation of using insecure IT workarounds – like Facebook – to share confidential corporate files too large to be sent over the e-mail network, deploying an enterprise solution for managing file transfer solution is essential.

Posted in Accellion, Data Breach, Data Security, Email Attachments | 2 Comments »

Accidentally-sent email could end up costing UBS $10 million

Monday, November 15th, 2010

Ouch.  That headline is just not good, anyway you look at it.  As reported in an SC Magazine article today “An email sent in error that contained details of General Motors’ upcoming flotation could have cost Swiss Bank UBS an estimated $10 million.”

This data security lapse appears to have resulted in UBS being dropped as an underwriter for the plan by GM’s owners to sell $10bn in common stock on November 18, to partially payback some of the $50bn US Government bail-out the company received during the financial crisis.

This mistake should never have been allowed to happen.  While humans do make mistakes, there are any number of IT security systems that could have prevented or reduced the risk of this mistake.  Let’s review some obvious ones:

•  Any communications on such a large financial deal should have been sent securely, requiring user authentication.
•  Content monitoring and filtering software could have flagged the email for sensitive information and quarantined the email until it had been approved for sending.
•  Sending sensitive financial information via secure file transfer would have allowed the download link to be deactivated once the error was detected.
•  Sending sensitive information via secure file transfer would also have resulted in a return receipt from any unintended recipients allowing earlier detection and reduction of further downloads.

It’s very hard to understand why at least one of these data security systems was not in place to mitigate the risk. With the size of financial transactions that are at stake, it seems a wise and prudent investment for financial institutions to put in place IT safeguards against human error.  While email is wonderfully accessible and easy to use for business users, it is far too easy to make an inadvertent mistake that unfortunately can have significant financial implications.

At Accellion we help a large number of financial institutions, including the Bank of Scotland, Houlihan Lokey Howard & Zukin and Deloitte & Touche, protect their confidential information with secure file transfer solutions that reduce the financial risk of business user mistakes.  We understand that to err is human.

Posted in Accellion, Data Breach, Data Security | No Comments »

Stop the Presses – UnManaged File Sharing is Riskier than Facebook?

Thursday, November 4th, 2010

File sharing riskier than Facebook? If you’re a bit surprised by the headline, you’re not alone.  As a technology marketing professional who spends a lot of time reading articles in TechCrunch, Mashable and GigaOm on Facebook security issues, today’s article entitled “Employees’ Use Of Webmail, File-Sharing Services Riskier Than Their Facebook Activity” in Security Dark Reading Room was an eye-opener.

According to Palo Alto Networks, a whopping 96% of enterprises allow use of personal webmail (Gmail, Yahoo, Hotmail), instant messaging, and peer-to-peer and browser-based file sharing apps, without any monitoring whatsoever, and these apps consume more than one quarter of the bandwidth.

“The heavy use of Webmail at work, as well as Web-based file-sharing apps, basically circumvents most organizations’ email and other security”, according to Palo Alto Networks.  What are the main web and browser-based file sharing apps contributing to this security loophole? SkyDrive, USendIt, RapidShare and DocsStock contributed to 96% of this unmonitored file sharing traffic based on Palo Alto Networks data, leaving organizations at risk of data breaches and violation of government and industry regulations.

While file sharing certainly enables collaboration and shouldn’t be hindered, allowing one quarter of an organization’s bandwidth to go unmonitored and unmanaged is definitely worthy of a headline.  Particularly given that there are smarter ways to share confidential files with colleagues, partners, and vendors without exposing your organization to a costly data breach, lawsuit or government fine.  It’s called secure file transfer.  If this article on risky file sharing has you a little worried please give us a call at Accellion. We are here to help with secure file transfer solutions that keep your users and organization protected.

Posted in Accellion, Data Security | No Comments »

Mind the Gap – Bridging the Security Gap in Microsoft’s Communication and Collaboration platform

Tuesday, November 2nd, 2010

Microsoft’s Communication and Collaboration platform comprising Microsoft Exchange, Microsoft Office Communications Server R2 and Microsoft SharePoint streamlines how organizations connect people, processes and information. Microsoft SharePoint alone boasts 100MM+ users. Throw in Exchange and Microsoft OCS R2 and the user base balloons. However communication and collaboration is not limited to corporate boundaries and the out-of-the-box file transfer capabilities provided within Outlook, OCS and SharePoint do not provide a guaranteed secure delivery path to all users.

To work efficiently and share information securely across organizational boundaries requires an additional file transfer security layer to bridge the security gap in Microsoft’s communication and collaboration platform.

Punching holes in firewalls, managing separate server farms to serve the external user community, changing network topology, adding servers to the DMZ adds a tremendous amount of IT management and licensing cost to maintain this additional infrastructure.

Today we announced general availability of the Accellion secure file transfer plug-ins for the Microsoft Business Productivity Suite.  The Accellion plug-ins enable Microsoft SharePoint, Outlook and OCS users to quickly and securely send information from within Outlook, the Office Communicator Client or from the SharePoint Document Library to both internal and external parties.  Best of all the organization has complete tracking of all file transfers to ensure compliance and data security.

• Want to send and track a file from the Microsoft SharePoint library to an external collaborator?
• Want to send a 2G file without hampering the performance of the Exchange server?
• Want to send a file securely during chat within Microsoft OCS?

No problem, with the Accellion Microsoft Business Productivity secure file transfer plug-ins.  Designed for fast, easy deployment, the Accellion secure file transfer plug-ins for Microsoft Outlook, SharePoint and OCS allow organizations to maximize the utilization and performance of these solutions while closing the security gap.

Posted in Accellion, Data Security, Email Attachments, Product | No Comments »

I’ll stick to my Enterprise solution

Monday, September 27th, 2010

As a professed news junkie, I am always scouring the web for the latest political, economic and technology news.  One particular trend that I’ve noticed in the past year or two is the convergence of consumer and enterprise technologies. Consumer products have added support, limited security and integration hooks as a way of garnering adoption in the enterprise.   Conversely, many enterprise solutions have adopted innovative consumer-centric features to make their products more user-friendly.  A great example is chat.  Skype started off in the consumer space and has moved into corporate environment as a way to increase business productivity.

Another technology that has seen applications in both the consumer and enterprise space is secure file transfer.   Numerous companies offer file transfer technologies but they are far from equal.  The level of sophistication, robustness and security required for an enterprise secure file transfer solution continues to be quite different than one for the consumer space.  With an alphabet soup of regulations, companies need to be careful about the technologies they use to securely transfer confidential financial data, health records, legal documents and more.  Consumer-centric solutions allow individual employees to send files without any corporate or IT control, and that can leave companies vulnerable to security violations.  There is nothing worse than finding out that your company is on the 10 o’clock news due to lost confidential data.  That’s a PR nightmare everyone can easily avoid.

The Accellion Secure File Transfer solution provides its customers with the security, tracking and reporting tools necessary to demonstrate compliance.   Companies can safely allow the transfer of files between employees, employees and outside vendors,  and through automated business processes.  With Accellion; administrators have a system by which all files sent via Accellion Secure Transfer contain audit trails for compliance.

Posted in Accellion, Data Security, Email Attachments | No Comments »

« Older Entries
Newer Entries »