Archive for the ‘Data Security’ Category

« Older Entries
Newer Entries »

I’ll stick to my Enterprise solution

Monday, September 27th, 2010

As a professed news junkie, I am always scouring the web for the latest political, economic and technology news.  One particular trend that I’ve noticed in the past year or two is the convergence of consumer and enterprise technologies. Consumer products have added support, limited security and integration hooks as a way of garnering adoption in the enterprise.   Conversely, many enterprise solutions have adopted innovative consumer-centric features to make their products more user-friendly.  A great example is chat.  Skype started off in the consumer space and has moved into corporate environment as a way to increase business productivity.

Another technology that has seen applications in both the consumer and enterprise space is secure file transfer.   Numerous companies offer file transfer technologies but they are far from equal.  The level of sophistication, robustness and security required for an enterprise secure file transfer solution continues to be quite different than one for the consumer space.  With an alphabet soup of regulations, companies need to be careful about the technologies they use to securely transfer confidential financial data, health records, legal documents and more.  Consumer-centric solutions allow individual employees to send files without any corporate or IT control, and that can leave companies vulnerable to security violations.  There is nothing worse than finding out that your company is on the 10 o’clock news due to lost confidential data.  That’s a PR nightmare everyone can easily avoid.

The Accellion Secure File Transfer solution provides its customers with the security, tracking and reporting tools necessary to demonstrate compliance.   Companies can safely allow the transfer of files between employees, employees and outside vendors,  and through automated business processes.  With Accellion; administrators have a system by which all files sent via Accellion Secure Transfer contain audit trails for compliance.

Posted in Accellion, Data Security, Email Attachments | No Comments »

A Little Privacy Please

Wednesday, September 22nd, 2010

TechCrunch is one of my favorite sites to get the latest tech gossip.  Who wouldn’t want to know about Mark Zuckerberg’s personal life, Carol Bartz’s liberal use of the F-word, and of course breaking technology news?

Last week’s post by TechCrunch editor Michael Arrington caught my eye.   Arrington emphatically states that Google employees found abusing user data should be criminally prosecuted.  I couldn’t agree with him more.   Google recently fired two employees for inappropriately accessing user data but hasn’t commented on whether employees will be charged with any crime.

With Google and other search engines having an un-Godly amount of user data, I wondered what life would be like if all of our data was secured.  What if all our emails were encrypted and file attachments kept away from prying eyes?

For those trying to ensure that Yahoo/Bing and Google stay at arm’s length, might I suggest In-Private Browsing which prevents the browser from storing information on your browsing session.

As for protecting the integrity of email file attachments, Accellion offers a FIPS 140-2 certified solution that is secure enough for federal, state and local governments to quickly and easily send and receive files using the Accellion managed file transfer system.  With Accellion, corporations and their employees can protect documents from prying eyes and meet compliance regulations.

Posted in Accellion, Data Security, Email Attachments, Product | No Comments »

Data Breach Disease Strikes NHS – Again

Tuesday, August 24th, 2010

Yet again, an NHS trust is hit by a data breach, as reported in SC magazine today.  This time a CD of patient data was found at a bus stop. This is not to be confused with the data breach from the USB stick containing medical records that was found in a UK car park.

It is barely a month since we blogged on this topic, NHS Trusts Failing to Protect Information, and the Information Commissioner’s Office (ICO) issued a press release with the ominous title Poor Data Security in the NHS.  Earlier in June, Mick Gorrill, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information. We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law. We will continue to do so.”

Looks like Mike and the ICO have their work cut out for them. Here is a checklist of to-don’ts that the ICO might find helpful in their data protection enforcement efforts with the NHS trusts.

• Don’t use USB sticks for transferring confidential patient data
• Don’t use CDs for transferring confidential patient data
• Don’t post confidential patient data on unsecure FTP sites
• Don’t allow use of P2P file sharing on NHS computers

Also our earlier blog posting Top 3 File Transfer Security Mistakes should be required reading for all NHS trusts.

Posted in Accellion, Data Breach, Data Security, FTP, Healthcare, P2P, UK | No Comments »

FTP – Failure To Provision for File Transfer

Thursday, August 19th, 2010

For many organizations FTP is the only provision made for file transfer, yet FTP is actually a failure to provision.  Why is it that businesses do not think twice about provisioning their employees with a phone, an email account, a desk, a chair, yet provisioning an employee to send files is an after thought at best?

FTP has to rank among the worst business tools for file transfer.  Other than the occasional software developer is there really anyone who likes FTP?  FTP is not easy to use for business users, requires a lot of hand holding by IT, and the lack of file cleanup creates security risks for organizations.  Here are some tweets from the past 24 hours on the topic of FTP and the lack of love thereof …

I have ftp locked in a small dungeon underneath my apartment. Occasionally I throw it scraps of chicken.

Have to go into work and ftp is still acting up. Today will be so fun :-(

I just checked the FTP log. You downloaded “that what we don’t speak of in public”. The shame.

Just once I’d like to open an ftp client without it needing to update itself…

Real men don’t do backups, they just put their work on an FTP site and let the world mirror it. Linus Torvalds

If my FTP connection gets a bit faster I might be able to launch this site by christmas.

I couldn’t make this stuff up even if I tried.

Few would question that being able to make a phone call, or being able to send an email is considered an essential business tool, so too is the ability to easily and securely send a file.  Provisioning employees with the ability to send files securely is not a nice-to-have but a need-to-have so that we can get our jobs done and stay out of trouble.

Need to be reminded of the troubles you can get into with FTP? Here are some earlier blog postings on the security concerns with FTP:

• Good Ole FTP Just Doesn’t Cut it Anymore
• Top 3 File Transfer Mistakes
• Climategate – Stolen Emails Found on Public FTP Server, Climate Research Unit in Hot Water?

So next time someone says that FTP is available for file transfer – remind them that FTP stands for Failure To Provision for file transfer.

Posted in Accellion, Data Security, FTP | No Comments »

Data Tsunami – 5 Exabytes of Data Created Every 2 Days?

Monday, August 9th, 2010

At the Techonomy conference last week in Lake Tahoe, Google CEO, Eric Schmidt, mentioned the stunning soundbite ”There were 5 exabytes of information created between the dawn of civilization through 2003,” Schmidt said, “but that much information is now created every 2 days, and the pace is increasing.”

Woweee that’s a lot of bytes, and I thought it was just me drowning in data.

PCWorld in its article “Prepare for Data Tsumani, Warns Google CEO” featured this quote and focussed on the “incomprehensible amounts of data out there about all of us…” and the privacy concerns.

I’m still stuck on the sheer volume of data.  1 exabyte is equivalent to 1 quillion bytes or

1 EB = 1,000,000,000,000,000,000 B = 1018 bytes = 1 billion gigabytes = 1 million terabytes

Managing and controlling this volume of information, not to mention securing the confidential bits, is a non-trivial undertaking and based on Mr. Schmidt’s prediction, the task is only going to get bigger.  Just as organizations equipped employees with their own telephones, and then email accounts, and then mobile phones, the time has come to equip each employee with a secure file transfer account so that they can move information quickly and securely with the necessary organizational tracking and reporting for compliance.

Accellion customers are already weathering the data tsunami, transferring Terabytes of data per month via Accellion secure file transfer.

5 exabytes in 2 days – bring it on.

Posted in Accellion, Data Security, Email Attachments | 1 Comment »

New Data Breach Report – Portable Media Fastest Growing Data Breach Sector

Tuesday, July 27th, 2010

The Digital Forensics Association just completed a fascinating new report ominously titled “The Leaking Vault – Five Years of Data Breaches”.  The report analyzes over 2,800 data loss incidents from publicly accessible sources and is the largest study of its kind.  It’s a great read if you have a strong stomach for forty two pages of data breach data.

One eye popping data point is that during 2005 – 2009, 148.6 million records have been reported lost due to use of portable media.  This source of data breach is second only to data hacks. Perhaps most alarming is that loss of data from portable media represents the fastest growing data breach sector.

The security risks from portable media is a topic we’ve covered several times in the past year in the Accellion Managed File Transfer Blog.  Just in case you missed the earlier posts here they are again.

• Health records found on USB stick in UK Car Park

• Top 3 File Transfer Mistakes

• Another reason why file transfer via a USB stick is not a good idea

In addition to sharing the unpleasant truths regarding data breaches the Leaking Vault report also offers some good recommendations on steps to take to increase data security.  Recommendations for securing Portable Data is one of their four focus topics.

Here’s Accellion’s recommendation for reducing the risk of data breach from portable media  - Don’t use USB memory sticks for file transfer, use a secure file transfer solution.

Posted in Accellion, Data Breach, Data Security | No Comments »

NHS Trusts Failing to Protect Information

Thursday, July 15th, 2010

National Health System (NHS) organizations in the UK have accounted for more than once quarter of the data security breaches reported to the Information Commissioner’s Office (ICO). If this keeps up the ICO could become a profit center with their new powers, approved in April, to impose penalties up to £500,000 on offending organizations.

The ICO issued a press release on June 15 announcing Poor Data Security in the NHS.  NHS Stock-on-Trent and Basingstoke and North Hampshire NHS Foundation Trusts were the latest NHS bodies found in breach of the Data Protection Act (DPA). Mick Gorrill, Head of Enforcement at the ICO was quoted “Everyone makes mistakes, but regrettably there are far too many within the NHS.”  He went on to add “We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law.”

But wait a sec, just yesterday, July 14, there was another press release announcing Birmingham Children’s Hospital NHS Foundation Trust found in breach of the Data Protection Act (DPA).  Did the folks at Birmingham Hospital NHS Trust not get the message from the ICO?

Posted in Accellion, Data Breach, Data Security, Healthcare, UK | No Comments »

An Ounce of Prevention is Worth a Pound of Notification

Friday, July 9th, 2010

The recently introduced C29 amendment to the Canadian Personal Information Protection and Electronics Documents Act (PIPEDA) is a sign that the Canadian government is stepping up its efforts to raise the visibility of data breaches through expanded data notification requirements.  This week’s SC magazine article entitled “Canada’s newly introduced data breach is a start, but it lacks teeth” raises the question of whether this legislation goes far enough.  Under the C29 amendment, banks, retailers and other companies are required to report any “material breach of security safeguards involving personal information under their control.”  In the amendment, the focus is on notification not specifically prevention.

While it is some consolation to the individual to know that they will be informed if their personal information has been breached, it would be a lot more reassuring to hear that corporations are required by law to implement safeguards to protect their information. The recently introduced Massachusetts legislation CMR-17 is a good model for legislation that goes significantly further than setting regulations for notification and extends to requirements for data breach prevention.

While data breach notification regulations are a good step in the right direction, an ounce of prevention is worth more than a pound of notification.

Posted in Accellion, Data Breach, Data Security | No Comments »

HIPAA Hazard – Shipping CDs via FedEx

Wednesday, July 7th, 2010

This week Lincoln Medical and Mental Health Center of NY suffered an embarrassing data breach resulting from a lost FedEx shipment of CDs. More than 130,000 medical records were exposed in this breach and it is small consolation to read that “Siemens was promptly directed to suspend further transport of CDs by the carrier.”  Of particular note in this data breach is the fact that both Siemens and Lincoln Medical and Mental Health Center thought it was an okay idea to ship CDs of unencrypted healthcare data as part of a standard business process, until of course a shipment went astray.  Did the word HIPAA never come up?  Why would anyone think it is a good idea to ship CDs of unencrypted healthcare data when there are readily available secure file transfer solutions?

DataLossDB the Open Security Foundation tracks data breaches and lists 134 data breaches from Snail Mail affecting 2729 Organizations in its database. This week’s Lincoln data breach adds one more organization who has experienced the security hazards of shipping sensitive information unencrypted via the mail.

Posted in Accellion, Data Breach, Data Security, Healthcare, HIPAA | No Comments »

Musings from the Gartner Security Summit

Wednesday, June 30th, 2010

Last week I joined over 1,000 IT professionals at the 2010 Gartner Security and Risk Management Summit in the Washington DC metro area.

Security in the cloud was a major theme during the conference. Interestingly while security was identified in recent Gartner surveys as the number one concern for companies moving to cloud computing, it isn’t stopping people moving to the cloud. The large majority of corporations surveyed expected to have systems running in the cloud very soon.  It seems the benefits are so compelling there is little foot-dragging on this score.

Another interesting topic raised during the conference was that despite all the millions of dollars invested in securing corporate networks and assets, it is often the non-technological leak that causes damage; typically an inadvertent mistake by an insider.  The example discussed was the security hazards of using removable media ie a thumb drive, to move files. Now that example really hit home.

All in all it was a good conference – so thanks Gartner for putting together a good program.

Gary Rogers

Senior VP Worldwide Sales

Posted in Accellion, Cloud, Data Security | No Comments »

« Older Entries
Newer Entries »