Secure Info Exchange - Whether It’s Data in Motion or at Rest
August 31, 2010 at 8:15 am · Filed under Manage File Transfer
By Todd Doerr
Whether or not you are on the cloud bandwagon, all of the talk about quickly scaling up (or down) computing resources based on demand is intriguing and attention worthy. This capability to meet fluctuating capacity demands, whether increasing or decreasing, is often referred to as elasticity by cloud providers.
Traditional capacity planning aims to optimize computing capacity by providing margin to accommodate future demands. Take for instance the following real world examples of demand that affect computing loads:
- Seasonal demand increasing for a retailer (an expected short-term ramp up and ramp down)
- New business or revenue opportunity with a trading partner creates new demand (a quick ramp up)
- Periods of business growth from promotions and campaigns, increases in sales volume, new product launches (periodic ramp up and ramp down)
Read the rest of this entry »
August 24, 2010 at 4:17 am · Filed under Manage File Transfer, Secure Information Exchange
By Johnny Wright
Have you ever mailed a package to someone and the person tells you they never received it? Have you ever received a package that arrived torn or damaged in some way? Both of these scenarios have happened to me, and it seems to happen more often now than ever before. However, I would argue that sending email attachments isn’t any more reliable than snail mail, especially when you’re trying to send sensitive information or business-critical documents.
Just today I was waiting for a time-sensitive email from an external party after he said he would send it to me right away. A few hours passed and I still had not received it. Typically, when an email fails to arrive quickly, there could be any number of reasons for the delay:
- Emails with attachments (especially large attachments) could be blocked due to server or security issues.
- Emails from outside parties could be mistakenly considered spam and sent into the infamous ‘Junk’ or ‘Spam’ folders.
- Emails are sometimes simply overlooked by the email recipient due to the large amount of emails received on a daily basis.
Read the rest of this entry »
August 5, 2010 at 3:35 am · Filed under Uncategorized
By Johnny Wright
Do all employees within your organization know what information they can and can’t share with external parties? Do you think your business and IT leaders would know if they inadvertently exposed sensitive company data to malicious parties?
Last weekend these questions were put to the test. A contest was held at DEF CON 18 Hacking Conference in Las Vegas to see if contestants could successfully call employees at real organizations to collect sensitive corporate information. Of the 140 calls made, only 5 employees declined to give participants the information they were seeking. If the employees declined to provide any information, the contestant simply called a different employee at the same company until they received the information they were looking for. The contest forbid contestants from attempting to gain passwords, IP addresses or other sensitive data, and instead challenged them to obtain data that ranged from the contact info for the employee that handles a firm’s tape backups to the browser versions being used by employees at the organization.
Read the rest of this entry »
July 1, 2010 at 11:44 am · Filed under Risk Management, Secure Information Exchange
By Craig Robinson
Companies cite concern for data security as one of the primary reasons why they avoid cloud-based hosted infrastructure. Recent events, such as the Google-versus-China incident and ongoing reporting on probes against government computer systems, reinforce the fact that companies must understand and address IT security. Data security is a real concern whether the context is the Internet, a cloud-based solution, or a private network.
I see a growing market need for IT infrastructure to be deployed in the cloud. As previously discussed in this blog and in many other forums, this need is driven largely by a desire to improve operating efficiencies and, ultimately, maximize financial performance and competitive advantage. However, realizing these advantages often requires that companies recognize and adapt to the paradigm shift inherent in moving to an off-premises, hosted model for some aspects of their IT operations.
Read the rest of this entry »
June 23, 2010 at 10:00 am · Filed under Manage File Transfer, Secure Information Exchange
By Jim Morris
Outsourcing certain IT infrastructure and services to the cloud continues to increase in popularity as companies manage to tighter financial margins, face increasing budgetary pressures, and look for efficiencies across their business operations. Rapid deployment and scalability, along with a more predictable cost structure, are key benefits driving adoption of cloud-based solutions.
Managed file transfer (MFT) is a key business enabler that allows companies to automate and audit the exchange of business information. MFT solutions also support secure exchange of large files that cannot be shared using standard e-mail systems. The emergence of MFT solutions predates the current growth of cloud-based services. Therefore, integration of enterprise MFT capabilities and cloud-based hosted services, also known as hosted MFT, is a relatively recent development that provides an attractive alternative for businesses seeking higher operating margins.
Read the rest of this entry »
May 18, 2010 at 12:31 pm · Filed under User Experience
By Johnny Wright
In a recent Processor article, entitled “Social Successes,” my colleague Craig Robinson contributed some valuable insight into how to implement process and infrastructure within an organization to provide employees with access to social media in a secure and compliant manner. The first step in achieving success, the article suggests, is for IT to develop “an in-depth understanding of the business area’s social media programs and their anticipated impact as well as the programs’ overall goals and definitions of success.” In other words, IT must examine how employees and organizations are leveraging it to achieve real world results.
As a marketing professional, I’ve become more reliant on social media to communicate with our customers and with the marketplace. Most customer-facing professionals, not just marketing but other areas such as sales and customer service, are increasingly using social media on a daily basis to complete their work effectively.
Read the rest of this entry »
May 7, 2010 at 12:39 pm · Filed under Risk Management
By Craig Robinson
Today’s leading information security professionals and experts recognize that the public and private sectors must work together more effectively if we are going to truly build a more secure digital world. This week we saw another example of this collaboration in practice as the world’s infosec elite gathered for the EastWest Institute’s Worldwide Cybersecurity Summit at Belo Mansion in Dallas, Texas.
The talks at the event highlighted the real-world threats posed by today’s most sophisticated cyber criminals (especially as those criminals attempt to interfere with business activities and military operations). Experts also shared ideas on how to create effective Internet usage policies that don’t infringe upon free speech, technology innovation, and economic growth. They also discussed how to promote conversation among international stakeholders in an effort to ensure that meaningful policies are enforced and criminals stifled.
Read the rest of this entry »
April 19, 2010 at 3:29 pm · Filed under Risk Management, Secure Information Exchange, User Experience
By Johnny Wright
We are living in a world where we are forced to constantly think about the security of our personal information—when we bank online, at the gas station when we swipe our credit cards, and even as we submit personal information to the federal and state government. Malicious attacks demonstrate every day that our digital data isn’t as safe as we would like it to be, which is why it’s no surprise that organizations everywhere are dealing with increasing government and industry regulations, and customer and employee scrutiny.
BusinessWeek’s Corporate Executive Board discussed personal data security in a recent article: In addition to high-profile cases that invite this attention, “companies face the challenge of managing a greater volume of sensitive information, created by increasing digitization of employee, health, financial, and other personal data.”
BW’s Corporate Executive Board provides four key steps for mitigating the risk of breaches:
1. Understand the laws, requirements and standards for any data your company collects.
2. Educate and convince your functional partners to comply with the same standards as your organization.
3. Plan to fail—that is, have a backup plan in place in case you do suffer breaches.
4. Don’t take vendor compliance for granted.
While these are all important, valid suggestions, there is an extremely important step missing, one that speaks to allowing employees access to the tools they need (and can use easily) for ensuring the security of the data they touch, whether it’s moving within and outside of the organization or while it’s at rest on their desktops, a shared server, or elsewhere.
Read the rest of this entry »
April 8, 2010 at 8:00 am · Filed under Risk Management
By Jim Morris
It’s my pleasure and honor to be presenting this coming Friday, April 9th, alongside Congressman Mike McCaul of Texas at the Austin Technology Council Leadership Series meeting on cybersecurity.
My presentation will explore ways in which we can better protect trade secrets, personal information and our country from cyber thieves and terrorists. I plan to address the growing frequency and complexity of today’s cyber threats—those faced by both governments and enterprises worldwide. Exploring current events, including the recent Google-China conflict, I hope, will emphasize for the audience the real and present danger that state-sponsored cyber warfare poses to private industry and our national security.
Read the rest of this entry »
March 26, 2010 at 8:43 am · Filed under Risk Management
By Craig Robinson
Google announced earlier this week that it had stopped censoring the company’s search services—Google Search, Google News, and Google Images—in China. Users visiting Google.cn are now being redirected to Hong Kong (Google.com.hk), where Google is offering uncensored search in simplified Chinese, specifically designed for users in mainland China.
With its decision to discontinue its search services in China, Google made a policy decision NOT to play by host country rules, which demanded self censorship from Google. As I explained when China’s cyberattacks first came to light early this year, companies must understand the risk management aspects of conducting business in countries where rights to free speech (and other human rights) differ materially from the primary country of business. In the case of Google’s ongoing relationship with China, the risks of playing along outweighed the reward of sustaining business. Google, not surprisingly, revised its policy.
Read the rest of this entry »
Next entries »
