Archive for December, 2009
December 30, 2009 at 10:59 am · Filed under Managed File Transfer, Secure Information Exchange
By Jim Morris
Today’s organizations are operating on a limited budget. No surprise there.
This year, IT departments across the world faced some of their biggest resource cuts ever. As a result, they are meticulously re-evaluated the viability of their existing investments.
Amid all this infrastructure inspection an alarming discovery came to light. Distracted perhaps in years past by investments in new, trendy techniques and products, many IT departments were overlooking one of the most fundamental components of information security: secure exchange of information.
Read the rest of this entry »
December 24, 2009 at 12:24 pm · Filed under Risk Management, Secure Information Exchange
By Craig Robinson
Risk management should be the central objective of all information security initiatives. It’s a delicate balance of art and science. Because the ‘science’ part is more straightforward, and provides the foundation for the broader discussion, let’s address this facet of risk management first.
Risk is a function of assets, vulnerabilities, threats, and safeguards. Each of these parameters has a definable scope, translatable into corporate risk management policy and integral in enabling specific security standards, procedures, and processes.
Read the rest of this entry »
December 16, 2009 at 2:00 am · Filed under User Experience
By Todd Doerr
Too often, we forget about the people who are using our software and whether they are really getting what they need from IT. Our days are taken up with fire fighting — talking about servers, scripts, firewalls, viruses, encryption, compliance, and so on. It is easy to forget about the users who are on the frontlines every day, sharing and exchanging information with customers and business partners in a variety of ways.
It’s time to pause and ask ourselves: What are the features and user experience needs that allow our business users, often low-tech, to easily leverage technology for secure information exchange? What do they really want in the solutions we provide? At the end of the day, we have to balance the business desires for speed and agility with IT’s need for security and control — by nature, we tend to focus a bit too much on the security side of the equation.
Read the rest of this entry »
December 9, 2009 at 10:43 am · Filed under Compliance, Risk Management
By Craig Robinson
In a word: No!
Regardless of whether you’re at a publicly traded company, dealing with sensitive patient information, or processing credit card data, you’ve heard of SOX, HIPAA, and PCI. You can’t read industry publications, watch the news, or have a business discussion without these acronyms darting in and out of the conversation. Rather than bemoan the inconvenience, we must recognize that the highly visible transgressions, or potential transgressions, of a few may result in regulatory compliance initiatives that impact all of us. We’ve seen this with SOX (in response to the Enron disaster and other similar instances of corporate misconduct) and more recently, with PCI (in response to the T.J. Maxx and Heartland breaches).
Public confidence in business-enabling technology, and in associated processes and controls, is fundamental to our economic stability. Issues of data protection, personal privacy, and corporate controls have been front and center in our increasingly digital world. Who hasn’t paused for a few seconds (or minutes!) before entering credit card information for an online purchase? Who hasn’t wondered what really happened when a seemingly viable business (think financial institution) suddenly collapses and news reports begin to describe all of the prior danger signs?
Read the rest of this entry »
December 1, 2009 at 12:05 pm · Filed under Secure Information Exchange
By Jim Morris
The birth of modern risk management in the ‘90s gave us a means through which IT security professionals could consider and assess vulnerabilities, threats, and assets simultaneously. In theory, at least, it allowed us to effectively identify and mitigate our largest information security risks. Widespread refinement and acceptance of this basic premise meant that, in the business world, we had appropriate confidence as we shared information externally with partners and customers and as we exchanged information within our own enterprises
This confidence, no doubt, influenced the way many organizations invested in security infrastructure for information exchange. Over the past two decades, we’ve seen various tools such as email, secure and managed FTP servers and clients, and EDI systems, become the norm for secure information exchange. For many companies, these tools have replaced homegrown and “old school” methods of sending information, such as basic insecure FTP servers or even burning data on a CD and sending via FedEx.
However, although it may seem surprising, many organizations today still rely on older insecure methods. For the companies that do roll out more modern solutions, there may be little – if any – uniformity in the way businesses implement these various techniques. Companies are essentially lacking oversight of who’s sending what information to where, and of how and when they’re sending it.
Read the rest of this entry »
