Archive for January, 2010
January 28, 2010 at 3:07 am · Filed under Managed File Transfer, Risk Management, Secure Information Exchange
By Jim Morris
Information exchange, by definition, involves endpoints (analogous to a transmitter and a receiver in a communication system) and at least one transfer medium (analogous to a communications channel). Because information is at risk while at rest on the endpoints and during transfer between endpoints, there is an increasing market need for what we refer to at GlobalSCAPE as “total path security.” Total path security protects information from its creation on an endpoint through delivery and retention on a receiving endpoint.
From our perspective, endpoint information security is a natural extension to managed file transfer (MFT). MFT provides the secure channel. Endpoint security measures protect the sending and receiving information systems, as well as the servers that participate in the information exchange. Without both MFT and endpoint security, a business can’t expect to maintain ‘acceptable’ levels of security. There’s little merit in going through all the trouble of securing the transfer if the information comes from an unsecured source or is going to land in an insecure place.
Read the rest of this entry »
January 23, 2010 at 10:12 am · Filed under Risk Management
By Craig Robinson
Over the past two weeks, we’ve all heard many different opinions on the Google-China dispute. It seems everyone who’s anyone has sounded off on the political implications of Google’s announcement to stop censoring search engine content. Amid all the soapbox shrill, too many are forgetting about the incidents leading up to Google’s decision and the serious downstream questions about national security these incidents raise.
In the U.S. today, our most vulnerable data is housed in the private sector. While mandates like SOX, HIPAA and PCI helped create standards within certain industries, few global infosecurity standards and regulations govern how sensitive enterprise data is transferred and stored. In the absence of comprehensive guidelines, business and IT leaders are left to their own devises when it comes to implementing effective cyber security policy, strategy, and technology. While the current extent of the breaches is debatable, the implications of major breaches and security incidents at some of the country’s most progressive technology companies—Google, Yahoo!, and Adobe—where policy, strategy and technology are thought to be topnotch, are huge. Preparation for potential actions like those attributed to China recently is a necessity for businesses. Our adversaries are paying attention and next time the stakes may be much higher than access to search engine content.
Read the rest of this entry »
January 15, 2010 at 10:49 am · Filed under Compliance, Risk Management
By Greg Hoffer
The New Year marked an important milestone in our national history. For the first time, we’re seeing a state turn commercial industry standards for data security and privacy into law.
Nevada’s new privacy legislation, which took effect on January 1, requires government agencies and companies that conduct business in the state and accept payment cards to comply entirely with the Payment Card Industry Data Security Standard (PCI DSS). Those agencies and companies that do not accept payment cards cannot electronically transmit customers’ personal information nor move data storage devices containing customer data outside of the business unless the transmission or data storage device is encrypted. In the statute, another well-known industry standards organization, the National Institute of Standards and Technology (NIST), is used to define acceptable encryption practices.
Security standards put forth by organizations such as PCI and NIST have long been leveraged, independently, by both public and private industry in the U.S. to mitigate the inherent risk posed by electronically transferring sensitive data inside and outside of an organization, and in storing it once it reaches its destination. Updated regularly and crafted by some of the world’s leading information security experts, such industry standards represent a necessary baseline for any organization to improve its overall security procedures. These standards are an excellent place for lawmakers to start when forming meaningful cyber security legislation that protects U.S. citizens, or anyone who does business within the U.S.
Read the rest of this entry »
January 6, 2010 at 2:23 am · Filed under Managed File Transfer
By Todd Doerr
This year brought exciting growth for the managed file transfer (MFT) industry. In the year to come, things aren’t going to slow down; in fact, we expect the demand to grow with increasing government regulatory activity. One area, in particular, where we can expect to see tremendous innovation is in addressing the risk posed by the ad hoc transfer of files inside and outside of enterprises.
Typically, traditional MFT systems only address system-to-system file transfers. Ad hoc transfers – where an employee sends files when they want and through whichever means are most convenient at the time – are not usually accounted for by these traditional approaches. However, ad hoc transfers represent a growing trend in MFT and a risk in digital information exchange.
Read the rest of this entry »
