Archive | Blog RSS feed for this section

Have You Named Your VPA’s Yet?

Rumor has it that the personal cloud and the digital workplace will, in the very near future, blend together to provide one source of information and applications, all from one tiny device. According to Gartner, “by 2018, 25 percent of large organizations will have an explicit strategy to make their corporate computing environment similar to a consumer computing experience.” For those who can also see the big picture, this presents some not so unique business problems – namely security, potential rise of data breaches, and inadvertent exposure of confidential information.

Who, or should I say what is going to pull all this together? The Virtual Personal Assistance (VPA) of course. I prefer to tell mine to shut-up unless it is giving me directions, but I’m not a power user. The VPA is supposed to provide pervasive support for both the users’ personal clouds as well as enterprise information. I suppose since Apple, Google, and Microsoft have jumped on the real and potential capabilities of the VPA who am I to say they are wrong?

Let’s get back to security again. Gartner sees the future as multiple VPA’s catering to my every whim. One for personal data, one for work, potentially one for teams or groups, and who knows what else. This approach is to provide IT some control over the enterprise or business VPA, yet allow the personal VPA to co-exist while preventing access to corporate information. What if one of my VPA’s spills the beans to one of my other VPA’s? Who is responsible, me or the VPA? An additional problem that has already come to pass, is the enormous amount of personal information, applications, and non business related data that is flowing freely in the enterprise Internet cloud, most of which, IT doesn’t even know that it exists.

I suppose I find some of this silly, but then I would never describe myself as a visionary. I will try to eagerly await the arrival of my VPA’s. I have already started thinking of names.

Comments are closed

Happy Belated Electronic Records Day!

Saturday was the birthday of ‘Electronic Records Day’, who has just turned four. I bet many of you did not know that. Neither did I. Now ask me if I know when national doughnut day is, and I can tell you – June 3, 2016. Can’t wait.

You may be interested in more information about Electronic Records Day. Electronic Records Day is an opportunity to raise awareness among government agencies, related professional organizations, the general public and other stakeholders about the crucial role electronic records play in our world. It was created by the Council of State Archivists (CoSA) as part of its State Electronic Records Initiative (SERI).

I believe we all would have our heads in the sand if we didn’t realize the role of electronic records. However, I do give kudos to CoSA, who are responsible for encouraging cooperation among the states and State Historical Records Advisory Boards (SHRABs) on matters of mutual interest, define and communicate archival and records concerns at a national level, and work with the National Historical Publications and Records Commission (NHPRC)National Archives (NARA), and other national organizations to ensure that the nation’s documentary heritage is preserved and accessible.

Now that I do think is worth celebrating. For more information on the organization, please click here.

Comments are closed

Guess how many times a week your company is hacked?

Most organizations are actually pretty easy targets for attackers. I’ve always wondered though, why the particular companies that have massive invasions the reason the hackers targeted them? Supposedly a credit card number can get you $1.00 on the black market. I assume if you have stolen say 2 million that’s quite a handful of chunk change. The more personal information you can steal, the higher the price.

In every survey, what are organizations concerned about? Security. How many are proactively doing anything about it, or have they evaluated the risk and it is of low value. The recent IBM/Ponemon survey, ‘IBM 2015 Cost of Data Breach Study’, indicates attacks are going up alarmingly and so is the price tag.

In another recent article, Coviello tackles cloud privacy, government’s key escrow plan I found one particular series of statistics very interesting and sobering. Acuity Solutions President Kris Lovejoy painted a gloomy picture of cloud data privacy, which by the way this is an excellent article.

According to Mr. Lovejoy,”An average organization of 15,000 would look at approximately 1.7 million security events per week. Of those 1.7 million security events, 324 of those events were security attacks. Those security attacks were deliberate attacks carried out by motivated attackers,” she said. “For those attacks, 2.1 of those 324 attacks would result in a compromise. So 2.1 times a week a bad guy was getting into the organization.”

Kind of frightening isn’t it?

Comments are closed

Time to Tighten Your Belts – Would you rather be safe or sorry?

According to Osterman Research, 95% of business users primarily communicate via email. Of emails sent, 98% were sent with attachments. Secure? Highly doubtful. Mobile devices and BYOD, has unlocked a hornets nest and has put security of confidential information at risk. In the BYOD world, who owns the content, the owner of the device or the organization? Does the organization have the right to access the device to identify confidential information? Current court cases will decide the outcome.

Complicating security issues, social has entered the business world. Accepted in a court of law, the organization is responsible for tweets, social postings, Facebook, and instant messaging, even if it is an end users personal account. Security breaches should be an organizational priority. Did you know that most breaches are caused internally, either through negligence or deliberately? And the security holes only grow deeper into sink holes with no escape.

Oddly enough, C-level folks state unequivocally that they are concerned with cloud security. Rightly so. On the other side of the coin, they tend not to do a lot about it. Some have the attitude that a couple of million dollars to remedy the situation is pocket change as opposed to being prepared for the worst. It isn’t only the money, for better or for worse the impact on the brand and the attitude of customers can be worth much more than remediation. It takes years to build a brand, and depending on the data exposure, it can be destroyed.

They have made their perimeter a fortress, but most exposures are internal. Spending time documenting your security holes within the organization may influence organizations with lax rules to tighten their belts on security processes, access, and define what is and what is not confidential.

Comments are closed