Archive | Data Security RSS feed for this section

Be Happy You are Not Responsible for the Security of this.

Do you know every 60 seconds there are:

  • 98,000+ Tweets
  • 11 million instant messages
  • 698,445 Google searches
  • 168+ million emails sent
  • 1,820TB of data created
  • 217 New mobile users

What’s my point? People love their Internet communication toys? No, the real point is security. Although the above are global numbers, many points are admissible in a court of law. It is the organization’s responsibility to protect and secure tweets, instant messages, and emails. Finding privacy or confidentiality holes in unstructured content is hard. It’s a growing problem, even more so with the use of the cloud. My guesstimate is that more than 95% are harmless. But what about the remainder? Content needs to be analyzed as it is created or ingested, not after the fact. To accomplish this, there are tools available, such as ours, that will identify exposures, either privacy or confidential and remove them from search or portability. Even something as simple as restricting the ability to download files can prevent 63% of potential exposures before they occur. It’s a help.

What measures do you take to safeguard privacy or confidential information, either in the cloud or on-premise?

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Challenges in Adopting Cloud? Will it stop you from taking the leap?

According to Microsoft we will all be using Office 365 sooner or later. Not so says KPMG. 53% of enterprise executives say that data loss and privacy, risk of intellectual property theft (50%) and the impact on their IT organization (49%) are their top three challenges in adopting cloud computing. Compared to the 2012 survey, security and data privacy are now more important to enterprises than cost efficiency.

The following graphic provides an overview of the most challenging areas enterprises face when adopting cloud-based applications and platforms as part of their business strategies.

Let me know if you are in the cloud, regardless of product. Do you still have concerns about security? Will this factor decide if you use cloud technologies or not?

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Well, there you have it – IDC’s 10 predictions for emerging technologies in 2015

Now, who didn’t know it would be cloud centered? In the article, IDC’s 10 predictions for emerging technologies in 2015, authored by Frank Gens, he refers to the ‘third platform’. Sounds rather ominous. But it isn’t. The third platform, was defined by IDC in 2007, and according to IDC is in a key phase of development. Historically, as outlined in the article there have been three waves of computing. First, the mainframes and terminals, secondly, PC’s, networking, relational databases, and client services apps.

Now it gets interesting. The third platform is our current state, built around cloud computing, social applications, big data, and mobile computing. IDC has predicted that the third platform will continue to evolve and grow for the next twenty years. This will be attributed to a community of developers and a wave of core technologies (e.g. Innovation Accelerators). These accelerators include:

  • The Internet of Things
  • Cognitive systems
  • Pervasive robotics
  • 3-D printing of all kinds
  • Natural interfaces
  • Optimized security technologies and solutions

Now to the list. Not as exciting as the accelerators:

  • Information and Communications Technology Spending
  • Wireless Data
  • Mobile Development
  • Cloud Services
  • Data and Analytics
  • Internet of Things (IoT)
  • Data Centers
  • Industry Disruption
  • IoT security

I guess we will just have to wait to see if all these predictions come true. What do you think of the ‘third platform’? Does anything on the list surprise you? I personally think the Innovation Accelerators sound pretty amazing.

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Oh, you mean government has to follow the law? What was I thinking???

Just another story that illustrates how stupid government thinks we are. Or, perhaps another story for us to illustrate how stupid government is. President Obama announced on January 12th new cyber reforms. He is calling on Congress to mandate that companies whose customer data is breached inform affected individuals within 30 days. But why don’t agencies that are hacked have to notify citizens when their data is compromised? Good question it seems.

On a more humorous note, the silence on the government’s responsibility to protect its own data became awkward, as pro-ISIS hackers allegedly leaked personal information on U.S. military members around the same time Obama was speaking.
There currently is no U.S. requirement for notifying breach victims within a certain time period. A hodgepodge of state regulations give companies varying guidance on contacting victims. Less than 30 percent of federal agencies recently surveyed notified affected individuals of high-risk breaches, the Government Accountability Office reported last year.

The Federal Agency Data Breach Notification Act, introduced by Rep. Gerry Connolly, D-Va., in the last Congress would require, among other things, notifying individual victims within 72 hours after discovering evidence of a personal data breach.

According to Connolly, “he does not feel the administration is applying a double standard by omitting agencies from its legislative agenda.”

Need we say anymore?

Comments are closed

Metadata Matters: Is Big Brother Watching? Yup!

I am one who is continually harping on security and protection of all assets in an organization. I turned the table on myself the other day and started thinking about the mis-use and abuse of personal information by organizations. If we look at Morgan Stanley, why on earth was an essentially a junior level financial advisor given access to all client data? What were they thinking? Big mistake. What about from the marketing perspective? As a member of that profession, marketing loves to gather as much data as possible about clients to increase sales. In fact, our job depends on it. Just a fact of life maybe.

But what about other uses, or mis-uses of privacy data? Regardless of industry, including government, who does have access to my personal information? More people than I would think and more information than I would expect. Not all internal breaches are caused by nefarious purposes but the information is available for the taking.

I suppose it can be attributed to the ethics of the organization, how they protect data, and the importance they place on protecting privacy data. I’ve had my personal information compromised three times now. In the last incident, which was HIPAA data, it was entirely up to me to protect my identity. That included notifying all credit agencies, putting credit holds on all accounts, and purchasing credit monitoring software. To say the least it’s rather irksome. Given that most organizations don’t even report a breach until they absolutely must, we, the people carry the burden of someone else’s mistake. And then we have to figure out how to get our identity back. 

I wonder how bad will this get?  Since most employers are now doing comprehensive background checks, you do have some recourse. You can request your own Lexis/Nexis Accurint Person Report, which is free. At least you can see what your potential employer may see.

Comments are closed