Archive | Data Security RSS feed for this section

To Delve or not to Delve? The jury’s still out.

Delve is a dashboard like interface using machine learning and artificial intelligence (using Office Graph) to display the most relevant information of interest to you, based on your work, and of those in your network. Delve indexes and analyzes emails, meetings, contacts, social networks, etc., and presents this information as cards. Rather than having to search for something, Delve tries to automatically and intuitively put it in front of you. Some may not like the overly intrusive approach of being presented with data, but others will see it as a huge time saver. It is important to note that Delve integrates with Exchange, and OneDrive for Business from the individual personal blog page within Delve, and Yammer, with more content sources planned. Integration with iOS and Android was recently announced.

According to Mark Hachman, Senior Editor of PC World in an article “A revamped Microsoft Delve looks like a corporate mashup of Facebook and LinkedIn, he wrote, “it’s looking more like a corporate-sponsored mashup of Facebook and LinkedIn—with likely the same self-editing effect that friending your parents on Facebook would inspire.” He continued, “also note that Delve is only as good as the people who use it. Case in point: IDG uses Office 365, but an early attempt to nurture conversations on Yammer failed miserably. Each group and even publication had already settled on their own collaboration solution. One of two things needs to happen for Delve’s profile pages to become a hit: Either HR must be able to auto-populate them with your information, or the corporate culture must encourage its use. Otherwise, your Delve profile could be a wasteland.”

As stated above, for Delve to be readily and willingly adopted, its success is solely based on participation by organizational users. This is not just a Microsoft challenge. This is a business challenge as social applications typically fail because of lack of end user acceptance, even when sponsored by management. It will be up to the individual organization to decide if Delve is a help or a hindrance. Microsoft has a huge challenge ahead, as Delve currently works with some Microsoft products, but the optimal solution is to provide integration with a vast number of third party Microsoft applications and non-Microsoft applications, which is still years away.

 

Comments are closed

Visual Hacking – Watch Out for Those with Camera Phones

The Ponemon Institute on behalf of 3M and the Visual Privacy Advisory Council, performed experiments with visual hacking techniques and the results were surprising. Ponemon hired a computer security expert as a hacker and gave him access to eight firms through a temporary worker badge. What the institute found was disturbing.

The hacker achieved success in close to 90% of the attempts. This included access to sensitive corporate information on a workers desk or computer screen. Information included contact lists, customer information, corporate financials, and employee access and login credentials.

According to the report, ‘The hacker used three techniques to obtain the information: walking through the office looking for information on desks, computer screens and other locations; taking business documents labeled as confidential; and using his smartphone to take a picture of confidential information displayed on computer screens. What’s more, the hacker used these techniques in plain view of employees. In fact, 70 percent of the time, the expert was not stopped by employees. Even when he was stopped, he was still able to steal some sensitive information.’

What I find interesting, in only one case did someone ask why the person was there and why they were taking pictures. Curiously the same experiment in a traditional office layout did yield as much hacking success.
Since Ponemon granted security access to the firms being hacked, in reality, they may have been stopped by security.

Still, interesting findings.

Comments are closed

A Data Breach – Just Pocket Change

I just read a really interesting article about the cost of data breaches. The article, How much do data breaches cost big companies? Shockingly little, is the result of an analysis, published in Fortune. The analysis was written by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs.

According to Mr. Dean, despite that the Anthem breach is now approaching $111 million, Target at $10 million, Sony anticipates spending $35 million and Home Depot $28 million, and these sums are minor in the big scheme of things. The gist of the article is that these sums are just pocket change to these companies. “These numbers are likely not small enough to vindicate Sony Pictures’ former executive director of information security. In 2007, he told CIO Magazine that “‘it’s a valid business decision to accept the risk’ of a security breach…I will not invest $10 million to avoid a possible $1 million loss.” But Dean’s analysis does come alarmingly close to making the minimal effort-stance a defensible position.” For Home Depot, the $28 million “represents less than 0.01% of Home Depot’s sales for 2014,” Dean points out.

In his conclusion, “until corporations are held more accountable for these breaches—not with $10 million slaps-on-the-wrist—but with, well, he isn’t quite sure what yet, companies won’t make the big investments in information security needed.”

Although this is an interesting perspective, there are so many harmful impacts of a data breach, considering credit card theft, theft of health information, social security numbers, etc. The above is just an example of irresponsibility on the part of the organization and to blow off the cost at the expense of their audience and stakeholders.

I think organizations must act ethically, even if that means putting the appropriate security in place to protect their employees, customers, vendors, anyone they do business with. I think it’s a sad commentary. What do you think?

Comments are closed

Be Happy You are Not Responsible for the Security of this.

Do you know every 60 seconds there are:

  • 98,000+ Tweets
  • 11 million instant messages
  • 698,445 Google searches
  • 168+ million emails sent
  • 1,820TB of data created
  • 217 New mobile users

What’s my point? People love their Internet communication toys? No, the real point is security. Although the above are global numbers, many points are admissible in a court of law. It is the organization’s responsibility to protect and secure tweets, instant messages, and emails. Finding privacy or confidentiality holes in unstructured content is hard. It’s a growing problem, even more so with the use of the cloud. My guesstimate is that more than 95% are harmless. But what about the remainder? Content needs to be analyzed as it is created or ingested, not after the fact. To accomplish this, there are tools available, such as ours, that will identify exposures, either privacy or confidential and remove them from search or portability. Even something as simple as restricting the ability to download files can prevent 63% of potential exposures before they occur. It’s a help.

What measures do you take to safeguard privacy or confidential information, either in the cloud or on-premise?

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Challenges in Adopting Cloud? Will it stop you from taking the leap?

According to Microsoft we will all be using Office 365 sooner or later. Not so says KPMG. 53% of enterprise executives say that data loss and privacy, risk of intellectual property theft (50%) and the impact on their IT organization (49%) are their top three challenges in adopting cloud computing. Compared to the 2012 survey, security and data privacy are now more important to enterprises than cost efficiency.

The following graphic provides an overview of the most challenging areas enterprises face when adopting cloud-based applications and platforms as part of their business strategies.

Let me know if you are in the cloud, regardless of product. Do you still have concerns about security? Will this factor decide if you use cloud technologies or not?

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Well, there you have it – IDC’s 10 predictions for emerging technologies in 2015

Now, who didn’t know it would be cloud centered? In the article, IDC’s 10 predictions for emerging technologies in 2015, authored by Frank Gens, he refers to the ‘third platform’. Sounds rather ominous. But it isn’t. The third platform, was defined by IDC in 2007, and according to IDC is in a key phase of development. Historically, as outlined in the article there have been three waves of computing. First, the mainframes and terminals, secondly, PC’s, networking, relational databases, and client services apps.

Now it gets interesting. The third platform is our current state, built around cloud computing, social applications, big data, and mobile computing. IDC has predicted that the third platform will continue to evolve and grow for the next twenty years. This will be attributed to a community of developers and a wave of core technologies (e.g. Innovation Accelerators). These accelerators include:

  • The Internet of Things
  • Cognitive systems
  • Pervasive robotics
  • 3-D printing of all kinds
  • Natural interfaces
  • Optimized security technologies and solutions

Now to the list. Not as exciting as the accelerators:

  • Information and Communications Technology Spending
  • Wireless Data
  • Mobile Development
  • Cloud Services
  • Data and Analytics
  • Internet of Things (IoT)
  • Data Centers
  • Industry Disruption
  • IoT security

I guess we will just have to wait to see if all these predictions come true. What do you think of the ‘third platform’? Does anything on the list surprise you? I personally think the Innovation Accelerators sound pretty amazing.

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Oh, you mean government has to follow the law? What was I thinking???

Just another story that illustrates how stupid government thinks we are. Or, perhaps another story for us to illustrate how stupid government is. President Obama announced on January 12th new cyber reforms. He is calling on Congress to mandate that companies whose customer data is breached inform affected individuals within 30 days. But why don’t agencies that are hacked have to notify citizens when their data is compromised? Good question it seems.

On a more humorous note, the silence on the government’s responsibility to protect its own data became awkward, as pro-ISIS hackers allegedly leaked personal information on U.S. military members around the same time Obama was speaking.
There currently is no U.S. requirement for notifying breach victims within a certain time period. A hodgepodge of state regulations give companies varying guidance on contacting victims. Less than 30 percent of federal agencies recently surveyed notified affected individuals of high-risk breaches, the Government Accountability Office reported last year.

The Federal Agency Data Breach Notification Act, introduced by Rep. Gerry Connolly, D-Va., in the last Congress would require, among other things, notifying individual victims within 72 hours after discovering evidence of a personal data breach.

According to Connolly, “he does not feel the administration is applying a double standard by omitting agencies from its legislative agenda.”

Need we say anymore?

Comments are closed