Archive for July, 2010
When hard work backfires
When interviewing job candidates, I’m always on the lookout for dedicated, motivated, passionate people that relish in rolling up their sleeves and doing whatever it takes to get the job done. Why? Because a little bit of chutzpah goes a long way towards being a successful and productive employee.
But can employees “going above and beyond” backfire and result in severe damage to a company?
Unfortunately, yes, they can.
In his guest blog post on LastWatchdog, Gary Shottes, President of Ipswitch File Transfer, describes an example of how hard-working employees are causing new security and legal liability implications that organizations need to carefully consider when deciding what tools to provide people with.
“Highly-motivated workers are willing to do whatever it takes to get the job done, with or without IT. Employees, whose job requires them to send information to colleagues, partners, vendors or customers around the globe, have literally thousands of file transfer options.
If IT fails to provide employees with a fast and easy way to share information, they will take matters into their own hands, even if that means using technology that’s not sanctioned by IT. They may use a personal webmail account, smartphones, USB drive, or even transfer data via Facebook and LinkedIn.”
Combining that increasingly familiar scenario with some recent survey data indicating that over 80% of IT executives lack visibility into files moving both internally and externally drives home the 
scary point that there’s a big security hole in many companies…. And organizations need to be careful that employees can’t crawl through it, even if it’s with the best of intentions.
Fortunately, there are some great tools out there to arm employees with a quick, easy-to-use and secure way to share information with other people, both inside and outside the company — While at the same time provide the company with the critical visibility, management and enforcement it needs to protect sensitive and confidential information. This is one situation where it makes a lot of sense to lead the horse to water & make it drink.
MOVEit Crypto, the encryption component used to secure data and settings in MOVEit DMZ and MOVEit Central in mission-critical, Internet-exposed applications, has been revalidated under FIPS 140-2 and has been issued certificate #1363. This certificate should be available on the Cryptographic Module Validation Program (CMVP)’s website (nist.gov) in 1-2 weeks.
The changes in MOVEit Crypto that required the revalidation were mainly related to the introduction of “SHA-2″ hashes such as as SHA-256. As you may already be aware, use of unkeyed SHA-1 hashes will be disallowed in U.S. government applications by the end of the year. (Weaker hashes such as MD5 and non-cryptographic quality integrity checks such as CRC are already disallowed.) Fortunately, existing MOVEit products make use of keyed SHA-1 hashes (not the unkeyed hashes that will soon be disallowed), so use of existing MOVEit products with the older version of MOVEit Crypto will be allowed in U.S. government applications well beyond the end of the year.
In a July 1, 2010 Register article entitled “the cloud’s impact on security“, Tony Lock provides a definition of “Cloud Escrow”:
“…if you are using external cloud resources, look at how the data and any intellectual property invested in the processing engines employed to manipulate data can be moved to other third party cloud providers, or back into the enterprise, if you need to do that. You could call this ‘Cloud Escrow’.”
This is exactly the benefit you enjoy today by selecting either a MOVEit DMZ on-premise or MOVEit DMZ Hosted Services solution. We can migrate your data into our SaaS environment, we can migrate your data into your private data center. It’s the same application but you choose what deployment model is best for your business.
Have you heard about the Russian Spies that got busted recently for basically using for security what we get as prizes in our Boo Berry Cereal. Invisible ink pens? Really? What’s next? Dr. No using Mad Libs and carrier pigeons to transfer data? For you spies out there, let this be a lesson in security:
“Russian Spy Ring Needed Some Serious IT Help“ [from NetworkWorld]
