Archive for August, 2010
“Please do not send the Sept. and Oct. payment together in one wire transfer. Anything over $10,000 wired could draw too much attention.”
Alleged email written by Paul Shim Devine on October 5th, 2007
Is your business-critical information walking out the door?
A few months ago Ipswitch conducted a survey at an RSA Conference. The line of questioning regarding visibility into files moving out of organizations produced some shocking results:
- 83% of IT executives surveyed have no idea what files are moving both internally and externally at their organizations.
- 25% of IT professionals surveyed admitted that they used personal email accounts to send files that were proprietary to their own organizations, with the intent of using that information in their next job.
Both of those figures are frightening. Some companies have refused to seriously consider these numbers, so consider this tale as devine intervention (yes, that’s a play on Paul Shim Devine’s name.) This is the saga of one man getting caught with his hand in the cookie jar. It’s actually a perfect example of the reality and consequences of not knowing what files are moving in and out of your organization. It’s the story of a recent case involving Apple and Paul Shim Devine.
See Martyn Williams’ article for the full details, but here’s the 2 cent version. Back in April 2010 “Apple investigators discovered a Microsoft Entourage database of e-mails and a cache of Hotmail and Gmail messages on Devine’s Apple-supplied laptop. The company took a copy of the drive and began working through its contents,” and as for what they found Apple says “the e-mails contained details of payments, and the supply of confidential information that began in October 2006 with a Singaporean company called Jin Li Mould Manufacturing.”
This is happening. Employees are using private e-mail accounts to transfer confidential company information, but really, how often is this happening?
“Not only is it common, but it’s startling in its frequency,” said Ipswitch’s own Hugh Garber, recently quoted in a ComputerWorld article.
Garber goes on to say that it’s not always done with bad intentions and that “of course, most of that privileged information misuse is not malicious. Many of the times, it’s your hardest-working employees just trying to get the job done.”
To Hugh’s point, that’s true. I know that in other jobs that I’ve had I’ve emailed spreadsheets or word docs home (to my Yahoo account) to work on so I wouldn’t have to schlep my laptop home.
But what about the “other” kind? How do you deal with the malicious kind?
“I received your e-mail on my Apple account. Please avoid using that e-mail as Apple IT team will randomly scan e-mails for suspicious e-mail communications for forecast, cost and new model information.”
Alleged email written by Paul Shim Devine on Sept. 16, 2008.
Ok, that’s one way. Randomly scanning emails for something suspicious. Seems like a good policy to have. Do you know where your organization is in terms of these kinds of policies?
“With hundreds of data breaches over the past five years resulting in multi-million-dollar consequences, it’s hard to believe that organizations still don’t have the right solutions in the right places to protect sensitive information,” said Frank Kenney, VP of Global Strategy at Ipswitch File Transfer. “You may be investing heavily on business applications and their inherent security requirements but if you’re not monitoring and enforcing policies with respect to the information moving both internally (between business applications and people) and externally (between you and your business partners and collaborators), the consequences are dire.”
And, with this issue in particular, we’d love to hear your thoughts. Do the numbers surprise you? What is your organization doing? Any crimes or misdemeanors you’d care to confess to?
I’ve been asked at least a dozen times over the last month “What are the benefits of a cloud-based hosted subscription versus an on-premises software deployment?”.
There are many benefits of going SaaS, just like there are benefits of deploying on-premises. It all comes down to the problems you are trying to solve, budgeting preferences, and IT resource availability and expertise. Here are some benefits of going the hosted route.
- Fast and easy deployment: SaaS solutions are often available instantly, providing an amazingly fast time-to-value. You don’t need to install any software/hardware yourself and there are no complicated firewall or security configurations to work through.
- Budgeting flexibility & lower up front cost: Hosted subscriptions are treated as an “operating expense” with no capital investment spent on software/hardware. Pay-as-you-go subscription plans often lead to quicker purchase decisions because there is no need to get CapEx budget sign-off.
- Less taxing on your IT resources: SaaS solutions require significantly less effort to deploy and maintain. There are no ongoing software upgrades, patches or backups for you to worry about, and no complex security/compliance configurations to be responsible for internally. Plus, there is no underlying infrastructure to assemble and maintain.
- Built-in scalability: The elasticity and high bandwidth of SaaS solutions easily handles spikes in usage and grows as organizational needs expand.
- Near perfect uptime: Hosted services are often run in a highly available, load-balanced, automatic failover configuration to ensure even the strictest network and application uptime requirements and SLAs are met.
I’d like to also quickly mention that we’ve had numerous customers initially deploy our MOVEit DMZ Hosted Service as a way to get their Managed File Transfer solution up and running quickly, while they continue to work towards an on-premises deployment.
The growth of SaaS can’t be denied…. The question is, whether ’tis SaaS right for your organization?
“Reports are appearing this morning about a major security hole in iTunes accounts linked to PayPal. At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal.”
Erick Schonfeld, on TechCrunch.com, gives us this breaking news on the latest iTunes security breach: “Fraudsters Drain PayPal Accounts Through iTunes“.
We just dealt with something similar back in July.
So, what is Apple doing about it?
In a related article by Dennis Rockstroh on MercuryNews.com, Rockstroh reports that Jason Roth, an Apple spokesman, has said:
“Among other new security measures iTunes now requires more frequent re-entry of a customer’s credit card security code. But if your credit card or iTunes password is stolen and used on iTunes, we recommend that you contact your financial institution and inquire about canceling the card and issuing a charge-back for any unauthorized transactions. We also recommend that you change your iTunes account password immediately.”
As we asked back in July, we’d love to hear your thoughts on this and I hate to be the one to say it, but it seems that this summer has been … Apple picking season.
Well, why not kick off this week with another story about a risk to your privacy on Facebook. The good news here is that this time you can take immediate action if you even see it as a problem.
Here’s the issue, last week Facebook introduced a new feature called “Places” that lets you and your friends “check in to locations“. You’re announcing your location to your live stream, as well as tagging your friends who are at the location with you. It’s something similar to what Foursquare does.
For some, there’s nothing wrong with this, it’s not a big deal. For others it’s a complete invasion of their privacy, and it’s a very big deal.
For me, something about this rubs me the wrong way. I don’t like that I wasn’t able to choose if I wanted this to be on, that it was forced on me . It’s kind of like Facebook is Donald Sutherland at the end of “Invasion of the Body Snatchers” and pointing me out, telling everyone where I am. I just don’t like it.
Network World’s Jon Brodkin makes sense of the mess of trying to turn off Facebook Places in his article titled “How to turn Facebook Places off“.
“Now that Facebook Places has been turned on, users who are uncomfortable with sharing their locations with Facebook friends should consider going through their privacy settings and making sure they aren’t sharing more information than they are comfortable with.”
Well worth the read, and John’s instructions make something that is actually difficult pretty easy.