Archive for June, 2011
Good Morning! You’ve Been Breached!
In my many travels visiting customers and IT professionals around the world, I ask a simple question, “What do you do when you have to send a file to someone that’s just too big?” They ask me how big is big? I say too big for your email or even worse, something that is too big for the receiver’s email. These attachments are typically large powerpoint files, spreadsheets, uncompressed images, media files or even databases. With a sheepish grin people usually tell me they use one of the free email services, like GMail, MS Live or Yahoo. However, recently the answer has shifted. I’m now being inundated with business users and IT professionals professing their love for Cloud services such as DropBox.
In all fairness if you look at my iPad (peeling it from my cold dead hands) you will see my Dropbox app and PAID Dropbox account. So it’s unnerving for me to think about the four hours on Sunday when Dropbox left user accounts unlocked and you could access anyone of the 25 million users’ accounts and data… Including mine. Yep, just type in an email address and use any password you want and it’s all yours.
According to Dropbox there wasn’t any nefarious activity but if YOUR COMPANY’S information was on there – legitimately or illegitimately – you just had a data breach. So I was a breach victim… And if I had any Ipswitch IP on the servers, the breach is extended accordingly. To Dropbox’s credit, their business is all about collaboration and file syncing, not governed file transfer or managed data at rest. In the end, some of these types of Cloud services will eventually get enough of it right to secure their future. Some will last, many won’t.
Regardless, how are you going to handle your data breach this morning? I’m headed over to my bosses office to explain my brazen disregard for corporate data. He’ll probably buy me a new iPad2 that’s locked down (wishful thinking) and order IT to set up a more secure way for me to be mobile with my documents (more wishful thinking).
The Boston Business Journal recently honored the 75 best places to work in Boston.
Ipswitch was ranked #2 in the medium sized company category. Woot woot!
We’re a company of approximately 300 extremely talented, motivated and productive employees who really care about our solutions, our customers and our success in the marketplace.
Take a look at the blog of Ipswitch CEO Roger Greene to see some photos from the BBJ awards ceremony as well as Ipswitch’s recent 20-year company celebration in West Palm Beach, Florida.
Oh, and for those wondering, the rankings are the result of an employee survey, with submissions from over 300 Boston-area companies whose employees filled out an anonymous survey (one survey of which was submitted by yours truly).
Yesterday Apple officially announced the availability of its new cloud-based music service. There have been weeks of speculation as industry insiders became aware of payments made to various record companies and labels for the licensing of music to power Apple’s new cloud offering. But there’s a lot more at stake here: the music industry devoid of its past marketing and sales outlets (Apple, Wal-Mart and Best Buy are the dominant sales points) can now count on increased revenue from their users of the iTunes hosted service. What remains to be seen is how this additional revenue filters down to the artist..
Today artists are paid based on units sold and also make money based on the licensing of their works. The licensing of these works are generally managed outside of the record label via ASCAP, BMI and the Harry Fox agency. Apple hosting music in the cloud that has been already “purchased” by iTunes user means that the number of units sold is now in contention. For instance an artist can sell 50,000 copies of her latest album but because of illegal downloads that same artists could be available to 100,000 iCloud users. It can be assumed that Apple will pay the respective record companies for these instances but will the record companies see this instance as units sold? Will they compensate the artists accordingly? And if they do, what stops in the artists from just giving away their product especially if ultimately they get paid from the record companies via Apple?
In the early 2000s advancements in Internet distribution, consumer broadband and storage leveled out the playing field between the brick-and-mortar record labels and the new independence Internet-based independent labels. It’s my contention that what was once a level playing field is no longer as level as some would need it to be. The day before Apple’s announcement I had a reasonable comfort level giving counsel to up-and-coming artists that there were numerous opportunities and routes to market with their product. Today I have a comfort level and telling them they need to strongly consider aligning themselves with one of the brick-and-mortar record labels. Is this the end of the end of the independent record label? No it isn’t there are plenty of people on the planet that do not use Apple products. But when more and more credence is put on iTunes charts, downloads and overall market presence, the independent record label suddenly has a steeper hill to climb.
These are questions that remain as we see more and more of this new product offering coming to market. What’s clear is that the biggest message from Apple is that the traditional buying selling models have changed and the role of the broker or intermediary immediately changes the routes to market.
Ipswitch has been cautioning companies about the dangers of private/confidential information being sent through Google (and other hosted and person-to-person services), both from a security and a responsibility perspective.
Last week’s GMail hack further drives home the point that organizations must proactively manage and have visibility into what information is being shared with service providers and how information is being sent between people.
Don’t let your guard down and simply treat the cloud as just another internal resource…. They need to be properly managed and governed just like any other third-party.
Ipswitch’s Frank Kenney recently concluded a 4-part webcast series on integration. It’s not too late to watch a replay of it. In parts 3 and 4, Frank talks through the issue of relying on cloud providers and provides tips for managing and governing cloud and person-to-person interactions.
Google revealed yesterday a targeted phishing attack from China against hundreds of GMail users, including government officials and military personnel. The FBI, Department of Homeland Security, and the White House National Security Council are all participating in an investigation of the cyber attack.
My hope is that this breach will serve as the wake up call that public and private businesses need to start enforcing policies around personal email. 
According to an Ipswitch survey at the InfoSec Europe conference, employee use of personal email is still a major problem. Nearly 70% of respondents send classified information (including payroll and customer info) via standard email every month… And 40% admitted to sending confidential information through personal email accounts specifically to eliminate the trail of what was being sent to whom.
Have you provided your employees with a simple tool to send large and confidential files? Do you have visibility into what is being sent and to whom?? Do you have a documented AND enforced policy around using personal webmail accounts from work computers???
Employees have proven over and over that they will ‘do what they need to do’ in order to be productive. It’s critical that organizations provide simple, safe and auditable tools that enable employees to collaborate and share files. It’s equally important that they govern employee activities to mitigate data risk by increasing visibility, control, compliance and security.
“Google has asked for U.S. government support against censorship, but the government’s response has been to ask companies to take responsibility. If Google does have an ulterior motive, it’s likely to be to pressure the U.S. government to take a more active role in defending U.S. companies in markets like China that present obstacles to fair competition.
Google is urging Gmail users to review their account settings to make sure they’re secure, but Kenney suggested Google could do more to alert users when their accounts are accessed from an unfamiliar IP address or when their accounts have been configured to forward messages.”
