Archive for August, 2011
Over the last few weeks, we’ve been putting the final touches on our next generation of services that will be delivered via the cloud. As with any product or service release, there comes a fair amount of planning including ensuring that one has the best site into competitors, forecast and of course customers. We’ve worked closely with industry analysts, our end-users and prospects and our own internal resources to best understand how and where we should position our cloud services. In presentation after presentation and in conversation after conversation, we were presented market slides showing the enormous growth and opportunity within the overall software as a service (SaaS) markets. The natural reaction is to get excited about all the money we can make in this space; before we did, I issued a strong warning to our team:
“In very much the same way that software is analogous to infrastructure, software as a service is not analogous to infrastructure as a service. That includes integration as a service. The profile of the consumer of SaaS will more than likely expect that things like integration, interoperability, transformation and governance will be part of the service subscription.”
In a nutshell what I was saying was… do not look at forecasts for SaaS and assume that the opportunities for IaaS follow the same trends. If users create content by using services that are delivered via the cloud, they have a reasonable expectation that this content can be shared with other services delivered via the cloud (not necessarily by the same vendor). For example, creating content via salesforce.com and sharing that content with gooddata.com should be as simple as granting the necessary permissions. After all, my Facebook, Twitter and Google+ information is shared by clicking a few buttons. Make no mistake, integration and interoperability are nontrivial, but part of the expectation of using cloud services is that the consumer is shielded from these complexities. As more and more cloud service platforms and providers build in integration and governance technologies the need for a separate IaaS provider will likely diminish.
Don’t get me wrong, I still believe that there is a place for technologies such as managed file transfer and business-to-business integration and collaboration; I definitely believe that Ipswitch will play a significant role in the evolution of those markets. Expect the role of Ipswitch to be evolve as well; not only will we provide the best mechanisms for moving content of any size but we will also govern (or let you govern) that movement and the entire experience around it. This is the centerpiece of Ipswitch’s Cloud strategy.
Corporate America is finally taking notice of its lax information-sharing practices. As data breaches continue to dominate headlines in 2011 and expose major vulnerabilities in the way organizations share and manage sensitive information, companies worldwide are demanding that their partners improve the way they send and receive files.
According to a new report by Ipswitch File Transfer (FT), nearly two-thirds of individuals surveyed at this year’s Infosecurity Europe Conference said their company is feeling increased pressure from customers and partners to improve the speed and security of file transfers.
“The successes of hacking groups like Anonymous and Lulzsec have opened the doors for boardroom conversations around information managementand security,” said Frank Kenney, VP of Global Strategy for Ipswitch FT and author of the report. “Companies are finally realizing that they may be at risk and are seriously reevaluating the way they exchange business information on a daily basis.”
According to Ipswitch’s new report, the problem for many organizations stems from corporate management not providing employees with suitable tools to send and receive large and confidential attachments. Without a company-mandated file transfer platform that makes it simple and secure to send and receive large files, employees are finding workarounds and throwing security and compliance out the window in the process. For instance, nearly 50 percent of individuals surveyed at Infosecurity Europe have been unable to send business-critical documents because their company’s server couldn’t handle the file’s size. And 78 percent said that, on numerous occasions, their corporate email system’s inability to handle large attachments significantly slowed productivity.
The result: Employees find risky workarounds – including personal email and remote devices to avoid the corporate information-sharing roadblocks:
- Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk. And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.
- Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information. Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.
While some organizations are providing employees with file transfer solutions to overcome size constraints, Ipswitch’s new report shows that too many platforms are failing to place enough emphasis on security. Less than 30 percent of companies leverage file expiration and password protection technology and only 15 percent of companies can actually confirm that their files have reached their intended recipients. At least 30 percent of companies don’t have any safeguards in place to secure file transfers.
“Employees will do whatever they need to be productive, and that includes going around corporate systems to send and receive business-critical information,” said Kenney. “It’s not enough to create policies that prohibit such risky behavior; organizations need to provide employees with a simple and secure tool that allows them to send and receive large files successfully.”
To hear the full results of the report, join us on September 8th for a webcast, “How Lessons Learned at Infosecurity Europe Apply to Person-to-Person File Sharing at Your Company.”
Citi was recently fined $500,000 by the Financial Industry Regulatory Authority (FINRA) for its failure to pick up on an employee skimming over $750,000 from the accounts of 22 Citi customers over the last eight years .
When I first read the headline, my initial thought was that this was yet another unfortunate example of an organization not having set-up or maintained appropriate access controls (to grant access to only those who really need it) and that lacked visibility into what activities are actually happening.
Turns out, my initial thoughts were wrong. As part of her job, the employee needed access to the information. And it also sounds like the fraudulent activity should have been visible to Citi:
“FINRA said its investigators had determined that Citi failed to detect or investigate a series of so-called red flags that should have alerted the bank to Moon’s fraudulent use of customer funds.
The red flags included exception reports that highlighted conflicting information in new account applications, as well as customer account records that reflected suspicious funds transfers between unrelated accounts.”
It sounds like that with the systems and exception reports Citi already had in place that they should have detected the suspicious activity involving transfers and disbursements in the accounts.
This is a reminder that simply investing in technology isn’t good enough. Successful deployment must include not only training for the IT department on how to properly install and configure, but also training for end users that are responsible for consuming and acting on the information provided by the system.
