Posts from ‘Conferences and Events’
Ipswitch has been cautioning companies about the dangers of private/confidential information being sent through Google (and other hosted and person-to-person services), both from a security and a responsibility perspective.
Last week’s GMail hack further drives home the point that organizations must proactively manage and have visibility into what information is being shared with service providers and how information is being sent between people.
Don’t let your guard down and simply treat the cloud as just another internal resource…. They need to be properly managed and governed just like any other third-party.
Ipswitch’s Frank Kenney recently concluded a 4-part webcast series on integration. It’s not too late to watch a replay of it. In parts 3 and 4, Frank talks through the issue of relying on cloud providers and provides tips for managing and governing cloud and person-to-person interactions.
Google revealed yesterday a targeted phishing attack from China against hundreds of GMail users, including government officials and military personnel. The FBI, Department of Homeland Security, and the White House National Security Council are all participating in an investigation of the cyber attack.
My hope is that this breach will serve as the wake up call that public and private businesses need to start enforcing policies around personal email. According to an Ipswitch survey at the InfoSec Europe conference, employee use of personal email is still a major problem. Nearly 70% of respondents send classified information (including payroll and customer info) via standard email every month… And 40% admitted to sending confidential information through personal email accounts specifically to eliminate the trail of what was being sent to whom.
Have you provided your employees with a simple tool to send large and confidential files? Do you have visibility into what is being sent and to whom?? Do you have a documented AND enforced policy around using personal webmail accounts from work computers???
Employees have proven over and over that they will ‘do what they need to do’ in order to be productive. It’s critical that organizations provide simple, safe and auditable tools that enable employees to collaborate and share files. It’s equally important that they govern employee activities to mitigate data risk by increasing visibility, control, compliance and security.
“Google has asked for U.S. government support against censorship, but the government’s response has been to ask companies to take responsibility. If Google does have an ulterior motive, it’s likely to be to pressure the U.S. government to take a more active role in defending U.S. companies in markets like China that present obstacles to fair competition.
Google is urging Gmail users to review their account settings to make sure they’re secure, but Kenney suggested Google could do more to alert users when their accounts are accessed from an unfamiliar IP address or when their accounts have been configured to forward messages.”
Last week I ranted a bit about the importance of governing your cloud vendors. At about the same time, Ipswitch’s Frank Kenney participated in a panel discussion on cloud security at the Interop conference in Las Vegas.
As you know, there is great debate over whether cloud services are secure enough for businesses to use. I believe that the cloud model will quickly evolve and prove itself to a point where security is deemed no riskier than doing business with solely on-premises tools.
I also believe that member-driven organizations such as the Cloud Security Alliance – which focus on providing security assurance within Cloud Computing – will help us get there.
At the Interop discussion, Frank Kenney spoke about the safety of the cloud, here’s what he had to say:
“Cloud customers have the obligation to assess the risk of allowing data to be stored in a cloud based on how valuable it is to the customers…. The cloud is as secure as you want it to be.
Cloud services can provide value if performance and service-level agreements align with what customers need. If not, customers shouldn’t buy them. It’s not ‘the sky is falling’. Assign risks appropriately. Security is just one of many things you have to do.”
Did you know that Managed File Transfer solutions have become the most widely used mechanisms for integrating your applications and processes with those of your customers and partners?
Are you feeling frustrated by your middleware’s inability to handle data or large files?
Join us to learn more about how MFT can gracefully extend your Enterprise Service Bus (ESB) suite and integrate into your existing enterprise technology. We’ll also cover the governance benefits of integrating MFT with B2B processes and applications (such as governing your file transfers can solve 60-70% of your compliance and regulatory issues).
- Speaker: L. Frank Kenney, VP of Global Strategy at Ipswitch
- Date: Wednesday, March 16, 2011
- Time: 11:00AM ET
We’ve got some fresh stats and trends to share from data that we collected at the recent RSA Security Conference. Many thanks to the “statistically significant” number of people that took the time to fill out our survey questionnaire.
Our survey results highlight some major security and compliance concerns for businesses – information security, visibility and policy enforcement remain a major problem in 2011. Here are a few key data points:
- 65% have no visibility into files and data leaving their organization
- >80% use easily lost or stolen portable devices like USB drives and smartphones to move and backup confidential work files
- >75% send classified documents as email attachments – including payroll, customer data and financial information
- >25% percent have purposely used a personal email account (like yahoo or hotmail or gmail) instead of their work accounts as a way to hide their file transfer activity
- 55 percent said their companies provide – but do not enforce – policies and tools around sharing sensitive information
The fact that so many companies admittedly lack visibility into the files and documents that are moving around and leaving their organization is pretty scary. How can an organization protect information that they don’t know even exists? Clearly, increased focus is needed to first identifying sensitive data and then protecting it – These critical information security components should be carefully baked into an organizations security, governance and compliance initiatives.
Lastly, I’d like to vent on the last data point for a minute. Policy creation simply isn’t enough…. the enforcement of that policy is the critical step. Writing down a policy but not enforcing it is just as risky as not having documented the policy in the first place. Creating the policy is a good start, but please please please don’t stop there.