Tablet Security in the Enterprise: Risk and Remedies

Today, malicious apps and malware continue to be the number one security threat in tablets, followed by public Wi-Fi eavesdropping. Tablets can easily be infected by clicking on a malicious link or by entering company credentials into a phishing page mimicking itself as a challenge page.

While we’ve seen examples of the mobile platform companies proactively addressing malware attacks – the iPad 2Smart Cover security hole fixed by Apple’s iOS 5.0.1 release and Android’s 58 malicious applications, which were downloaded onto 260,000 devices before Google remotely wiped the devices clean – it’s simply not enough. Not to mention, these remedies aren’t always applicable to tablet devices, with only a small percentage maintaining an always-on 3G connection, making it nearly impossible to implement a real-time security fix.

Two ways that mobile platform companies have typically remedied security holes exposed by malware: OS security re-architecture or stricter entry programs into app stores. However, the stricter the app adoption rules and implementation restrictions (so as to not allow a bad app into an app store), the less number of apps enter the market in a given time. While Apple has the luxury of highly scrutinizing the apps it approves, Android–coming from behind—has looser controls in an effort to balance innovation with security.

The recent Smart Cover security hole uncovered in iPad 2 and fixed by Apple’s iOS 5.0.1 release is the OS remedy; and Android’s 58 malicious applications, which were downloaded onto around 260,000 devices before Google eventually admitted it and wiped them from devices remotely, is an app store remedy.

Both of these remedies are not acceptable solutions for enterprises. Enterprise IT heads cannot wait for a new OS release or a re-evaluation by the app store when a malicious attack is siphoning confidential data from thousands of devices. The situation gets even more critical when malicious apps get on tablet devices. Unlike smartphones, most tablets are still tethered devices. Only a small percentage of them have always-on 3G connection through which a remedy can be applied immediately.

Accellion Secure Mobile Apps give enterprise tablet users the ability to securely share, edit, send and receive files in their workspace without the fear of a malicious app or link compromising their content and identity.

Accellion Secure Mobile Apps work in conjunction with Accellion Secure Collaboration to keep everything in an encrypted, secure, private container, even if a tablet user decides to download a file onto its local drive.

Should malware infect an Accellion Secure Mobile Apps user device, nothing is lost. Or, if it tries to access the tablet’s local drive, it will see nothing but a bunch of encrypted files. Users could be on an iOS, Android or BlackBerry device, and it will behave the same.

And then there is the internal threat, when people get distracted and leave behind their device by accident. If there is sensitive corporate data on the tablet and the device ends up in the wrong hands, it could easily lead to a reportable data breach. With Accellion, IT has control and management over the application, so if a device is lost or stolen, Accellion administrators can easily block access remotely and reset credentials.

Look for the discussion about tablet security to continue on this blog, but in the meantime, the more you use your tablet like a laptop, the more you should consider taking security measures.

Your iPad Is Not Your iPhone: Get Secure

Over the past year, we’ve seen the iPad become more prevalent in the corporate world – and why not? Its portabilityis ideal for employees on the go and users are able to blend work and personal use on a single device. Yet, it’s these two benefits that have introduced new security concerns for IT, with the iPad often treated more like a grown up iPhone than a corporate computer.

Of course, the laid back attitude towards iPad security is understandable. Tablet adoption has been predominantly driven by consumer usage, with public Wi-Fi and cloud computing making it simple to upload and download files and applications at will – whether Angry Birds, grocery coupons or the latest corporate PowerPoint.  But, the freedom of anytime, anywhere access, combined with the increased volume of corporate data being shared via iPads, has blurred the lines between corporate access and casual entertainment.

Yet, the harsh reality is that malicious apps and malware are the number one security threat to tablet computers, followed by public Wi-Fi eavesdropping.  Phishing attacks are phishing attacks, whether your users are on a PC or an iPad, and enterprises need to implement the same strong security measures regardless of the device.

So, what’s an IT group to do?

Individuals should be able to send, share, and access files and applications, while you ensure they’re protected from malicious content. Accellion Secure Mobile Apps is one viable option – providing around-the-clock secure access to files to a range of mobile devices, plus encrypting documents for future, offline use. Plus, if the device is ever lost or stolen, administrators can easily block access remotely and reset credentials.

Let’s face it: your employees were likely attracted to the iPad because it makes their life easier – and maybe a little more fun. So, the key is to boost security while enabling employees to work and interact exactly as they do today.  The discussion on tablet security is far from over, so look for more insight on our blog.

Some insights from the 2011 Gartner Data Center Conference

The first day kicked off quite early with Gartner presenting top 10 major IT trends and then they had several individual sessions.   Some notes on Big Picture trends:

1. Physical Infrastructure management is becoming very critical.  One stat shared was that one data center could consume many time more  energy than 100 offices that depend on those data center application and services.

2. Compute Fabrics are starting to emerge in the enterprise and it is going to accelerate.  Compute fabrics are also known as Cisco UCS and HP
Converged Infrastructure and refer to the ability for the enterprise to seamlessly add and expand compute capacity that comes pre-integrated with server, storage and networking elements.  Our perspective has been ”Converged Management for Converged Infrastructure”.  If  infrastructure is converging, why shouldn’t management.

3.  Hybrid clouds are going to be the norm.  Hybrid clouds are going to be driven more by need to focus core capabilities within the firewalls and
outsourcing non-essential applications.  This is differentiated than enterprises using hybrid clouds purely for bursting capacity.

4.  Challenges in cloud computing are going to be around integration and security.  Specifically around integration they mentioned that integration costs could get so high that the gains from cloud could often be lost in the integration costs.

by Ashish Kuthiala

Buried Alive by Consumer Applications in the Workspace

An article in GigaOM citing new research by Unisys on the consumerization of IT recently piqued my interest.   According to the research, IT pros underestimate the use of consumer technologies in the workplace by a whopping 50%.  In fact, IT decision-makers gave themselves a rating of only 2.9 for overall support of employee owned mobile devices, social applications and integration of social apps with enterprise applications.  According to Isabella Mark, director of Global Solution Management at Unisys, IT is falling behind in addressing and benefiting from consumer technologies due to the sheer volume they now have to deal with.  Each new technology that employees bring into the workplace is another technology that IT needs to figure out how to use, manage, or perhaps even ban.

For many, Dropbox represents the poster child for the consumerization of IT.  Free and easy to get your hands on, the Dropbox consumer file sharing app has spread like wild fire through organizations.  And now IT and security teams are grappling with how to deal with the security risks of unmanaged, untracked file sharing of enterprise data via personal Dropbox accounts.  Learn more about the privacy concerns of consumer file sharing apps that stem from the consumerization of IT in our latest whitepaper, “Beyond Dropbox: Requirements of Enterprise Class Secure File Sharing.”  While Accellion’s solutions are enterprise-class, they are created for ease-of-use, and also provide the security and management that IT requires.

Stillman, J. (2011, November 18). Consumerization study: It pros swamped, behind on mobile. Retrieved fromhttp://gigaom.com/collaboration/consumerization-study-it-pros-swamped-behind-on-mobile/

Nina Seth - Product Marketing Manager at Accellion.

Evolving Mobile Data Security Risk

In 2010, Oracle surveyed more than 3,000 people from around the globe to discover how people communicate. The overwhelming response was mobile, mobile, mobile. In 2011, Oracle conducted a second survey calling it The Future of Mobile Communications-Take Two. This upgraded report delivered interesting results about mobile phone usage and the perceptions of mobile devices.

I don’t think we have to discuss the “bring your own device” (BYOD) trend or the fact that employees are using mobile devices to share files & access business applications. The lightning fast proliferation of data hungry users is the thing that organizations and IT managers are trying to manage. The respondents of Oracle’s 2011Future of Mobile Communications-Take Two report confirm that these trends are permanent. That’s bad news for our telephone booth frequenting super hero.

How data hungry were the users from the survey? Over the past year alone, mobile data usage increased 47%. Even more remarkable is the fact that 55% of those surveyed reported having downloaded a mobile app, up significantly from 42% in 2010.  The most dangerous threats posed by downloaded mobile apps are well-documented in Veracode’s Mobile app top 10 list. Even more notable was the fact that 25% of mobile web users are mobile only.

When respondents were asked if they think that information stored or transmitted with a mobile device is secure, the results were disproportionate. Thirty-two percent of those asked thought their information was secure. Sixty-eight percent said that they didn’t think the information stored or transmitted with a mobile device was secure.

People can be their own worst enemy when it comes to security.  Ten percent of all iPhone users have 0000 or 1234as a device password. The fact that there are mobile data security programs available and not being used is indefensible.

For all these reasons, mobile devices are the most popular target for data theft.  In several upcoming blog posts we will discuss some Dos and Don’ts of mobile device security and take a closer look at mobile security compliance.

Nagar, M. (Designer). (2011). Introduction and evolution. [Web Graphic]. Retrieved fromhttp://www.bluegenietech.com/blog/tag/history-of-mobiles/

New chapters, new challenges, new growth.

With cybercrime now one of the top four economic crimes facing governments and companies globally and a quarter of all economic crime committed in the past year cyber based, the need for greater information security strategy and awareness has never been greater.  

The UK Government’s recent announcement of strategies and initiatives to safeguard critical infrastructure and systems is a welcome indicator of the shape of things to come, as information security climbs rapidly up the corporate and government agenda. The UK Government's announcement of a pilot programme to bolster co-operation between state and private information security professionals, along with the proposed establishment of a cyber crime unit within the National Crime Agency by 2013 are very welcome developments.

Today, key industry figures have gathered in London for the Cyber Security Summit . At a time when the online rules of engagement are changing, governments and businesses around the world are looking to meet challenges head-on, it's clear that the information security market is set for significant growth over the coming years. Exciting times lay ahead for the industry and Clearswift is very excited to announce the beginning of a new chapter for us, following our acquisition by mid-market growth investor Lyceum Capital.

The deal will allow Clearswift to increase our focus on content-aware security solutions as well as broaden our software range, acquire further technical capabilities and develop our geographical reach.

As part of this new chapter, we welcome highly experienced software entrepreneur and former CEO of IRIS Software, Martin Leuw as our new Chairman. Under Martin's leadership, IRIS grew in value from £30m-£500m in 10 years, transforming it into one of the UK's largest privately-owned technology companies. Martin is joined on our board by Lyceum Partners Jeremy Hand and David Harland.

Clearswift will be gaining some excpetional experience and knowledge to support the business through the next phase of growth and we're looking forward to a bright future. Our heritage in content inspection and flexible policies, backed up with excellent service, makes us exceptionally well positioned to meet customer needs in a world where social media and web technologies are rapidly transforming the way we all do business.

Full details are available here

Richard Turner

The data explosion should drive flexible IT policies

I read a fascinating fact last week. Apparently 90% of the world’s data has been created in the last two years alone.

Incredible. But actually not as surprising as it first appears when you think about the massive growth in online and social networking over recent years. As a widely adopted consumer trend, such technologies have inevitably infiltrated the business world; becoming a highly valuable and living, breathing part of many organisations.

But this data overload presents its own challenges. A recent article in Computer Business Review discussed the needs of a company’s marketing department regarding social media access. The marketing department is often one of the biggest supporters of social media in the workplace; at its most basic level it provides an ideal platform to engage with a wider range of customers and contacts. But at the same time marketing can also be the department with the most challenging task, ensuring the company’s reputation and brand are safeguarded and protected.

Flexible policies combined with security technology can go a long way towards helping address these issues. Overarching stop and block policies for social media not only cut off a valuable way of communicating with customers, partners and, of course, colleagues but it also prevents some departments from carrying out their roles to their fullest potential.

Flexibility is the key to social media success for businesses. It supports productivity, maintains staff morale and also helps ensure that where there are instances of malicious or accidental data leakage, safeguards are in place to protect the brand.

Flexibility is often needed on a department by department basis. Clearswift solutions allow for rules to be tailored right down to employee level and it’s even possible to enable time quotas and rules for specific websites and services. This allows individual departments, such as the marketing team, the freedom to allow communication in precisely the way they need while maintaining administrative simplicity.

If businesses are to capitalise fully on the benefits of social media, they must adopt a flexible policy approach that goes hand in hand with investment in staff training and education around acceptable use and information security issues. Too often, policy is only ever referred to when something goes wrong – when it’s too late. Staff across the whole of the business must be fully aware of policy, understand the rules and, most importantly, why those rules exist.

Nick Peart

Bend or break: CIOs must become more flexible

With 91 per cent of businesses leaders saying security concerns are hindering new technology adoption , it’s interesting to note Gartner’s recent call for increased flexibility and adaptability among CIOs struggling to cope with the consumerisation of IT in the workplace.

As CIOs face mass mobility and a proliferation of employee-owned devices in the workplace, Gartner analysts are saying that, rather than stick your head in the sand and hope the challenges go away, it’s time for companies to accept reality and adapt their security policies to deal with it. Gartner vice president Nick Jones has said that CIOs need to ‘explore new ways to provide, fund and manage mobile devices to allow employees more choice and support BYO (‘bring your own’) programmes.’

Faced with the inevitable, Gartner envisages four possible management styles emerging among CIOs attempting to deal with consumerisation: Control-oriented, choice-oriented, innovation-oriented and hand-off. Of these, the ‘innovation oriented’ approach resonates the most with me: According to Gartner, organisations taking this approach empower users to exercise more control over their devices and applications, using strong policy orientation to ensure responsible behaviour. Business doesn’t wash its hands of responsibility for critical issues; it does, however, foster a usage philosophy under which policy dictates technology, not the other way around.

Education and communication play key roles in achieving this mentality. Rather than operating at a remove from the rest of the business, CIOs should engage with and work with staff, proactively educating them about the risks associated with device proliferation – and facilitating the behaviour changes needed to make things work securely. Blocking won’t make the challenges go away, but will ensure you never really find solutions that work for your business.

Policy, not policing will allow those 91 per cent of business leaders to truly innovate and evolve in step with emerging technologies and services.

Nick Peart

Why AccelOps and Industry Trends

My name is Mahesh and this is my first blog post at AccelOps.  I lead the product marketing and product management functions at AccelOps.

Several former colleagues and friends have asked me “Why AccelOps?”  It is a good question and a simple one to answer.  My passion lies in driving promising products and technologies to mainstream acceptance.  I’ve done this at companies such as HP, IBM and start-ups such as Loudcloud, Collation and Kontiki.  It is exciting to see how AccelOps has leveraged technology and innovation to build an obsolescence-proof cloud generation IT management platform.  Furthermore, I am energized by the enthusiasm of our customers and partners.

Instead of just extolling the virtues of our product I would like to highlight some key industry trends that are driving next-gen thinking on how IT monitoring and management products are built.

1. Virtualization and cloud:  Has created a paradigm shift that invalidates several assumptions built into traditional IT monitoring platforms.  Consider this – change windows are compressed from week/s to hours, minutes and seconds due to vMotion, DRS etc. The high velocity of change and the inherent complexity it creates demands new approaches.  At the least, your monitoring platform must be built for high velocity change.  There are other implications of virtualization and cloud on monitoring platforms, which I will highlight in subsequent posts.

2. Data explosion: Traditional IT monitoring products were created in an era when making management data easily available to and consumable by IT monitoring and management products wasn’t a high priority for device and software vendors.  Consequently, traditional IT monitoring products were optimized to solve the data collection problem.  That’s changed now.  Vendor MIBs readily provide valuable data.  And growing infrastructures and virtualization have resulted in an explosion of data – it is now a big data problem.  As a result, the challenge has definitively shifted from collection to connecting the dots across domains and accurately analyzing it in real-time.  Data analysis is the big problem not data collection.

3. Hybrid Clouds:  Both analyst opinion and customer surveys point to enterprises adopting a hybrid strategy going forward – traditional data centers, private clouds and public clouds.  Three key implications for this are Security, SLA and Scale.   Security needs are pervasive as there is no single “perimeter” to guard.  SLAs need to be maintained and managed across environments and the IT management solution should easily scale to accommodate diverse distributed environments.

4. DevOps:  Is an organic movement that is bringing together development and operations teams to improve agility and reduce problems during hand-off from one group to another.  As this movement goes mainstream it will have profound impact on IT Management tools.  IT operations tools will not only provide data and statistics but also enable collaboration across IT teams to achieve superior results.  I am a huge believer in DevOps and a previous blog post on the stages of DevOps evolution can be found here (http://bit.ly/rqAZ2O).

http://www.accelops.com/blog/?p=436

AccelOps Achieves 350% Growth in FY11

SANTA CLARA, CA--(Marketwire - Nov 7, 2011) - AccelOps, Inc., the only provider of end-to-end monitoring solutions built for virtualized cloud-generation data centers, finished a strong fiscal year 2011 growing bookings 350 percent and more than tripling its customer base across multiple sectors including Cloud Service Providers (CSPs), financial services, healthcare and manufacturing.


AccelOps is ramping up to meet fast growing market demand. The company has expanded into a new, larger facility, and has expanded its sales and channel presence in the U.S., Europe and Latin America.
In fiscal year 2011, AccelOps won industry awards based on competitive benchmarks by independent third parties, including Frost and Sullivan's Global New Product Innovation of the Year Award in Enterprise and Service Provider Infrastructure/Cloud Monitoring. AccelOps was also recognized as one of CRN's Top 20 Cloud Software and Apps Vendors of 2011.
"The AccelOps platform is resonating with our customers and that is driving our strong financial performance," said Elie Antoun, president and CEO of AccelOps. "Our customers want the advantages of virtualization and cloud computing and are turning to AccelOps for a management system to get the complexity under control so that they are able to do more with fewer resources."


About AccelOps
AccelOps provides industry's first IT management software that monitors performance, security and configurations -- key interrelated metrics in dynamic virtualized data centers. Based on big-data scale-out architecture, AccelOps automatically analyzes and makes sense of behavior patterns spanning server, storage, network, virtualization and applications to rapidly detect problems. AccelOps works across private clouds, public clouds and traditional data centers to bring proactive and comprehensive service health visibility. For more information visitwww.accelops.com.

Had to Pause Angry Birds to Forward a File to my Boss

Walk around any organization today and you will see people using the newest and coolest PCs, smartphones, and tablets. It’s not just the normal suspects that love the IT gadgets. It’s everyone from the CEO to the summer intern. Even my mom got an iPad and is getting in on the action.  It’s so easy to download emails and send photos to relatives. She takes it with her everywhere—even work. Everyone loves these devices at home and work because they’re easy to use. I suspect employees will be taking their devices on upcoming holiday vacations.

The problem that IT managers have is identifying the line between personal and business computer use. We know it has been blurring for years, but today it’s practically gone. The availability and variety of powerful mobile devices, along with the simplicity of adding apps, and cloud services has increased the distortion between personal and business use more than we ever imagined.

A new study sponsored by Unisys found that 40.7% of the devices used by workers to access business applications are ones they own themselves, including home PCs, smartphones, and tablets such as the iPad. Nearly 10% reported using their personal tablet for work—a device that did not even exist just 15 months ago.

With this in mind, most IT managers and CIOs are well aware that we’ve turned a page and there is no going back.  The real question is, how can organizations cope in a world where the line between a personal and business computer is “cloudy” at best? The answer is identifying security issues and managing enterprise data.

Accellion provides the kind of enterprise solutions that offer the control and flexibility that IT needs, while keeping users happy with easy-to-use file sharing and collaboration applications that can be accessed anytime, from anywhere. And if you have employees like my Mom, who bring their iPad to work, you’ll be glad you invested in securing your sensitive enterprise data.

For the most up-to-date news and information about this Accellion, follow us on Twitter, Facebook, and LinkedIn.

Content for this post is excerpted directly from the IDC iView 2011 Consumerization of IT Study: Closing the ―Consumerization Gap, July 2011, sponsored by Unisys. The multimedia content can be viewed athttp://www.unisys.com/iview.

Good fences make good neighbours

It’s not that long since I wrote a blog post bemoaning Australia’s privacy laws as ‘toothless tigers’, pointing to our country’s lack of mandatory disclosure legislation as an ongoing challenge for information security. As such, I welcome Home Affairs Minister Brendan O’Connor’s recent announcement that disclosure and privacy reforms could be fast-tracked - if the department was presented with evidence that enterprise information security was inadequate. For all that, I’ll be keeping the bubbly on ice for the time being...

While I do welcome the prospect of reforms that feel like they’ve been in the discussion stages forever finally seeing the light of day, you have to question the adequacy of a process that calls on those with the most to lose to own up to their failings so you can expedite the process by which they’ll be penalised.

The Australian Law Reform Commission first published its recommendations for data breach notification legislation back in 2008. And with public consultation for the privacy reforms ending on November 3rd, it’s hard not to be cynical and wonder whether we’re looking at another long period of talk with little in the way of action. Meanwhile, SC Magazine reports that security specialists claim the scale of Australia’s data theft problem goes well beyond anything our government or even the local media know about.

Australians were first asked to consider whether privacy was a legal right back in 1937. On that occasion, Chief Justice Latham said that “Any person is entitled to look over the plaintiff’s fence and to see what goes on in the plaintiff’s land. If the plaintiff desires to prevent this, the plaintiff can erect a higher fence.”

All well and good when few homes had even a telephone, but in a digital age, it’s increasingly difficult for individuals to erect higher fences around all the personal data they’re obliged to submit for even the simplest of day-to-day tasks. Financial services verification routinely involves the furnishing of further identifying details, from passports to driving licences, place of work, payroll numbers, even your mother’s maiden name. And while logic says the onus for building adequate fencing around that data lies with the organisation that holds it, the law suggests otherwise – and the absence of any clear mandatory penalty underlines a highly unsatisfactory state of play.

While we’ve been strolling towards a solution, it’s not only technology that’s outstripping us; other countries and regions such as the EU and US have implemented some major changes in recent years, where prompt responses and fines for data breaches are the standard minimum requirement to keep organisations of all kinds on their toes.

Data breaches are, sadly, inevitable. It’s impossible to prevent an employee from accidentally leaving sensitive paperwork on public transport, for example. But there are still some practical solutions. In the first instance, it’s important that legislation is in place; after that, it’s ultimately up to businesses to take responsibility for themselves by taking practical steps to educate employees and create visible security across the organisation. Businesses should apply visible security strategies, informing users of policies, using tools to remind staff of what constitutes a breach and enabling managers to get a better handle on their data and where it is.

Businesses in Australia are playing their part, but more certainly needs to be done when it comes to legislation and education. As of April this year, twice as many breaches were reported compared to 2010. The law needs to be reinforced and reviewed to accelerate post-breach actions so that companies can take responsibility and put solutions in place. The time for talk has passed.

Phil Vasic

Data breaches put the scare back in Halloween!

For most people outside the IT profession, the scariest thing they deal with on Halloween is a spooky costume or the newest episode of AMC’s ghastly drama “The Walking Dead.” For IT professionals, a data breach is far worse. With the frequency and cost of data breaches on the rise, it’s easy to see why the topic worries IT professionals. In its fifth annual survey the Ponemon Institute showed a significant spike in legal defense spending to address fears of successful class actions resulting from customer, consumer or employee data loss. In fact, the total cost per data breach incident now exceeds six million dollars.

If that’s not enough to chill IT and security professionals, another report commissioned by Websense surveyed 100 IT managers around the world about the latest threats to corporate security. The IT managers surveyed went on to say that data loss incidents put their jobs on the line, and that managing the stress of a company data breach is more taxing than divorce, managing personal debt, or a minor car accident.

There were 561 data breaches in 2010 and 589 data breaches to date this year. To avoid the stress of a data breach, IT professionals are employing robust security strategies to ease their worries.

We do our part to help Accellion’s customers and their business users protect data while sharing files with external and internal users.

As for the haunts of Halloween… there is nothing that can help the chills and thrills.

by Ryan Swindall

Three of NetVision's recently released feature upgrades that we know you'll love.

NetVision recently released version 7.2 of our product suite. Recently, we covered a few of the new features that were introduced, including the ability to find the real owner of files and folders, identify where permissions may differ from a share level folder, and track workstation logon activity. This time, we'll discuss three more enhancements and how they can add value in your environment.


1.  Combined Permission and Activity Reporting

Access Rights Inspector provides calculated effective rights reporting across the file system essentially answering "Who has access to what?". One of the really powerful uses of this tool is to run a report showing to what a given user or group has access. As you drill down on a specific file or folder, you have access to effective rights as well as explicit rights assignments so that you know how those permissions are actually assigned. But until recently, if you wanted to review the recent activity on that file, you'd have to switch over to NVMonitor reporting and then adjust the scope of the report to that specific file.

That's a few more clicks of the mouse than we were comfortable with. So, with the release of 7.2, the Access Rights Inspector details pane provides file activity data from NVMonitor right there. No additional clicks required. It also tells you who uses the file most so you can quickly identify the potential owner or high-frequency user to answer any questions about that particular file.


2.  Role Based Access to Reports

NetVision's reporting console provides access to reporting for the entire NetVision suite. Because there are numerous types of users who want access to NetVision reporting, it was a natural extension to provide role-based access to reports. A department manager should perhaps only have access to the reporting on the security groups and files that are relevant to their department. A finance auditor might only need access to the READ events on certain files and certain exceptions rather than ALL file activity.

Previously, these scenarios were handled with the built-in report scheduling and automated emailing of reports to users based on their need. But, role-based access to reports provides additional control so that report consumers can set their own report schedules and leverage the report parameters which make searching through data a breeze.


3.  Automatically Linked Reports

One of NetVision's clear advantages is our separation of data from display. Our event information is normalized and stored in a relational database. Reporting, then, is extremely flexible in that the same set of data (e.g. group changes) can be viewed in numerous formats (e.g. a pie chart based on who did it, a bar chart based on type of change, a tabular view of chronological changes, etc.) Some NetVision users felt a bit overwhelmed by all the choices.

So, with the 7.2 release, NetVision introduced linked reports into our policy management console. As you are managing policies, there is an additional tab that enables you to select from a recommended report template list. Upon saving the policy, those reports are automatically created in the reporting console. The initial feedback is extremely positive. Linked reports save a few steps and make process of selecting the best report template for you a lot easier.


by Matt Flynn
NetVision

Go Mobile, Go Secure with Accellion

The latest Accellion Mobile App for iPhone and iPad with support for iOS 5 was introduced today.  With this release, Accellion is leading the industry when it comes to enterprise mobile file sharing security features and control.

The Accellion Mobile App offers the industry’s first encrypted, protected container for mobile file sharing, including 128-bit AES data encryption for files locally saved on a mobile device.  For those of you with iPhones and iPads you now have a secure way to save files locally on your mobile device.

Let’s say you’re travelling on business.  Momentarily distracted by thoughts of your upcoming presentation, you leave the iPad behind at the security line.  If you have been using a consumer cloud storage app, your files can be easily accessible to the next person that picks up your iPad.

With Accellion, files downloaded and saved on to the device are automatically encrypted.  If you don’t see your iPad again, at least other people won’t see your information.  Oh, and your files are still safe, secure and available to you from your iPhone and laptop.

We’ve built a number of additional IT and security features geared for enterprise use into the Accellion Mobile App. Learn more.

The Accellion Mobile App is a free download and works in conjunction with Accellion Secure Collaboration and Accellion Managed File Transfer.  Register for a free 30-day individual user trial of the Accellion Mobile App at: http://www.info.accellion.com/mobile-trial.html

Monitor. Communicate. Educate.

Last week, the US-based National Institute for Standards and Technology (NIST) issued new guidelines on monitoring information security across computer networks, devices and software. In the wake of a series of high profile data breaches, the recommendations reiterate the ongoing need for companies to take control of their IT security strategies and policies.

A key message in the guidelines is that an effective, continuously monitored information security programme helps organisations move from purely compliance-driven to data-driven risk management.

This is an important shift for many organisations; while no one can deny the ongoing, growing need to comply with increasingly complex regulations, there’s more to security than box checking. As the NIST points out, data-driven risk management gives organisations the information they need to “support risk response decisions, security status information and ongoing insight into security control effectiveness.”

On the face of it, it all sounds very complicated. Monitoring all risks while negotiating a path through compliance leaves a lot of organisations bound up in so much red tape that they simply opt for what looks to be the easiest route: lock, block and limit communications. As we’ve seen so many times before, this is a self-defeating approach that ultimately holds companies back.

We operate in a dynamic business environment, not a vacuum; companies need to be flexible and agile. This calls for equal measures of self knowledge and threat understanding – and effective monitoring can help get you there. Security should be about policy, not policing, and quality risk assessment drives quality policy, which in turn allows your organisation to communicate with confidence.

Monitor. Communicate. Educate. Security policy should drive technology, not the other way around.

Nick Peart.

The fine line between transparency and privacy

Public sector organisations have unique information security challenges. Trusted to legitimately gather and use citizens’ private information, they are also required to adhere to standards of openness and transparency in everything they do. It’s a tough line to walk, as the Scottish Council of Dumfries and Galloway recently discovered, when it accidentally published the personal details of almost 900 employees – in response to a Freedom of Information (FoI) request.

Among the data made public: names, dates of birth and salaries. All up on the council’s web site for over two months before people noticed and complained.

The difficulties of being both transparent and secure were underscored by the Information Commission’s Ken MacDonald, who said that “Being open about council pay is a fundamental way that citizens can hold local authorities to account, but that should never be at the expense of upholding individuals’ privacy rights.” MacDonald added that the council was now reviewing its procedures in light of the lessons learned and that appropriate checks to ensure that personal data is handled in compliance with the Data Protection Act were put in place.

On this occasion, the council avoided a financial penalty, but the incident serves to highlight the difficulties faced by public sector organisations in fulfilling their mandate to serve citizens while protecting their privacy. There’s an inherent risk in sharing information online that can only be mitigated by putting the right security procedures and controls in place – and enforcing them.

A key component of this is education and the creation of visible, flexible policies that take into account the real-world communications needs of any workforce while underlining why such policies are necessary. At a time when purse strings are tight, those charged with delivering public sector data security must increasingly look to solutions that enable them to unite technology with strong policy and people, striking a balance between compliance, risk and work requirements. Fortunately for public sector organisations and businesses alike, the guidelines are already out there. That’s half the battle – the really important thing is to ensure that they’re adhered to. By making security policies relevant to all users, organisations can support productivity and transparency while ensuring private data remains private.

Richard Turner

The Mobile Offensive! BYOD (Bring Your Own Device)

Mobile employees have been worrying IT managers for years. It all started with pagers, PDAs, and the first cellular phones. Now iPads, smartphones, and a slew of other Wi-Fi enabled mobile devices are on track to outnumber desktop computers. The local area network (LAN) that interconnects computers in a limited area such as a home, computer lab, or office building is fading fast. Most enterprise networks are moving to wireless as the primary way to connect. In the same way that video killed the radio star; Wi-Fi enabled devices and the BYOD trend are killing the LAN. Mobile devices that were restricted by IT managers are now considered indispensible for everyday operations.

Do you think the BYOD trend is not real, or a fad? According to ZDNET, about 75% of enterprises now have a “bring your own device” policy in place. That’s nearly three-quarters of companies surveyed—so yeah BYOD is for real.

A quarter of organizations give employees a whitelist of allowed devices, while almost half let employees bring in and use any device.

Bring Your Own Device? It’s real. Nearly three-quarters of companies allow employee-owned smartphones and/or tablets to be used at work, according to Aberdeen data (mix of late 2010 and 2011 surveys). A quarter give employees a whitelist of allowed devices, while almost half let employees bring in and use any device.

Here are four trends that motivate companies to try BYOD:

Employee gratification: device lust is no longer just for tech geeks. Employees love BYOD at work. Allowing BYOD can be a real motivational tool. Employees, particularly younger, on-the-move employees, see the brand of a laptop or smartphone as a lifestyle choice and an important part of who they are. Of course Apple is at the epicenter of this movement.

Tech developments: the days of compatibility problems and sharing issues from Mac to Windows are ancient history. A few anti-trust lawsuits got everyone’s attention and a solution was found. The compatibility problems were one thing. In the past the size, weight, and cost of computers made mobile computing an oxymoron.  In 1983 BYOD would not have been possible. This 29 pound BASF 7000 computer would have been nearly impossible to bring to work.  Today’s shinny mobile devices are easy to transport and don’t weight a ton.

Telecommuting and mobile workers:  some of the same technical developments listed above enable more and more workers to work from home, remotely, or on-the-go. Other technical developments like secure file transfer and secure collaboration allow external employees to be productive and secure.

Cost: back in the good old days a computer like the BASF 7000 would have hurt your back and strained your IT budget. At $2800 ($6000 at today’s dollar) this beast of burden cost an arm and a leg. Just think about that next time your fingers are deftly gliding across your light weight tablet or smartphone. With the cost of laptops and tablets around $500 the cost factor, like the BASF 7000, is a thing of the past.

At Accellion we see the BYOD trend as a shift in the increasing demand for mobile access to file sharing. If you haven’t already tried out the Accellion mobile apps here is the link.

Information security: More investment than expense

Last week, The Guardian reported that the Metropolitan Police’s Central e-Crime Unit (PCeU) had saved the UK economy £140m in the previous six months by cutting illegal trade and online practices – including preventing data loss through cyber crime.

Although it’s heartening to see that the Met’s e-crime team is likely to exceed its targets for the year, figures like this leave me wondering why so many organisations view information security as a burden to the bottom line, an additional cost that must be absorbed under infrastructure spending. It’s time for this perception to change.

There’s more to information security than in-bound threat detection; it’s about the values and benefits beyond it, some of which aren’t always immediately obvious if all you’re looking at is bottom line cost. Consider the following:

Your organisation’s ability to comply with increasingly stringent data privacy legislation doesn’t only affect internal policy, but also has a knock-on effect on your ability to trade and partner with businesses in other jurisdictions.

Our recent WorkLifeWeb research revealed that a significant number of businesses felt security concerns were hindering their adoption of new, collaborative technologies. Social media opportunities are a poster child for this: Security fears mean an increased number of businesses are blocking staff use of these services, even as management says it plans to invest more on social media in the coming year. With the right software and policies in place, social media doesn’t have to be a workplace dilemma – you can give staff the kind of access they need without having to worry about security.

You’ve got policy, you’re just not enforcing it. The really surprising thing about many of the recent, high-profile data breaches hasn’t been the fines, it’s been the fact that many of the organisations in question actually had data protection policies in place – they simply failed to enforce them. A comprehensive data protection policy is only as good as you organisation’s willingness and capacity to ensure it’s adhered to. You spent time and money developing your policies, why aren’t you extracting the value from your investment?

It’s time to view information security as an investment rather than a cost. The technology’s there: encryption, Data Loss Prevention (DLP), email and web gateways, anti malware protection...educate yourself and your employees and you’ll soon get a clear view beyond the bottom line.

Nick Peart

Accellion Named a Finalist in Government Security News’ 2011 Homeland Security Awards Program

Accellion, Inc. today announced that Government Security News (GSN), Magazine has named Accellion a finalist in GSN 2011 Homeland Security Awards Program. Accellion Secure Collaboration has been chosen as a finalist in the Best Compliance/Vulnerability Assessment Solution category.

“Accellion is honored to be recognized by GSN for the second year in a row for our continued commitment to help government agencies share files and collaborate in a manner that is highly secure and compliant,” said Yorgen Edholm, president and CEO of Accellion. “Continued recognition from GSN validates our achievements in enabling IT departments to maintain the necessary visibility and control to demonstrate compliance while providing users a secure, easy way to collaborate.”

Demand for secure mobility solutions is making it increasingly difficult for organizations to control how information is shared. Never before has the need to equip users with a secure, easy way to share information been as important as it is today. Accellion provides government agencies and enterprises with the security and tracking features necessary to protect information and demonstrate compliance.

Accellion Secure Collaboration makes it easy for government employees and contractors to securely share information with internal and external partners while ensuring security and compliance. Accellion Secure Collaboration provides secure workspaces and file transfer capabilities. Secure workspaces allow teams to streamline workflow and keep projects moving forward. Users can review, comment, upload, and download files. Using Accellion Mobile Apps, file sharing and collaboration can be easily and securely extended to mobile devices and tablets. Accellion supports public, private or hybrid cloud and FIPS 140-2 certified deployments.

Winners of the 2011 Homeland Security Awards Program will be announced on November 14 at a gala Awards Dinner at the JW Marriott Hotel in downtown Washington D.C.



The GSN Homeland Security Awards Program

The awards programs were created by Government Security News (GSN) to salute dedicated officials and their agencies and departments at federal, state and local levels of government who have created effective and cost-efficient security programs. They were also created to salute the outstanding vendors of IT and Physical Security products who have introduced innovative technologies and products that protect our nation and its people 24/7.



About Accellion

The world's leading corporations and government enterprises rely on Accellion secure file sharing and collaboration solutions to secure their enterprise information and ensure compliance. Founded in 1999, Accellion, Inc. provides enterprise-class secure file sharing solutions that deliver the ease-of-use internal and external users need while giving the enterprise organization the protection it needs. Accessible to employees and external users from the Web, iPad, iPhone, Android and Blackberry mobile devices, Accellion secure file sharing solutions offer the widest choice of deployment options spanning virtual and public, private, or hybrid cloud environments. The company is headquartered in Palo Alto, California with offices in North America, Asia, and Europe.

Keeping on top of data discrepancies

In November this year, the European Commission (EC) will publish its new version of the Data Protection Directive, the legislation on which the Data Protection Act is based, and amongst the new measures will be instructions on data processing. The updated version will include a 'mandatory data breach disclosure' law for every organisation in the public and private sectors. Adoption of the law is expected by early 2013.

Currently, it is optional for private companies to report data breaches so it is fair to assume that there are many leaks which occur that we never get to read about in the papers. This will all change once this legislation is passed. All companies’ data discrepancies will then be open to public inspection and the impact of any kind of data breach can be felt not only on the bottom line but also at a brand and reputation level. However, there are a few simple measures you can take now to avoid any corporate embarrassment down the line.

Firstly, make sure employees understand IT policy; those that are responsible for data need regular clarification on what activities may put data security at risk as well as what is and what isn’t permitted by the business. This can be achieved through frequent communication and training. In addition, once you have formulated a policy make sure it’s enforced. In extreme circumstances, this may mean having to take disciplinary action if rules are transgressed, but if you’re too lenient then nobody will take the policy seriously.

Interestingly, this EC news comes out in a week where analysts are predicting an increasing appetite for cloud computing. Ovum is claiming that spend on cloud services is growing 29% year-on-year, by 2015 it will have reached $66 billion. When you consider that the security of data is the number one concern about moving to the cloud, we have a curious dilemma for corporate UK. Businesses will not only be using services which potentially leave them more prone to data loss but if the worst happens they will be legally enforced to tell the world about it.

Richard Turner