Blog

A Look Back at the 2010 RSA Security Conference

March 11th, 2010

The 2010 RSA Security Conference was a great opportunity for us to meet potential new customers and partners and share Zecurion products and Zecurion’s vision for protecting data with information security professionals from around the world.

At times it was a little frustrating to be solicited by so many other vendors–selling employee recruiting services, public relations services, or working to get us to commit to attend other events and trade shows. Vendors of other events and trade shows in particular should be sensitive to the fact that we paid a fair amount of money to represent Zecurion with a booth at the RSA Security Conference, and that we did that so we could market Zecurion to decision makers, potential customers, and information security professionals in general–not to make it easier for solicitors to find us and steal our time.

Thankfully, those encounters were not the majority. We enjoyed meeting with and interacting with all of you who stopped by our booth. We appreciated the opportunity to share what Zecurion does, and we look forward to working with many of the people we met in San Francisco.

Throughout the week, I wandered the exhibition floor checking out the hundreds of booths. It occurred to me that there are really only a handful of security problems for organizations to deal with–maybe ten. Yet, there were probably a thousand companies represented at the RSA Security Conference, all pitching their own unique approach or potential solution to one of those ten issues. Some of the products and services are innovative and have tremendous potential, while many of them will fail to truly meet the needs they’re intended for, or  live up to the hype in the marketing brochures.

We appreciate that you, too, may have had a similar thought as you perused the rows and rows of exhibitor booths. We appreciate that the RSA Security Conference is a vast treasure of information about products and services, but that it can also be overwhelming and that it may be hard for you to separate the hype from the real solutions and make intelligent choices for securing and protecting data.

We hope you had a chance to stop by the Zecurion booth and give us a chance to answer your questions about protecting your data and securing your organization against insider threats. If you did not stop by to see us, or if you were not even at the RSA Security Conference, or even if you did stop and visit us but you still have questions, please feel free to contact us for more information. We are passionate about helping our customers solve data security challenges and we look forward to working with you.

Tags: , , ,
Posted in Events | No Comments »

Arkansas National Guard Loses Unencrypted Drive

March 10th, 2010

The Arkansas National Guard lost an external hard drive containing unencrypted data. The data on the drive included the Arkansas National Guard personnel file dating back to 1991–complete with names, social security numbers and other personal information which could put the affected Soldiers at risk for identity theft.

Thus far, there is no evidence to suggest foul play. The Guard remains hopeful that the drive is simply misplaced. However, the Guard is making every effort to identify those affected and alert them of the potential data risk.

That is good news–assuming that the Guard is correct and the data isn’t in the hands of anyone with malicious intent. But, what if they’re wrong? Or, what if they’re right that the drive was innocently misplaced, but someone with less-than-honorable intentions locates it before they do?

The fact is that the Arkansas National Guard–and any other organization storing sensitive or confidential information–could have avoided any potential breach of the data by encrypting it. A lost drive doesn’t have to put data at risk if the data it contains is properly protected.

Zecurion Zserver Suite protects data at rest. Zserver Storage’s hard disk encryption functions transparently, ensuring the safety and security of data even if the storage media device is removed–as is often the case for external hard drives. None of the data, including the file allocation tables or any Zserver Storage supporting files, are accessible without authorized encryption keys.

Zserver Storage encrypts most types of data storage hardware and devices including IDE and SCSI hard drives, RAID mirrored drives, CD/DVD optical disks and magnetic tapes, making Zserver Storage a viable, cost-effective alternative to other encrypted storage hardware solutions such as network storage appliances.

The bottom line is that it is unreasonable to expect users not to store sensitive or confidential data on drives–whether internal or external. It should be assumed that drives will contain such information, and organizations should proactively encrypt the data using a product like Zserver Suite to ensure it is protected from unauthorized access no matter where the drive ends up.

Tags: , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

2010 RSA Security Conference

March 1st, 2010

The RSA Security Conference is considered by many to be the one, premier, must-attend information security event of the year. Over the next few days hundreds of security vendors and thousands of information security professionals will descend on San Francisco’s Moscone Convention Center for a total immersion in all things information security.

Many security vendors choose to take advantage of the RSA Security Conference as a platform for major new announcements and product launches. There are hours upon hours of seminars, keynote speeches, training sessions, and other opportunities to gather information. There are also virtually endless opportunities for information security professionals to share ideas and opinions with one another and network with other information security professionals from around the world.

Zecurion is one of the vendors supporting the 2010 RSA Security Conference. Stop by Booth #2651 in the vendor exhibition hall Tuesday, March 2 through Thursday, March 4 to meet the Zecurion team, and learn more about how Zecurion can help protect your data and guard against insider threats.

We look forward to seeing you there.

Tags: , , , ,
Posted in Events | No Comments »

Protecting Data in the Cloud

March 1st, 2010

Everything seems to be about the “cloud” these days. The term “cloud” is really nothing more than a word for describing the Internet. Rather than building a data center and hosting servers internally, server capacity and data storage space can be bought or leased from third-party data centers on the Internet–or “in the cloud”.

Cloud computing provides an array of benefits for companies of all sizes, but it also introduces some new and unique challenges when it comes to data protection. Trusting your data to be stored in the cloud requires extra diligence to ensure it is protected and that any applicable compliance requirements are met.

Protecting Data in the Cloud discusses the benefits of data storage in the cloud, as well as some of the caveats and concerns to be aware of. It also talks about the need to protect your data in the cloud and some solutions to help you.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

XChange Solution Provider

February 17th, 2010

March 8-11, 2010
Hyatt Regency Century Plaza, Los Angeles
XChange Solution Provider 2K10

Zecurion will be participating in the XChange Solution Provider 2K10 event in Los Angeles, March 8 through 11. Kickoff the year right and be a part of the world’s leading IT channel event! This is where top Vendors and Solution Providers meet, network, train and define the future.

Discover How to Reboot for 2K10 – CTRL/ALT/DELETE

  • Take CTRL of new services, products, solutions and become more focused.
  • Incorporate ALT solutions, technologies, revenue streams, and social media outlets. Solution Providers are looking for alternative, emerging solutions and new vendor partners.
  • DELETE unnecessary business processes, deficient vendor partners, bad habits, and poor product lines.

XChange Solution Provider hand-selects 225 executive level, pre-qualified Solution Providers, together with channel vendor companies to meet, network, build relationships, and ultimately do business with one another.

Stop by and visit with us to learn more about Zecurion and how we can work together to make 2010 a successful year for everyone.

Tags: , , , ,
Posted in Events | No Comments »

Virtual Symposium: Web Application Security

February 16th, 2010

Join Zecurion this Thursday, February 18th at 2pm Eastern for the SC World Congress 24/7 Virtual Symposium: Web Application Security.

Here is an overview of the event from the site:

“Cybercriminals no longer rely on operating system vulnerabilities to raid corporate networks ripe with sensitive information. Today they need only scan websites for there over-abundance of vulnerabilities to launch their attacks. Indeed, most data theft attacks enlist these unplugged holes. But, building what some in the industry call ‘hack-resistant’ applications, takes planning, time, knowledge and myriad resources. But, many experts note, building security in from the ground up is well worth the effort. However, what about those applications that are up and running? We talk to experts about the trials and tribulations of safeguarding web applications, finding out practical steps for protecting this too-often-used entre’ into business networks.”

Stop by and “visit” us at Zecurion’s virtual booth.

Registration is free: http://events.unisfair.com/index.jsp?eid=474&seid=361

Tags: , , , , , ,
Posted in Events | No Comments »

Ceridian Hack Exposes Data on 27,000 Employees

February 9th, 2010

Ceridian, a provider of benefits services for thousands of client companies, had its payroll processing division hacked, exposing names, Social Security numbers, birth dates, and bank accounts of 27,000 employees from 1,900 companies nationwide.

The attack apparently occurred December 22 and/or 23 of 2009, but affected individuals were not notified until late January. When asked why it took so long to let employees know their data was compromised, Ceridian spokesman Keith Peterson said “We took immediate preventive steps to ensure no further incident of this type would occur.”

Peterson added ”While the total number of employees affected is small, in our minds one is too many, and we are handling this incident according to our established protocol.”

27,000 may not be a large number relative to the total number of employees managed by Ceridian payroll, but to call the number “small” and wait more than a month to alert affected individuals seems to be a rather cavalier response. Kudos to Ceridian for being fortunate enough to not have exposed 270,000, or 2.7 million employees’ data, but to the 27,000 who are affected it is a matter of grave concern and utmost urgency.

Its nice that Ceridian took “immediate preventive measures”, but it should also disclose what measures were in place, how they were circumvented, and what additional security controls were implemented to mitigate the attack. Ceridian falls under  a variety of compliance mandates and it would be interesting to know whether the attack breached otherwise compliant security controls, or if Ceridian dropped the ball somewhere in implementing security and protecting data.

Whether Ceridian’s network and servers were compliant with all applicable security mandates at the time of the breach or not, Ceridian could have ensured that the employee data would not be compromised or exposed by implementing an encryption solution that protects all stored data at rest. An attacker may circumvent controls and breach the server, but a server breach does not have to be a data breach if the right protection is in place for the data.

Tags: , , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

Providing Data Protection Solutions for your Customers

January 30th, 2010

What do e-mail lists, business information, customer contact lists, employee records and financial information all suddenly have in common?

Answer: They are the Top 5 things stolen by employees after leaving a job, according to a recent survey conducted by the Ponemon Institute, a Tucson, Ariz.-based research group whose survey was reported on by The Washington Post.

This is an excerpt from the intro to Security from the Inside: Your Opportunity in the Information Protection and Control Market (IPC).The paper cites other alarming statistics like:

“Nearly 60 percent of employees who quit a job or were asked to leave over the last year stole some form of company data”

More important than the statistics on data breaches and information theft is the opportunity that the statistics create for service providers and independent consultants to deliver solutions to their customers. The Zecurion partner program is an ideal alliance that allows you to leverage the products and services of Zecurion to provide superior data protection solutions.

ZAPP!

Zecurion Advantage Partner Program

  • Dedicated Relationship Managers
  • Training and Sales Support
  • Review of Upcoming Products
  • World-Class Technical Support
  • Joint Marketing Campaigns
  • Events and Joint News Releases
  • Upsell Opportunities

Stop by Booth #2651 at the RSA Security Conference, in San Francisco March 1 – 5, to learn more about Zecurion products and the Zecurion Advantage Partner Program.

Tags: , ,
Posted in Data Storage Security, Events | 1 Comment »

State Laws Encourage Backup Encryption

January 24th, 2010

I heard a rumor recently that Iron Mountain, a leading provider of offsite storage for backup data, was implementing a new policy that all customer data must be encrypted.

It makes sense. Unencrypted backup media seems to be an increasingly common source of data breaches. Chase Bank lost data on an unencrypted backup tape. Information Vaulting Services lost a backup tape from the state of Arkansas containing unencrypted personal information on over 800,000 individuals. A third-party storage vendor lost an unencrypted backup tape from Bank of New York Mellon with sensitive information from 4.5 million customers. The list goes on, and on, and on…..and on.

While the organization entrusted with the data–Chase Bank, the state of Arkansas, or Bank of New York Mellon in the cases cited above–ultimately must pay the price for the data breach, both in terms of the broken trust with customers and damaged reputation, as well as any fines, penalties, and the cost of notifying and protecting customers, the fact is that these losses also reflect poorly on the third-party organizations responsible for securely storing the backup media.

Organizations like Iron Mountain that provide offsite storage have no way of knowing what data is contained on the media it stores for its customers, nor whether or not that data is encrypted or protected in any way. A tape is a tape is a tape and they are all handled and treated the same. Granted, a company that exists to provide secure offsite storage for backup data should not lose its customer’s backup media, but it shouldn’t bear any additional responsibility for personal or sensitive information being compromised as a result.

It turns out that the rumor I heard was incorrect. I spoke with Iron Mountain and I was told that it does not require customers to encrypt backup data–although it does believe its a good idea and highly recommends that customers consider doing so.

Apparently, the rumor stems, at least in part, from laws enacted in Nevada and Massachusetts. Those state laws require that personal information that could lead to identity theft be protected–even on backup media. Iron Mountain may not require it, but Nevada and Massachusetts do require that organizations in those states, or that conduct business in those states and/or result in personal information from citizens of those states being retained, encrypt information on backup media.

Suffice it to say, its just a good idea. Data at rest should be encrypted whether it is stored on servers on your internal network, or backup media stored offsite with a third-party.

Tags: , , , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

A Safe Isn’t Safe When it Comes to Protecting Data

January 19th, 2010

It sounds like a good idea to provide some extra security for your backup data by storing the media in a locked safe. It is certainly better than storing the media in an unlocked drawer or on a shelf somewhere. But, if a thief simply takes the whole safe, as happened to Goodwill of Greater Grand Rapids in Michigan, the data is not really protected any more.

While it seems fair to assume that the thief expected to find money inside, the safe actually contained names, addresses, dates of birth, and Social Security numbers from thousands of Goodwill workers. Since the thief took the whole safe, it also seems fair to assume he or she had a plan for how to open it and extract its contents.

After that, it gets a little more difficult to speculate. According to Jill Wallace, VP of Community Relations for Goodwill, the official stance seems to be based on an assumption that the thief is simply too dumb to know what a backup tape is or how to find out what is stored on it. “Basically it would be impossible for an individual to even know what to do with that data or even how to open it up.”

I’ve worked with backup tapes. While they may not be your standard audio cassette tape, it is obvious that it is a tape. Contrary to Wallace’s sentiment that the data must be safe because the thief would be too clueless to use it, I think its reasonable to believe that the thief *would* know that its a data tape, and–especially after the disappointment of realizing there is no money in the safe–the thief would do everything possible to determine what *is* on the tapes and try to make lemonade from lemons by capitalizing on the data they contain.

According to the article from the Grand Rapids News Channel 3 Web site, “Goodwill of Greater Grand Rapids thought that personal data would be more secure if those tapes were not in a corporate office, but inside one of its stores. The organization has decided not to do that anymore.”

I think Goodwill missed the point and learned the wrong lesson. The location of the safe is not the problem–thieves are just as likely to break into the Goodwill corporate office and take the safe. The issue is that the data stored on the backup tapes–or any other media you might store your backup data on–should be encrypted so that the data is protected even if the storage container is breached.

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 2 Comments »

« Older Entries