Blog

Archive for March, 2010

Zecurion Announces Zserver Suite 6.0

Wednesday, March 31st, 2010

Zecurion this week launched Zserver Suite 6.0–the latest version of its leading data encryption software. The new Zserver Suite has a number of updates, including new reporting capabilities, but the two biggest changes introduced in the new Zserver are EKMS and cloud data encryption.

EKMS–or Enterprise Key Management Server–automates and simplifies the arduous task of key management for encrypted data. Alexey Raevsky, CEO of Zecurion and developer of Zecurion’s patented AME (adaptive multithreaded encryption) technology, describes EKMS like this. “Keys stored by EKMS can be automatically uploaded to Zserver-protected servers, and when required, a Zserver-managed server can be configured to automatically open encrypted disks after the requested keys are obtained from EKMS.”

The second major change relates to encrypting data in the cloud. Many organizations are exploring how to take advantage of the operational and financial benefits of storing data in the cloud, however that data still needs to be protected. Using Zserver Suite 6.0, Zecurion customers can automatically encrypt entire dedicated servers in the cloud, or encrypt data on a file-by-file basis prior to transferring it to the cloud.

Check out the press release for more details about Zserver Suite 6.0, and feel free to contact Zecurion if you have any questions or need any more information.

Tags: , , , , , ,
Posted in Data Storage Security | No Comments »

Stop Trying to Stay a Step Ahead of the Bad Guys

Tuesday, March 23rd, 2010

Face it–its a long race, with no end in sight, that you have little hope of winning.

Let’s back up a step (pun intended) for some context. The Sunridge Medical Clinic at the University of Calgary was recently victimized by malware which compromised a server–potentially exposing sensitive personal information on 4,700 patients.

Wayne Wood, a spokesman for the Office of the Information and Privacy Commissioner of Alberta, told the Calgary Sun “Every once in awhile someone figures out how to get past the firewall,” adding “It seems the bad guys are always two steps ahead in terms of technology.”

Now, in this case it doesn’t necessarily seem like the bad guys were two steps ahead. The compromised server was infected by two different viruses and staff discovered that the antimalware protection on the system was not up to date. So, really the problem is that the security on the server was two steps behind–not that the attackers were two steps ahead.

That said, why bother engaging in a foot race with the bad guys? There are certainly reasons that you will still want to have standard security measures in place: antimalware, firewall, etc. But, encrypting the data stored on the server will ensure that it can not be accessed or breached even if the server it resides on is compromised. With the proper tools in place, a server breach does not have to be a data breach and you can stop losing sleep over whether you are a step ahead–or two steps behind–the bad guys.

Posted in Security Breaches & Data Loss Incidents | No Comments »

Protecting Sensitive Information from Inside Threats

Tuesday, March 16th, 2010

I had the privilege of joining host Tom D’Auria for the weekly IMI-TechTalk radio show once again this week. The show airs weekly on KFNX AM 1100 out of Phoenix, AZ at 3pm local time. Because Arizona doesn’t play Daylight Savings with the rest of the country, though, that means that half the year its on Mountain time and the other half its on Pacific time–so for now the show airs at 6pm Eastern / 5pm Central. If you are not in the Phoenix listening area, you can also listen to the show streamed live via the Web.

The topic of discussion this week was Protecting Sensitive Information from Inside Threats. Tom and I talked about the prevailing perception that information security is an ‘us vs. them’ or ‘inside vs. outside’ battle, while the reality is that internal employees pose a much larger threat than malware or malicious attacks from outside. The default security model relies on simple file and folder permissions to determine access rights for sensitive information, but offer no safeguards or protections regarding what the authorized user does with the data once its accessed.

Click here to listen to the recorded MP3 of the show: Protecting Sensitive Information from Inside Threats.

Tags: , , , ,
Posted in Data Storage Security, Events | 1 Comment »

Zecurion Nominated as ‘Breakthrough Technology Vendor’

Sunday, March 14th, 2010

Following directly on the heels of the 2010 RSA Security Conference in San Francisco, Zecurion made the trip to Los Angeles to attend the XChange Solution Provider event hosted by EverythingChannel. The audience at XChange Solution Provider is unique–giving Zecurion an opportunity to meet with solution providers and potential channel partners interested in working with and representing Zecurion as a partner.

The event was a tremendous success, capped off by a unique honor. The attendees of the XChange Solution Provider event are asked to nominate vendors for various categories of awards. In a field dominated by established and respected names like Microsoft, HP, Xerox, Lenovo, and Dell, the attendees chose Zecurion as one of the nominees for the Breakthrough Technology Vendor award.

The criteria for selection in this category include:

  • New or enhanced product (introduced to the channel in the past 6 months)
  • Product creates new revenue streams/business opportunities for me
  • Product I would want to represent
  • Product contributes to solving real business technology needs
  • Strong market opportunity for this product

While Zecurion did not ultimately win the award, the recognition of being nominated shows that attendees were impressed with what they saw from Zecurion, and validates that Zecurion has a lot to offer potential partners looking for products with strong market potential, and an immediate revenue opportunity.

Tags: , , , ,
Posted in Events | 1 Comment »

A Look Back at the 2010 RSA Security Conference

Thursday, March 11th, 2010

The 2010 RSA Security Conference was a great opportunity for us to meet potential new customers and partners and share Zecurion products and Zecurion’s vision for protecting data with information security professionals from around the world.

At times it was a little frustrating to be solicited by so many other vendors–selling employee recruiting services, public relations services, or working to get us to commit to attend other events and trade shows. Vendors of other events and trade shows in particular should be sensitive to the fact that we paid a fair amount of money to represent Zecurion with a booth at the RSA Security Conference, and that we did that so we could market Zecurion to decision makers, potential customers, and information security professionals in general–not to make it easier for solicitors to find us and steal our time.

Thankfully, those encounters were not the majority. We enjoyed meeting with and interacting with all of you who stopped by our booth. We appreciated the opportunity to share what Zecurion does, and we look forward to working with many of the people we met in San Francisco.

Throughout the week, I wandered the exhibition floor checking out the hundreds of booths. It occurred to me that there are really only a handful of security problems for organizations to deal with–maybe ten. Yet, there were probably a thousand companies represented at the RSA Security Conference, all pitching their own unique approach or potential solution to one of those ten issues. Some of the products and services are innovative and have tremendous potential, while many of them will fail to truly meet the needs they’re intended for, or  live up to the hype in the marketing brochures.

We appreciate that you, too, may have had a similar thought as you perused the rows and rows of exhibitor booths. We appreciate that the RSA Security Conference is a vast treasure of information about products and services, but that it can also be overwhelming and that it may be hard for you to separate the hype from the real solutions and make intelligent choices for securing and protecting data.

We hope you had a chance to stop by the Zecurion booth and give us a chance to answer your questions about protecting your data and securing your organization against insider threats. If you did not stop by to see us, or if you were not even at the RSA Security Conference, or even if you did stop and visit us but you still have questions, please feel free to contact us for more information. We are passionate about helping our customers solve data security challenges and we look forward to working with you.

Tags: , , ,
Posted in Events | 1 Comment »

Arkansas National Guard Loses Unencrypted Drive

Wednesday, March 10th, 2010

The Arkansas National Guard lost an external hard drive containing unencrypted data. The data on the drive included the Arkansas National Guard personnel file dating back to 1991–complete with names, social security numbers and other personal information which could put the affected Soldiers at risk for identity theft.

Thus far, there is no evidence to suggest foul play. The Guard remains hopeful that the drive is simply misplaced. However, the Guard is making every effort to identify those affected and alert them of the potential data risk.

That is good news–assuming that the Guard is correct and the data isn’t in the hands of anyone with malicious intent. But, what if they’re wrong? Or, what if they’re right that the drive was innocently misplaced, but someone with less-than-honorable intentions locates it before they do?

The fact is that the Arkansas National Guard–and any other organization storing sensitive or confidential information–could have avoided any potential breach of the data by encrypting it. A lost drive doesn’t have to put data at risk if the data it contains is properly protected.

Zecurion Zserver Suite protects data at rest. Zserver Storage’s hard disk encryption functions transparently, ensuring the safety and security of data even if the storage media device is removed–as is often the case for external hard drives. None of the data, including the file allocation tables or any Zserver Storage supporting files, are accessible without authorized encryption keys.

Zserver Storage encrypts most types of data storage hardware and devices including IDE and SCSI hard drives, RAID mirrored drives, CD/DVD optical disks and magnetic tapes, making Zserver Storage a viable, cost-effective alternative to other encrypted storage hardware solutions such as network storage appliances.

The bottom line is that it is unreasonable to expect users not to store sensitive or confidential data on drives–whether internal or external. It should be assumed that drives will contain such information, and organizations should proactively encrypt the data using a product like Zserver Suite to ensure it is protected from unauthorized access no matter where the drive ends up.

Tags: , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

2010 RSA Security Conference

Monday, March 1st, 2010

The RSA Security Conference is considered by many to be the one, premier, must-attend information security event of the year. Over the next few days hundreds of security vendors and thousands of information security professionals will descend on San Francisco’s Moscone Convention Center for a total immersion in all things information security.

Many security vendors choose to take advantage of the RSA Security Conference as a platform for major new announcements and product launches. There are hours upon hours of seminars, keynote speeches, training sessions, and other opportunities to gather information. There are also virtually endless opportunities for information security professionals to share ideas and opinions with one another and network with other information security professionals from around the world.

Zecurion is one of the vendors supporting the 2010 RSA Security Conference. Stop by Booth #2651 in the vendor exhibition hall Tuesday, March 2 through Thursday, March 4 to meet the Zecurion team, and learn more about how Zecurion can help protect your data and guard against insider threats.

We look forward to seeing you there.

Tags: , , , ,
Posted in Events | No Comments »

Protecting Data in the Cloud

Monday, March 1st, 2010

Everything seems to be about the “cloud” these days. The term “cloud” is really nothing more than a word for describing the Internet. Rather than building a data center and hosting servers internally, server capacity and data storage space can be bought or leased from third-party data centers on the Internet–or “in the cloud”.

Cloud computing provides an array of benefits for companies of all sizes, but it also introduces some new and unique challenges when it comes to data protection. Trusting your data to be stored in the cloud requires extra diligence to ensure it is protected and that any applicable compliance requirements are met.

Protecting Data in the Cloud discusses the benefits of data storage in the cloud, as well as some of the caveats and concerns to be aware of. It also talks about the need to protect your data in the cloud and some solutions to help you.

Tags: , , , ,
Posted in Data Storage Security | 1 Comment »