Blog

Archive for the ‘Data Storage Security’ Category

« Older Entries

Zserver Protects Data in the Cloud

Friday, June 18th, 2010

A ComputerWorld article title Cloud Security in the Real World: 4 Examples cites Zecurion’s Zserver as a cloud-based storage encryption solution. 

Examining the issue of data encryption in the cloud, the article states “Several providers of cloud-based backup storage install appliances at the customer site to accommodate encryption, but Flushing was not interested in that setup.”

It also explains “At Flushing Bank in New York, CIO Allen Brewer turned to the cloud for data backup after getting fed up with on-site tape backup. Using Zserver from Zecurion, Flushing is now sending files over the Internet to be stored for backup.”

 Read the white paper Protecting Data in the Cloud to learn more about encrypting and protecting data in the cloud with Zecurion’s Zserver.

Tags: , , , , ,
Posted in Data Storage Security | 1 Comment »

$6.5 Million is a Lot to Gamble

Wednesday, May 12th, 2010

Section 13402(e)(4) of the HITECH Act, requires that the Secretary of Health and Human Services post a list of breaches of unsecured protected health information affecting 500 or more individuals.  

Since HHS began tracking and posting these breaches in late September of 2009, there have been 77 such incidents, impacting a total of 2.4 million individuals. That is an average of more than 30,000 breached records containing personal information for each incident. A 2009 study by the Ponemon Institute found that the average cost of a data breach in the United States is $208 per compromised record, making the average cost of these 77 data breaches over $6.5 million.

Some of the data breaches were the result of physical data–forms and paperwork–being thrown into a dumpster. But, nearly 75 percent of the incidents involved unencrypted data stored on servers, backup tapes, or portable storage media.

Applying the averages–here is the bottom line: 56 out of 77 incidents could have been prevented if those organizations used Zecurion Zserver Suite to encrypt and protect data. That means that nearly 1.8 million of the 2.4 million affected individuals would not have had their personal data compromised, and that thesr organizations could have avoided a combined $364 million in costs to clean up after the breach.

The investment in proactively protecting data is significantly less than the cost of reacting to a data breach incident, and it doesn’t have the long-term negative impact to the organization’s credibility and reputation.

Tags: , , ,
Posted in Data Storage Security | 2 Comments »

Zlock Rewrites the Rules

Monday, May 10th, 2010

ChannelWeb’s Edward Moltzen took a detailed look at Zecurion’s Zlock and praised the product in his article titled Zecurion’s Zlock Rewrites the Rules.

Moltzen begins by explaining the issue faced by organizations “Even well-meaning and well-trained employees can put data at risk on a network, and even heightened network firewalls can’t keep all data from walking out the door. Having data on a network means it could become available for download onto DVDs, floppy drives or thumb drives. Sensitive data could even be errantly left on a printer’s hard drive or cache–allowing anyone with the know-how to steal it.”

The conclusion Moltzen arrives at after seeing Zlock in action: “That’s why we think the approach taken by emerging security vendor Zecurion makes so much sense. Zecurion’s Zlock application provides a straightforward approach to securing and managing a network’s potential open doors and breaches, and it’s an approach that it makes too much sense to ignore.”

Moltzen adds “We think Zecurion could be on the way to becoming one of the stronger players in the data security space, and the company is a strong alternative for VARs to consider when looking at solutions for small or midsize businesses or workgroups.”

Read the complete article for more from ChannelWeb. To learn more about Zlock, click here.

Tags: , , ,
Posted in Data Storage Security | 1 Comment »

Closing the Barn Door After the Horses Escape

Tuesday, April 6th, 2010

There is an old saying about closing the barn door after the horses have escaped. Obviously, that is too late.

John Muir Health is “closing the barn door after the horses escape” by implementing disk encryption software on its laptops AFTER two laptops with unencrypted data were stolen–leading to the compromise of nearly 5,500 patients’ sensitive and confidential data.

John Muir Health waited two months–the maximum amount of time allowed under the HITECH amendment to the HIPAA compliance mandate that governs data security in the health industry. Hala Helm, Muir’s vice president and chief compliance and privacy officer, is quoted explaining the delay with the justification “We wanted to make sure we had accurate information and could address questions from our patients.”

The move to encrypt the data on John Muir Health laptops is a good one–but in hindsight it is obviously a security control that should have been in place already. Had the data on the stolen laptops been encrypted, no patient data would be exposed or compromised as a result of the theft of the laptops. John Muir Health could have simply written off a few thousand dollars for the lost hardware, replaced the laptops, and carried on with business as usual.

If your organization has laptops, and those laptops have private, sensitive, or confidential data on them–ever, perhaps you should consider shutting the barn door now–while the horses are still safely inside?

Tags: , , , , , , ,
Posted in Data Storage Security | 1 Comment »

Zecurion Announces Zserver Suite 6.0

Wednesday, March 31st, 2010

Zecurion this week launched Zserver Suite 6.0–the latest version of its leading data encryption software. The new Zserver Suite has a number of updates, including new reporting capabilities, but the two biggest changes introduced in the new Zserver are EKMS and cloud data encryption.

EKMS–or Enterprise Key Management Server–automates and simplifies the arduous task of key management for encrypted data. Alexey Raevsky, CEO of Zecurion and developer of Zecurion’s patented AME (adaptive multithreaded encryption) technology, describes EKMS like this. “Keys stored by EKMS can be automatically uploaded to Zserver-protected servers, and when required, a Zserver-managed server can be configured to automatically open encrypted disks after the requested keys are obtained from EKMS.”

The second major change relates to encrypting data in the cloud. Many organizations are exploring how to take advantage of the operational and financial benefits of storing data in the cloud, however that data still needs to be protected. Using Zserver Suite 6.0, Zecurion customers can automatically encrypt entire dedicated servers in the cloud, or encrypt data on a file-by-file basis prior to transferring it to the cloud.

Check out the press release for more details about Zserver Suite 6.0, and feel free to contact Zecurion if you have any questions or need any more information.

Tags: , , , , , ,
Posted in Data Storage Security | No Comments »

Protecting Sensitive Information from Inside Threats

Tuesday, March 16th, 2010

I had the privilege of joining host Tom D’Auria for the weekly IMI-TechTalk radio show once again this week. The show airs weekly on KFNX AM 1100 out of Phoenix, AZ at 3pm local time. Because Arizona doesn’t play Daylight Savings with the rest of the country, though, that means that half the year its on Mountain time and the other half its on Pacific time–so for now the show airs at 6pm Eastern / 5pm Central. If you are not in the Phoenix listening area, you can also listen to the show streamed live via the Web.

The topic of discussion this week was Protecting Sensitive Information from Inside Threats. Tom and I talked about the prevailing perception that information security is an ‘us vs. them’ or ‘inside vs. outside’ battle, while the reality is that internal employees pose a much larger threat than malware or malicious attacks from outside. The default security model relies on simple file and folder permissions to determine access rights for sensitive information, but offer no safeguards or protections regarding what the authorized user does with the data once its accessed.

Click here to listen to the recorded MP3 of the show: Protecting Sensitive Information from Inside Threats.

Tags: , , , ,
Posted in Data Storage Security, Events | 1 Comment »

Arkansas National Guard Loses Unencrypted Drive

Wednesday, March 10th, 2010

The Arkansas National Guard lost an external hard drive containing unencrypted data. The data on the drive included the Arkansas National Guard personnel file dating back to 1991–complete with names, social security numbers and other personal information which could put the affected Soldiers at risk for identity theft.

Thus far, there is no evidence to suggest foul play. The Guard remains hopeful that the drive is simply misplaced. However, the Guard is making every effort to identify those affected and alert them of the potential data risk.

That is good news–assuming that the Guard is correct and the data isn’t in the hands of anyone with malicious intent. But, what if they’re wrong? Or, what if they’re right that the drive was innocently misplaced, but someone with less-than-honorable intentions locates it before they do?

The fact is that the Arkansas National Guard–and any other organization storing sensitive or confidential information–could have avoided any potential breach of the data by encrypting it. A lost drive doesn’t have to put data at risk if the data it contains is properly protected.

Zecurion Zserver Suite protects data at rest. Zserver Storage’s hard disk encryption functions transparently, ensuring the safety and security of data even if the storage media device is removed–as is often the case for external hard drives. None of the data, including the file allocation tables or any Zserver Storage supporting files, are accessible without authorized encryption keys.

Zserver Storage encrypts most types of data storage hardware and devices including IDE and SCSI hard drives, RAID mirrored drives, CD/DVD optical disks and magnetic tapes, making Zserver Storage a viable, cost-effective alternative to other encrypted storage hardware solutions such as network storage appliances.

The bottom line is that it is unreasonable to expect users not to store sensitive or confidential data on drives–whether internal or external. It should be assumed that drives will contain such information, and organizations should proactively encrypt the data using a product like Zserver Suite to ensure it is protected from unauthorized access no matter where the drive ends up.

Tags: , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

Protecting Data in the Cloud

Monday, March 1st, 2010

Everything seems to be about the “cloud” these days. The term “cloud” is really nothing more than a word for describing the Internet. Rather than building a data center and hosting servers internally, server capacity and data storage space can be bought or leased from third-party data centers on the Internet–or “in the cloud”.

Cloud computing provides an array of benefits for companies of all sizes, but it also introduces some new and unique challenges when it comes to data protection. Trusting your data to be stored in the cloud requires extra diligence to ensure it is protected and that any applicable compliance requirements are met.

Protecting Data in the Cloud discusses the benefits of data storage in the cloud, as well as some of the caveats and concerns to be aware of. It also talks about the need to protect your data in the cloud and some solutions to help you.

Tags: , , , ,
Posted in Data Storage Security | 1 Comment »

Providing Data Protection Solutions for your Customers

Saturday, January 30th, 2010

What do e-mail lists, business information, customer contact lists, employee records and financial information all suddenly have in common?

Answer: They are the Top 5 things stolen by employees after leaving a job, according to a recent survey conducted by the Ponemon Institute, a Tucson, Ariz.-based research group whose survey was reported on by The Washington Post.

This is an excerpt from the intro to Security from the Inside: Your Opportunity in the Information Protection and Control Market (IPC).The paper cites other alarming statistics like:

“Nearly 60 percent of employees who quit a job or were asked to leave over the last year stole some form of company data”

More important than the statistics on data breaches and information theft is the opportunity that the statistics create for service providers and independent consultants to deliver solutions to their customers. The Zecurion partner program is an ideal alliance that allows you to leverage the products and services of Zecurion to provide superior data protection solutions.

ZAPP!

Zecurion Advantage Partner Program

  • Dedicated Relationship Managers
  • Training and Sales Support
  • Review of Upcoming Products
  • World-Class Technical Support
  • Joint Marketing Campaigns
  • Events and Joint News Releases
  • Upsell Opportunities

Stop by Booth #2651 at the RSA Security Conference, in San Francisco March 1 – 5, to learn more about Zecurion products and the Zecurion Advantage Partner Program.

Tags: , ,
Posted in Data Storage Security, Events | 1 Comment »

State Laws Encourage Backup Encryption

Sunday, January 24th, 2010

I heard a rumor recently that Iron Mountain, a leading provider of offsite storage for backup data, was implementing a new policy that all customer data must be encrypted.

It makes sense. Unencrypted backup media seems to be an increasingly common source of data breaches. Chase Bank lost data on an unencrypted backup tape. Information Vaulting Services lost a backup tape from the state of Arkansas containing unencrypted personal information on over 800,000 individuals. A third-party storage vendor lost an unencrypted backup tape from Bank of New York Mellon with sensitive information from 4.5 million customers. The list goes on, and on, and on…..and on.

While the organization entrusted with the data–Chase Bank, the state of Arkansas, or Bank of New York Mellon in the cases cited above–ultimately must pay the price for the data breach, both in terms of the broken trust with customers and damaged reputation, as well as any fines, penalties, and the cost of notifying and protecting customers, the fact is that these losses also reflect poorly on the third-party organizations responsible for securely storing the backup media.

Organizations like Iron Mountain that provide offsite storage have no way of knowing what data is contained on the media it stores for its customers, nor whether or not that data is encrypted or protected in any way. A tape is a tape is a tape and they are all handled and treated the same. Granted, a company that exists to provide secure offsite storage for backup data should not lose its customer’s backup media, but it shouldn’t bear any additional responsibility for personal or sensitive information being compromised as a result.

It turns out that the rumor I heard was incorrect. I spoke with Iron Mountain and I was told that it does not require customers to encrypt backup data–although it does believe its a good idea and highly recommends that customers consider doing so.

Apparently, the rumor stems, at least in part, from laws enacted in Nevada and Massachusetts. Those state laws require that personal information that could lead to identity theft be protected–even on backup media. Iron Mountain may not require it, but Nevada and Massachusetts do require that organizations in those states, or that conduct business in those states and/or result in personal information from citizens of those states being retained, encrypt information on backup media.

Suffice it to say, its just a good idea. Data at rest should be encrypted whether it is stored on servers on your internal network, or backup media stored offsite with a third-party.

Tags: , , , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

« Older Entries