Blog

Archive for the ‘Data Storage Security’ Category

« Older Entries
Newer Entries »

The Real “Bad Guy” Is a Simple Lack of Common Sense

Friday, December 2nd, 2011

It is convenient to think of network security and data protection in terms of “us and them”. There are good guys, and there bad guys. There are authorized users inside the network just trying to get their jobs done, and there are insidious, malicious hackers diligently trying to compromise the network and steal sensitive information. The reality is quite different.

There are, of course, attackers out there with low moral character, a lack of ethics, and too much time on their hands who will not hesitate to exploit holes and expose data if possible. However, if you review the data breaches large and small that occur on a daily basis, the vast majority have nothing to do with any attack at all. Sensitive, personal information is compromised and exposed because the authorized users entrusted with that information are often clueless–or at least careless–in how they handle it. There are school principals accidentally uploading sensitive information, employees tossing files with personal information into public trash bins, and many employees with unencrypted data on laptops, tablets, and smartphones that are easily lost or stolen. The hackers often don’t have to work very hard.

Organizations should do more to educate users and increase awareness about sensitive data, data protection policies, and proper data handling procedures. Beyond that, though, organizations should have tools in place on the endpoint systems, monitoring the flow of network traffic, and protecting data at rest on servers to ensure that a lapse in judgment doesn’t lead to a data breach.

Tags: , , , , , ,
Posted in Data Storage Security | No Comments »

Protecting Data Is Not a Black and White Issue

Saturday, November 26th, 2011

Data protection is more nuanced than simply allowing or denying access. The ages-old concept of group and individual permissions for file and folder access are based on the fact that one person may have no business opening a given file, while the next person may need to read and review that same file as a function of their role. This same type of control is needed when it comes to allowing data to be printed, or stored on an external drive or USB flash drive.

Because protecting data is not a black and white issue, the solution needs to be more flexible than simply blocking or allowing access. Zecurion’s Zlock gives IT admins the ability to apply fine-tuned controls that prevent the unauthorized copying and storing of data without impeding legitimate, authorized use of removable media at the same time. Just as one person may have no business opening a file that another person needs to do their job, one person may have no legitimate business purpose for storing data on removable media, while the next person may need that capability to perform their job function. A solution that simply locks down USB ports is like killing a housefly with a hand grenade, and applies too broadly to provide functional data protection.

Zlock takes it a step farther, though. Jim may have a business need to store sensitive data on a removable drive, but you don’t need to grant blanket permission to Jim. You can still set up controls in Zlock that let Jim store data on a USB flash drive, but only if the data is encrypted. In fact, IT admins can configure Zlock to only allow Jim to store data on a specific brand of company-issued flash drives, or even a specific hardware ID of an individual USB flash drive issued to Jim. That way, data is protected, and the flow of sensitive data is controlled, but Jim is still able to do his job without having to jump through any additional hurdles.

Now, through the end of 2011, you can get Zecurion Zlock for 80% off.

Tags: , , , , ,
Posted in Data Storage Security | No Comments »

Trusting Employees Is Bad Security Policy

Thursday, November 10th, 2011

Companies like to be able to trust employees. This is particularly true in smaller companies, where the environment is more like a family and the founders/owners are often personal friends with the employees. In the end, though, business is business and it doesn’t mix well with personal trust–especially when it comes to protecting sensitive and confidential data.

Michael Pattison, the head of Allens Arthur Robinson’s technology law group is quoted saying, “Ultimately you trust people that you employ, so it’s depressing to find at times that the trust is breached.”

When employees leave a company–whether through firing or of their own accord–they often take proprietary and sensitive data with them out the door. Computershare is learning that lesson the hard way. An employee resigned and the company is accusing her of having stolen internal documents, emails, and possibly personal data and financial records of millions of shareholders that rely on Computershare’s global share registry.

A certain measure of trust is expected between employees and employers. If either party can’t trust the other to some extent, it creates a paranoid, hostile work environment. But, trust is a poor policy for data protection, and companies need to have tools in place to secure sensitive data even from the employees it is entrusted to.

Tags: , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

There Comes a Point Where It’s Willful Neglect

Monday, September 26th, 2011

Benefits Administration Services (BAS) revealed that a CD containing sensitive information on about 4,000 U.S. Steel Mining retirees and their dependents is lost in the mail somewhere. The CD is supposedly password protected, but the data it contains is not encrypted.  

I think we’ve all been pretty tolerant of data breaches up to now. Perhaps too tolerant.

We always give the benefit of the doubt to companies and their employees: “They didn’t mean to expose my Social Security number”, or “I’m sure it was an accident that the medical center posted my health record on the Web”, or “Well, it’s not my bank’s fault that the postal system lost the disc with my data on it.”

But, those excuses won’t fly any more. Companies and employees do know better. It is a simple matter of having solid data handling and data protection policies, and the tools in place to enforce them. That worker probably didn’t intend to expose your Social Security number, but a data loss prevention (DLP) tool could have prevented the inadvertent exposure. It probably was an accident that your medical records were posted online, but a DLP gateway would prevent that information from leaving the network. Your bank can’t guarantee that the post office won’t lose a disc in transit, but they can have tools in place to automatically encrypt data so that it is protected from unauthorized access.

In the past, we could forgive these things. But, data breaches are in the news almost daily. There are multiple industry, state, and federal mandates in place governing the effective protection of personal and sensitive data. No company or employee can claim ignorance at this point.

No. Now it’s a matter of willful neglect. Employees know what they’re supposed to do, but they’d rather take shortcuts and ignore data protection policies. Companies know what they’re supposed to do, but they’d rather save a buck and gamble with your personal data instead. 

DLP tools are not expensive–especially in relation to a data breach. There is no excuse.

Tags: , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

Where Did Your Data Go?

Wednesday, September 21st, 2011

If you have solid data loss prevention (DLP) tools like Zlock in place, you can exercise some control over how sensitive data is handled, and what devices it is allowed to be moved to or stored on. Zlock helps you enforce data handling and data protection policies, and prevent data leaks and exposure.

However, you will still have authorized users who have access to confidential company data, and sensitive employee or customer information. The point of a tool like Zlock is to enforce data policies and prevent data leaks without impeding the day to day productivity of those with a legitimate need to work with that data. So, what happens when an authorized employee decides to willfully violate policy, or if the USB thumb drive of an authorized user is lost or stolen?

Thankfully, Zlock’s Shadow Copy enables you to monitor and inspect files accessed and moved/copied from the network. Shadow Copy provides a silent or shadow copy of all data along with other auditable information. This reinforces personal accountability and prevents unnoticed data leaks.

Zlock copies all documents written to an external device to a secure log on the local machine and transfers the log data to network when the local machine is connected to the network. Zlock’s Shadow Copy can track specific information about the file and its contents–date and time of the event, user’s credentials, type of device used and other useful data–providing you all the necessary facts to investigate any security incident or breach. The information can be tracked and grouped by specific users, user groups, types of media and other criteria, enabling you to compile the precise data needed to meet audit requirements or conduct forensic investigations after a data loss incident.

In addition to preventing unauthorized movement and copying of electronic files, Zlock Shadow Copy also provides the same audit trail capabilities for printed materials, giving the organization ultimate control over all network endpoints, both inside and outside the network perimeter.

When you use tools like Zlock and Zgate, you can prevent virtually all data leaks. For those instances where an authorized user becomes the attacker, or when an authorized user has data lost or stolen, the Shadow Copy feature is a life saver.

Posted in Data Storage Security | No Comments »

Data Breaches Cost More than Data Protection

Friday, September 16th, 2011

Tony Bradley, Chief Marketing Officer for Zecurion, recently joined host Tom D’Auria on the IMI-TechTalk radio show to talk about data protection. The daily headlines of data being stolen, compromised, and exposed suggests that many organizations either don’t understand the risks, or fail to implement adequate protection. Often, those decisions are driven by dollars–organizations simply feel they can’t afford data loss prevention (DLP) or data encryption technologies that could prevent data breaches.

Unfortunately, many of those businsses end up learning the hard way that this approach is penny wise but pound foolish. Saving a few dollars in the short term can have significant repurcussions when it costs the company exponentially more to recover from a data breach incident. You can listen to the entire IMI-TechTalk show by playing the recorded version from the IMI-TechTalk blog site.

Tags: , , , ,
Posted in Data Storage Security | 1 Comment »

Need DLP? How Does 80% Off Sound?

Thursday, September 15th, 2011

If you know anything about Zecurion, you know we are passionate about helping our customers protect their information and prevent data leaks. We work hard to help businesses understand that a data breach is much more costly than investing in data leak prevention and data protection tools.

At the same time, we appreciate that these are tough economic times and that many businesses simply don’t have the budget available to protect their data. We understand that the global economy is in a slump and that many IT departments are faced with dwindling budgets and forced to cut corners. We also recognize that protecting data and preventing information leaks are a top priority, and should not be overlooked to save a dollar.

Taking proactive steps to safeguard data and prevent leaks or exposure is significantly cheaper than facing the fallout when a data breach occurs. A data breach incident does irreparable harm to the reputation of the company, and may have legal and regulatory consequences as well.

To help our customers out, we are offering the Zecurion Economic Stimulus Plan for Data Protection for a limited time. Now through the end of 2011, customers who purchase a one-year support plan for a product will receive the product license free—an 80 percent savings.

With this Zecurion offer, organizations can do the right thing, and save 80% in the process. Companies can take advantage of this offer for any of Zecurion’s data protection solutions:

Zlock – an endpoint security DLP solution that provides IT admins the ability to secure, monitor, and control computer ports and external devices to enforce data security policies and prevent exposure of sensitive data.

Zgate – a network perimeter DLP solution that monitors all outbound traffic to ensure that confidential or sensitive data don’t get leaked across your network.

Zserver – secures and protects confidential information at the processing and storage level on corporate servers.

Contact Zecurion today to take advantage of this limited-time offer.

Tags: , , , , ,
Posted in Data Storage Security | 1 Comment »

Zecurion Wins 2011 Golden Bridge Awards in Two Categories

Tuesday, August 16th, 2011

NEW YORK, NY–(Marketwire – Aug 16, 2011) – Zecurion has earned the prestigious Golden Bridge Awards titles for its Zlock and Zgate DLP (data loss prevention) products. The coveted annual Golden Bridge Awards program encompasses the world’s best in organizational performance, products and services, executives and management teams, women in business and the professions, innovations, case studies, product management, public relations and marketing campaigns and customer satisfaction programs from every major industry in the world.

Zgate 3.0 was recognized as the most innovative product in the Information Leak Prevention category, and Zlock 3.0 was awarded most innovative product in the Data Protection category. Zgate and Zlock are a formidable combination designed to keep sensitive information from being leaked, exposed, or compromised.

More than 40 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2011 Golden Bridge Business Awards winners. The winners were announced during the awards dinner and presentation on August 10, 2011 in New York attended by the finalists, industry leaders, and judges.

“It’s an honor to be named a winner by Golden Bridge Awards for this esteemed industry and peer business award,” said Alexey Raevsky, founder and CEO of Zecurion. “These awards are a testament to Zecurion’s innovative approach and commitment to helping customers protect data and prevent information leaks without impeding productivity.”

For more information, click here to see the full press release.

Tags: , , , ,
Posted in Data Storage Security, Events | No Comments »

12 Reasons You Should Be Using Zserver Suite

Monday, August 1st, 2011

Even the best network security is not impenetrable, and despite your best efforts attackers may one day infiltrate your organization. However, just because attackers make it past the perimeter defenses shouldn’t mean they have free access to sensitive information. That data should be properly protected even on the internal network.

Zserver Storage not only prevents leakage of confidential corporate data, but actually hides the data’s existence from unauthorized access and personnel. The information is available only when a network administrator grants a user or application proper access rights to the protected data. Zserver Storage functions transparently for both network administrators and end users with the encryption of data performed in real-time as a background process.

To learn more about Zserver Suite, and why you should be using it to protect your sensitive data, read 12 Reasons Why Zserver Suite Is the Ultimate Data Protection.

Tags: , , ,
Posted in Data Storage Security | No Comments »

True Statement–In Spite of the Source

Sunday, July 31st, 2011

Great advice is great advice no matter where it comes from, right?

A splinter or subgroup of the hacking collective known as Anonymous has hacked personal data of 214,000 Austrian television viewers and radio listeners. The group issued a statement explaining that it did not hack the data with the intent of doing harm to the individuals. It just wanted to demonstrate that the broadcaster had lax security and was not adequately protecting the data.

‘Such sensitive data must not be stored over many years and must not be so easily available to everyone,’ the group said.

They have a point.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

« Older Entries
Newer Entries »