Blog

Posts Tagged ‘Zlock’

« Older Entries
Newer Entries »

Protect Data Without Impeding Productivity

Monday, March 28th, 2011

It is a balancing act.

IT admins are tasked with striking this delicate balance between locking down the network to prevent data leaks, and staying out of the way so business can get done and profit can be made. When those two goals clash, security is sacrificed in favor of productivity, and eventually bad things happen and the data is breached. The IT admin ends up being the bad guy (or the fall guy as the case may be) either way.

For many organizations, the issue of writing data to USB thumb drives or other removable media is treated as a black and white, all or nothing matter. Either USB ports and other means of writing data are completely shut down–making it more difficult for employees to be productive, or they are left wide open–leaving the organization open to the risk of both accidental and intentional data leaks.

The beauty of Zlock when it comes to enforcing data protection policies and preventing data exposure or compromise, is that it provides the flexibility organizations need to be able to effectively straddle that line. Zlock provides much more granular control so it isn’t a black and white issue. IT admins can restrict USB port access so data can only be written to an approved brand of USB thumb drive. Or, for tighter control to ensure that users don’t bring personal USB thumb drives in and copy sensitive data to them, access can be limited to a specific, company-issused USB thumb drive.

Don’t choose between security and productivity–either way, you eventually lose. Choose Zlock and get security and productivity at the same time.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

Gigabytes of Data Gone in a Flash

Thursday, March 3rd, 2011

Have you ever lost a USB thumb drive? I have so many, I am not even sure I would notice if one was missing. I am positive that some have been misplaced over time. Thankfully, none of my USB thumb drives have any private or sensitive information I care about on them. Lost thumb drive? No sweat. The next tech conference or event I go to, I am bound to get three or four new ones.

For many companies, unfortunately, thumb drives also get lost–but contain sensitive data that is not properly protected. For example, an employee of the Henry Ford Health System in Michigan recently lost a USB flash drive containing unencrypted information on nearly 3,000 patients.

Apparently, Henry Ford Health System has a policy in place mandating that such data be encrypted. The article states, “The device is not encrypted as required to protect individual patient information.” It also says, “hospital officials said it’s still unclear how the flash drive was lost.”

I think this brings up two valuable points. First–it is only marginally relevant how the flash drive was lost. Maybe it was stolen. Maybe it got left in a pair of pants and washed with the laundry. Maybe it fell out of the employee’s pocket. The bottom line is that determining how the USB flash drive was lost is unlikely to yield any useful results to prevent a similar occurrence in the future.

Second, it demonstrates that an unenforced policy is about as effective as not having a policy in the first place. Whether the employee intentionally ignored the policy, or made an honest mistake, the fact is the policy wasn’t followed and now personal information on almost 3,000 patients is assumed exposed or compromised as a result.

Establishing a policy is an important step, but it is just a first step, not the end of the journey. IT admins need to have tools in place that can monitor systems and ensure the policy is followed and enforced as well.

Tags: , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

Top Three Reasons You Should Be Using Zlock

Saturday, February 19th, 2011

Zecurion has a PDF doc on the Zlock Web page that lists 12 Reasons to use Zlock. But, twelve is a big number and may be overwhelming for some, so I am going to break it down–Executive Summary style–to the top three reasons.

  1. Productivity. Authorized users often have legitimate reasons for needing to store or transport data on USB thumb drives or other removable media. All or nothing solutions that simply block access to USB ports or restrict the use of removable media in any form may accomplish the goal of protecting data, but at the cost of efficiency and productivity. IT admins need a solution with the flexibility to allow the use of USB drives and removable media, while still providing control over the data stored on them.
  2. Control. As mentioned in point #1, a black and white approach that simply shuts off USB ports is counter-productive. Zlock gives IT admins the ability to limit the use of USB thumb drives to specific hardware vendors, or even to assign a specific USB thumb drive to a user and restrict access to that specific serial number. These controls, along with the ability to define online, offline, and roaming policies, and to limit the use of removable media to set times of day–like normal business hours–give IT admins complete control to allow the productive use of removable media while protecting data.
  3. Forensic Trail. Even if the use of removable media is limited to certain users, using specified hardware, during limited business hours–the fact remains that sensitive data may be stored on a USB thumb drive or other removable media, and that it might be lost or stolen. The Shadow Copy feature of Zlock takes a snapshot of the data that is transferred to removable media, so in the event of loss or theft the IT admin has a record of exactly what data is contained on the drive and subject to possible compromise or exposure.

Using removable media is almost a business necessity in most cases. Dealing with confidential and sensitive information is a simple fact of life for most businesses. Zlock enables IT admins to control access to removable media, enforce established security policies, and protect sensitive data while still allowing for the productivity benefits provided by removable media.

Tags: , ,
Posted in Data Storage Security | 1 Comment »

Portable Data is Often an Easy Target

Thursday, February 10th, 2011

There are certainly benefits and advantages to being able to carry massive amounts of files and data in your pocket. However, the small size and gargantuan storage capacities also make portable media very easy to lose or misplace, and a prime target for criminals.

Whether it is a USB thumb drive, an external hard drive, a smartphone, a tablet, or some other device, it is not uncommon for people to have 32GB, 64GB, or even a terabyte of data on them. The data could be a music library or albums of personal photos, or it could be an entire patient or student database–complete with Social Security numbers, driver’s license numbers, home addresses, and other valuable information.

According to the Privacy Rights Clearinghouse, a non-profit organization dedicated to protecting consumer privacy and raising awareness of privacy concerns, there were 142 reported data breach incidents in 2010 involving portable storage devices. Those incidents led to the compromise or exposure of nearly 7 million records. That amounts to 7 million possible cases of identity theft or credit fraud, or 7 million violations of security and privacy mandates such as HIPAA or PCI DSS.

It is important that organizations limit the types of data that are allowed to be stored or transported on portable media, and that data that is stored on portable devices is properly protected so that–even if the device is lost or stolen–the data it contains will be safe.

Tags: , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

Is There a ‘Bradley Manning’ in Your Company?

Thursday, January 6th, 2011

The breach of classified government and military data to WikiLeaks by Pfc Bradley Manning illustrates the extent of the insider threat. The authorized users with legitimate access to confidential and sensitive data pose a much greater risk to that data than some ethereal malicious hacker somewhere out there on the Internet.

To combat such threats, the Obama administration is urging all federal agencies to step up efforts to identify and thwart would-be ‘Bradley Mannings’. A document–ironically leaked to NBC news–”calls on agencies to hire psychiatrists and sociologists to measure the “despondence or grumpiness” of federal employees in order to “gauge trustworthiness.” It also urges the use of polygraph machines, and the monitoring of computer activities and signs of “high occurrences of foreign travel.”"

The Obama administration should be commended for recognizing the risk posed by insider access to sensitive information, and the new directives and policies are well-intentioned, but they seem very much like the TSA security at airports–much ado about nothing in a smoke and mirrors effort to appear secure while not really reducing the threat any.

Rather than relying on agency and department heads to closely monitor employees’ professional and personal activities, and investing money in psychological exams and polygraph tests, federal agencies should simply contact us at Zecurion. What government and military agencies really need are tools like Zlock to monitor and restrict the use of removable media without impeding its functionality, and Zgate to filter confidential and sensitive information to prevent it from being leaked via email or social networking sites.

Mr. President–feel free to contact me at bradley@zecurion.com or give me a call at 281-352-8201 so we can talk further.

Tags: , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

US Military Response to WikiLeaks Breach Misguided

Monday, December 13th, 2010

In response to recent revelations on WikiLeaks, the United States military has banned all removable media–CDs, DVDs, USB thumb drives, etc.–from being used on the private military network for classified information under penatly of court-martial. The policy may slow down an information breach, but it won’t prevent it–and it gets in the way of legitimate, productive use of removable media at the same time.

The United States military has a little thing about classified information. It is not a fan of unauthorized exposure or compromise of classified information, so naturally the data breach incident with WikiLeaks has evoked a strong response. The problem is that the response goes too far in one respect–impeding the legitimate use of removable media to transfer data between machines–and not nearly far enough in others–failing to actually meet the goal of preventing future exposure of classified information.

Sharing classified information with unauthorized individuals is already against military rules. The threat of court-martial for willingly disseminating classified data did not stop the soldier from doing so, and I don’t expect that also making it against the rules to use a USB thumb drive would have slowed him down either. If the soldier had intent to breach protocol and share classified information, a policy against it will have little effect.

What the military–and any other organization with a need to protect sensitive data–needs is a clearly-defined policy governing the legitimate use of removable media, and tools in place–like Zecurion Zlock–to let IT admins monitor and control the flow of sensitive information.

Tags: , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | 1 Comment »

Will Your Data be the Next WikiLeak?

Friday, December 3rd, 2010

WikiLeaks has built quite a reputation. Opinions of the site tend to the extremes–either it is a beacon for freedom of speech and a hero for uncovering information, or it is a borderline criminal organization and a threat to national security. In a recent interview with Forbes magazine, WikiLeaks founder Julian Assange revealed that WikiLeaks will also soon be targeting corporations–specifically a major American bank.

Could your classified sensitive company data end up on public display at WikiLeaks? Could it be shared with your competitors? Would you even know if it were?

The threat from employees–authorized users with access to sensitive data–is significantly greater than the threat from external attacks, yet most organizations are still stuck focusing on the “network perimeter” and the “us vs. them” mentality of protecting network assets from malicious forces outside. IT admins need to have policies defining how to manage sensitive data, and tools in place–like Zecurion’s Zlock–to control the use of removable media, and monitor the data that is saved or printed.

Tags: , ,
Posted in Data Storage Security | 1 Comment »

12 Reasons Why Zlock is the Ultimate Endpoint Security Solution

Tuesday, September 28th, 2010

Zlock gives IT departments full control over computer ports, peripherals and pluggable devices by enforcing customized device access policies. Organizations can prevent leaks of confidential and sensitive data easily and cost-effectively with Zecurion. Take a look at this list of 12 reasons that describe why Zlock is the solution IT admins have been looking for to protect data and restrict access to peripherals and removeable storage without hindering productivity.

Tags: , , , ,
Posted in Data Storage Security | 1 Comment »

An Unenforced Policy is the Same as No Policy at All

Friday, June 4th, 2010

The West Berkshire Council has just learned this lesson the hard way. According to a recent report of lost data “West Berkshire introduced encrypted memory sticks in 2006. But following an investigation by the Information Commissioner’s Office (ICO), it was also discovered that council employees were still using unencrypted memory sticks.”

In a perfect world, simply stating that data should only be stored on approved USB devices, and that all data on portable storage media must be encrypted would be good enough. In the real world, though, simply stating it is not good enough. Stating a policy–without any means of monitoring or enforcing compliance with it–is simply paying lip service to data protection and gambling that a data breach incident will never occur.

West Berkshire Council lost that gamble when an unencrypted USB memory stick containing sensitive information relating to the ethnicity, and mental and physical health of children was lost. The report also contains this quote “It is essential that organisations ensure the correct safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children.”

The best option to ensure correct safeguards are in place is Zlock. Zlock allows IT administrators to restrict users from writing to data to unapproved portable storage media. Access can be locked down to devices from a particular manufacturer, or of a particular type. A specific USB memory stick can be associated with each individual user, and all other memory sticks can be blocked.

In the case of West Berkshire Council, Zlock would have been instrumental in ensuring  that users relied on the encrypted USB memory sticks they were issued four years ago, rather than storing data on the now lost unencrypted USB memory stick.

Tags: , , ,
Posted in Security Breaches & Data Loss Incidents | 2 Comments »

Zlock Rewrites the Rules

Monday, May 10th, 2010

ChannelWeb’s Edward Moltzen took a detailed look at Zecurion’s Zlock and praised the product in his article titled Zecurion’s Zlock Rewrites the Rules.

Moltzen begins by explaining the issue faced by organizations “Even well-meaning and well-trained employees can put data at risk on a network, and even heightened network firewalls can’t keep all data from walking out the door. Having data on a network means it could become available for download onto DVDs, floppy drives or thumb drives. Sensitive data could even be errantly left on a printer’s hard drive or cache–allowing anyone with the know-how to steal it.”

The conclusion Moltzen arrives at after seeing Zlock in action: “That’s why we think the approach taken by emerging security vendor Zecurion makes so much sense. Zecurion’s Zlock application provides a straightforward approach to securing and managing a network’s potential open doors and breaches, and it’s an approach that it makes too much sense to ignore.”

Moltzen adds “We think Zecurion could be on the way to becoming one of the stronger players in the data security space, and the company is a strong alternative for VARs to consider when looking at solutions for small or midsize businesses or workgroups.”

Read the complete article for more from ChannelWeb. To learn more about Zlock, click here.

Tags: , , ,
Posted in Data Storage Security | 1 Comment »

« Older Entries
Newer Entries »