Over the last few weeks, we’ve been putting the final touches on our next generation of services that will be delivered via the cloud. As with any product or service release, there comes a fair amount of planning including ensuring that one has the best site into competitors, forecast and of course customers. We’ve worked closely with industry analysts, our end-users and prospects and our own internal resources to best understand how and where we should position our cloud services. In presentation after presentation and in conversation after conversation, we were presented market slides showing the enormous growth and opportunity within the overall software as a service (SaaS) markets. The natural reaction is to get excited about all the money we can make in this space; before we did, I issued a strong warning to our team:
“In very much the same way that software is analogous to infrastructure, software as a service is not analogous to infrastructure as a service. That includes integration as a service. The profile of the consumer of SaaS will more than likely expect that things like integration, interoperability, transformation and governance will be part of the service subscription.”
In a nutshell what I was saying was… do not look at forecasts for SaaS and assume that the opportunities for IaaS follow the same trends. If users create content by using services that are delivered via the cloud, they have a reasonable expectation that this content can be shared with other services delivered via the cloud (not necessarily by the same vendor). For example, creating content via salesforce.com and sharing that content with gooddata.com should be as simple as granting the necessary permissions. After all, my Facebook, Twitter and Google+ information is shared by clicking a few buttons. Make no mistake, integration and interoperability are nontrivial, but part of the expectation of using cloud services is that the consumer is shielded from these complexities. As more and more cloud service platforms and providers build in integration and governance technologies the need for a separate IaaS provider will likely diminish.
Don’t get me wrong, I still believe that there is a place for technologies such as managed file transfer and business-to-business integration and collaboration; I definitely believe that Ipswitch will play a significant role in the evolution of those markets. Expect the role of Ipswitch to be evolve as well; not only will we provide the best mechanisms for moving content of any size but we will also govern (or let you govern) that movement and the entire experience around it. This is the centerpiece of Ipswitch’s Cloud strategy.
Corporate America is finally taking notice of its lax information-sharing practices. As data breaches continue to dominate headlines in 2011 and expose major vulnerabilities in the way organizations share and manage sensitive information, companies worldwide are demanding that their partners improve the way they send and receive files.
According to a new report by Ipswitch File Transfer (FT), nearly two-thirds of individuals surveyed at this year’s Infosecurity Europe Conference said their company is feeling increased pressure from customers and partners to improve the speed and security of file transfers.
“The successes of hacking groups like Anonymous and Lulzsec have opened the doors for boardroom conversations around information managementand security,” said Frank Kenney, VP of Global Strategy for Ipswitch FT and author of the report. “Companies are finally realizing that they may be at risk and are seriously reevaluating the way they exchange business information on a daily basis.”
According to Ipswitch’s new report, the problem for many organizations stems from corporate management not providing employees with suitable tools to send and receive large and confidential attachments. Without a company-mandated file transfer platform that makes it simple and secure to send and receive large files, employees are finding workarounds and throwing security and compliance out the window in the process. For instance, nearly 50 percent of individuals surveyed at Infosecurity Europe have been unable to send business-critical documents because their company’s server couldn’t handle the file’s size. And 78 percent said that, on numerous occasions, their corporate email system’s inability to handle large attachments significantly slowed productivity.
The result: Employees find risky workarounds – including personal email and remote devices to avoid the corporate information-sharing roadblocks:
- Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk. And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.
- Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information. Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.
While some organizations are providing employees with file transfer solutions to overcome size constraints, Ipswitch’s new report shows that too many platforms are failing to place enough emphasis on security. Less than 30 percent of companies leverage file expiration and password protection technology and only 15 percent of companies can actually confirm that their files have reached their intended recipients. At least 30 percent of companies don’t have any safeguards in place to secure file transfers.
“Employees will do whatever they need to be productive, and that includes going around corporate systems to send and receive business-critical information,” said Kenney. “It’s not enough to create policies that prohibit such risky behavior; organizations need to provide employees with a simple and secure tool that allows them to send and receive large files successfully.”
Citi was recently fined $500,000 by the Financial Industry Regulatory Authority (FINRA) for its failure to pick up on an employee skimming over $750,000 from the accounts of 22 Citi customers over the last eight years .
When I first read the headline, my initial thought was that this was yet another unfortunate example of an organization not having set-up or maintained appropriate access controls (to grant access to only those who really need it) and that lacked visibility into what activities are actually happening.
Turns out, my initial thoughts were wrong. As part of her job, the employee needed access to the information. And it also sounds like the fraudulent activity should have been visible to Citi:
“FINRA said its investigators had determined that Citi failed to detect or investigate a series of so-called red flags that should have alerted the bank to Moon’s fraudulent use of customer funds.
The red flags included exception reports that highlighted conflicting information in new account applications, as well as customer account records that reflected suspicious funds transfers between unrelated accounts.”
It sounds like that with the systems and exception reports Citi already had in place that they should have detected the suspicious activity involving transfers and disbursements in the accounts.
This is a reminder that simply investing in technology isn’t good enough. Successful deployment must include not only training for the IT department on how to properly install and configure, but also training for end users that are responsible for consuming and acting on the information provided by the system.
Yesterday, August 15, 2011, was celebrated as National Relaxation Day. In such a fast-paced, stressful society, everyone needs a break sometimes. Though stress is normal, too much of it can be detrimental to your health. We hope that you were able to take it easy yesterday – even if it was just for a few minutes – and enjoyed the day!
We understand that there is little time for relaxation in your role– between making sure your network connection is safe and secure and taking precautions to guard against disasters, you’re always busy. Fortunately for you, WhatsUp Gold can help. If chaos and ‘after-the-fact’ troubleshooting are ruling your life now, WhatsUp Gold’s notifications and alerts can help minimize your problems. Learn more about WhatsUp Gold.
We have an exciting, live webinar coming up in less than an hour — and it’s FREE!
Topic: WhatsConfigured: Be in Control of Your Device Configurations
Date/Time: August 16, 2011 – 11 a.m. US EST
What it will cover: This webinar will cover WhatsConfigured 3.0, the latest version of our powerful change and configuration management solution. It offers the convenience of configuration management with an intuitive user interface and automatic discovery for rapid deployment.
Register NOW: https://ipswitch.webex.com/ipswitch/onstage/g.php?t=a&d=687149038
We hope you join us!
We all know what it’s like to work with difficult coworkers, over the top bosses – and maybe even the infamous “monster boss.” Check out WhatsUp Gold’s new Monster Boss video and see how WhatsUp Gold enables users to have “more up time and less boss time.”
Interested in more information on WhatsUp Gold? Learn more.
We have an exciting live webinar that will be occuring tomorrow! Sign up now to join this FREE webinar!
- Subject: WhatsUp Gold: The New Interface
- Date: August 11, 2011
- Time: 11 a.m. US EST
- What it will cover: This webinar will showcase the complete re-design of the web interface (and several other exciting new features!) introduced in WhatsUp Gold v15.
We hope you join us!
Here’s a great article by Brian O’Connell of CPA Site Solutions on how to deal with email security difficulties. The context of the article is from the perspective of the accounting industry, but I’d say it’s an extremely universal topic that actually impacts almost every kind of company today.
The premise of the article is that email is generally accepted as a dependable way to communicate and share files…. And then he points out that in reality, email isn’t very safe. Sound familiar? – And for you encrypted email lovers out there (you know who you are), I’d like to quickly mention that while encryption can make it harder to open an email or attachment, it does nothing to prevent it from being intercepted.
Brian draws a very important difference between “security” and “privacy” that I want to highlight.
“Privacy is the shield that protects a person’s identity while actively sharing information via the web.
Where privacy is about keeping the door locked, security is about the lock itself.
Security is the actual online authentication and authorization protocols that networks use to protect information and the audit system used to verify the overall system’s effectiveness.”
While I agree that the distinction is important, I’d also like to point out that an organization must protect both the security and privacy of confidential information in order to comply with the growing number of data protection laws and compliance mandates. I wouldn’t worry too much about the distinctions, but instead focus on the need to have visibility and governance over all files, data and information that are being shared both within your company and also externally with business partners and customers.
Congratulations to James Attanasio, our SysAdmin Appreciation Day Contest winner! As his prize, James will be receiving an iPad2.
We loved hearing all of your SysAmin stories – whether good or bad – and want to thank all of our contest participants. We know being a SysAmin is no easy job so we want to thank you for all that you do!