I had the pleasure of attending the SecureWorld Expo last week in Santa Clara, CA, right in the heart of Silicon Valley.   Although it was a relatively small show, the audience was feisty!   And as the first tradeshow I’ve attended as an Ipswitch employee, and my first security-themed show, there was a ton to learn.

The range of exhibitors and their offerings was impressive and instructive.  Attendees (and this reporter) had the opportunity to learn about end point security, patch management, threat management appliances, disaster recovery, identity management, and much more.

Here are a few vendors that caught my eye:

  • ESET – whose live, 2-inch long cockroaches drew cringes and well-earned attention to their anti-virus solutions set;
  • Websense – whose DLP solution is a great complement to Ipswitch’s managed file transfer products, as it automatically identifies content that likely contains data that is sensitive and needs to be secured;
  • Veracode – which is changing the game in application security testing with its SaaS static testing and analysis offerings.

I was tapped to be a panelist for a breakout session entitled “Data Protection – Walking the Thin Line Between Employee Productivity and Security”.  It was a great subject that my fellow panelists handled very well, demonstrating their deep knowledge about security solutions and how they fit (or don’t) within corporate cultures.  I look forward to exploring these questions with Ipswitch’s customers and at other tradeshows in the coming months.

The most insightful conversations I had at the show were with attendees who visited our booth.  More  on those conversations soon….

Two months ago we posted about the massive data breach at South Shore Hospital in Weymouth, Massachusetts, “800,000 Reasons Why MFT is Important“.

Well, the drama and the headaches continue.

What originally happened was that computer files containing personal information of about 800,000 people, information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits had been misplaced, possibly lost or maybe even stolen.

Aspirin worthy.

On September 8th, 2010 Wickedlocal.com reported that “South Shore Hospital initially informed the Attorney General’s Office and the public that it would send individual written notice of the data breach to each affected consumer.”

Aspirin worthy, but the legal and responsible thing to do…that is until a brilliant idea occurred:

However, South Shore Hospital has informed the Attorney General’s Office that it does not plan to send individual written notice to affected consumers. Instead, South Shore Hospital has chosen to invoke a provision under state law to notify consumers through the ‘substitute notice’ process, which means rather than receiving individual letters at their homes, consumers who are affected by the breach will be generally notified of the data loss through a posting on South Shore Hospital’s website, publication in newspapers throughout the Commonwealth, and by e-mail for those consumers for whom South Shore Hospital has e-mail addresses.”

So the move here is that to notify the people who’s data they lost, they’ll put that information in a place where everyone can see it. Isn’t that counter-intuitive? 

In a related story on Healthdatamanagement.com – Joseph Goedert reports that:

Massachusetts Attorney General Martha Coakley ‘has objected to South Shore Hospital’s revised notification plans and maintains that affected consumers should receive individual notification as originally represented by South Shore Hospital in its prior public announcements concerning the data loss,’ according to a statement from her office.”

What are your thoughts on how South Shore Hospital is handling this? Am I the only one reaching for the Anacin?

Here’s a nice write-up of one of our newest customers, Salary.com

Every once in a while we like to showcase an exciting new customer and share some of the reasons why they chose to deploy an Ipswitch File Transfer solution to solve their business problems.

Quick background on the business need:

Salary.com exchanges data with thousands of customers and partners daily worldwide.

They sought a flexible, highly available solution that could simplify business operations and meet compliance regulations including SOX, PCI DSS, HIPAA and other state laws around employee privacy.

Security & compliance requirements were driving factors:

“It’s an imperative that our file transfer services maintain our rigorous requirements for keeping our clients’ critical business data secure,” said John Desharnais, managing director of technical operations at Salary.com.

And here’s some insight into their purchase decision:

“Salary.com reviewed several solutions, but selected Ipswitch’s MOVEit suite because of its comprehensive approach to managed file transfer, ability to provide an end-to-end audit trail and granular controls that monitor how files are moved, accessed, and used.”

“Ipswitch’s MOVEit solution is easy to use and ensures that we have complete visibility into all file transfer activity on our network.”

Salary.com, welcome to the Ipswitch family and we look forward to a loooong relationship together.  As your business needs continue to grow and evolve, Ipswitch will be a trusted partner that will continue to bring innovative solutions to market.

We are sorry for any concern we are causing anyone at this time.”

It’s pretty certain that those are 13 words that no CEO ever wants to have to say. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

Seems that some computer files containing the personal information of about 800,000 people might have been misplaced or possibly lost or maybe even stolen.

We’re talking about information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits … just to name a few pieces of personal information, you get the picture.

800,000 records. 800,000 reasons why Managed File Transfer is important. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

Seems that somewhere in the process of these 800,000 records being shipped to a contractor to be destroyed, and actually getting to the contractor to be destroyed they disappeared.

Boston.com has some information worth reading.

Forgive the obvious Ipswitch plug here, but c’mon, any one of these solutions could help any CEO avoid having to say those 13 words.

So, that’s today’s 800,000 reasons why MFT is important, and how to avoid those 13 words. As a special bonus for you, here’s 7 words you’d surely like to steer clear of:

We are still searching for those files.’’

Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

I just finished reading a great article in Network Computing titled “Managed File Transfer Asserts Data Governance In Transit”.  Author Neil Roiter hit the nail right on the head by calling out the importance of visibility and governance over person-to-person file transfers.  And if you don’t believe us, just ask any eDiscovery judge!

Sure, organizations absolutely positively must carefully consider how to transfer staggering volumes of data between systems and servers, both inside and outside the organization – all with management, policy enforcement and visibility capabilities.

That being said, individual employees are sending files to other people too… And unless IT provides them with an easy-to-use process to accomplish this, they will find their own ways, such as personal email accounts, USB drives, online file sharing services, etc.

Increased focus on data security, governance, regulatory compliance and eDiscovery has really put pressure on IT to not only have complete visibility into the processes involved in data transfer, but ALSO THE PEOPLE.  Frank Kenney,  sums it up well  in the article:

“MFT can bring (person-to-person) file transfer under the corporate governance umbrella. We can give people ad hoc technology and enforce the use of those technologies. We make capabilities dead easy to easy and enterprises have the right policies in place about how to use them. MFT products provide visibility and validation through dashboards, reporting, real-time updates on data transfer and audit trails.

Some day, an eDiscovery judge may ask you to provide an audit trail with proof of chain-of-custody for a particular file that has bounced around your company and between people.  Here are just a few questions you’ll need to be able to answer:   Who sent what?  When?  Where?  To whom?  Was it encrypted?  And did it get there?

What will your answer be?

When interviewing job candidates, I’m always on the lookout for dedicated, motivated, passionate people that relish in rolling up their sleeves and doing whatever it takes to get the job done.  Why?  Because a little bit of chutzpah goes a long way towards being a successful and productive employee.

But can employees “going above and beyond” backfire and result in severe damage to a company?

Unfortunately, yes, they can.

In his guest blog post on LastWatchdog, Gary Shottes, President of Ipswitch File Transfer, describes an example of how hard-working employees are causing new security and legal liability implications that organizations need to carefully consider when deciding what tools to provide people with.

“Highly-motivated workers are willing to do whatever it takes to get the job done, with or without IT.  Employees, whose job requires them to send information to colleagues, partners, vendors or customers around the globe, have literally thousands of file transfer options.

If IT fails to provide employees with a fast and easy way to share information, they will take matters into their own hands, even if that means using technology that’s not sanctioned by IT. They may use a personal webmail account, smartphones, USB drive, or even transfer data via Facebook and LinkedIn.”

Combining that increasingly familiar scenario with some recent survey data indicating that over 80% of IT executives lack visibility into files moving both internally and externally drives home the scary point that there’s a big security hole in many companies…. And organizations need to be careful that employees can’t crawl through it, even if it’s with the best of intentions.

Fortunately, there are some great tools out there to arm employees with a quick, easy-to-use and secure way to share information with other people, both inside and outside the company — While at the same time provide the company with the critical visibility, management and enforcement it needs to protect sensitive and confidential information.  This is one situation where it makes a lot of sense to lead the horse to water & make it drink.

Industry expert Michael Osterman shares some great editorial and perspective in Messaging News on the Ipswitch acquisition of MessageWay.  He starts by pointing out that Ipswitch is positioned as a “Leader” in the latest Gartner Magic Quadrant for Managed File Transfer….. As well as Ipswitch’s proven track record in the file transfer space (Nearly 20-years for those counting).

He also nailed what the acquisition immediately brings to the table as far as expanding Ipswitch’s range of solution offerings:  “(Ipswitch has) clearly boosted its position in the MFT space with this acquisition given that MessageWay’s MFT solutions are designed for high volume file transfer applications in the large enterprise (Global 2000) and service provider markets.”

I particularly like (and agree with) his answer to the question of “Why is MFT important?”

“Among the many reasons are two key ones:

read more “Why is MFT important?”

Word of today’s public announcement that Ipswitch has acquired MessageWay Solutions is already starting to spread, and fast.  Whether you’re an Ipswitch customer or employee, industry expert, or just learning about the Managed File Transfer space one thing is clear – The MFT industry is evolving and growing worldwide, both in strategic importance and pure volume.

We’ve seen greater emphasis on managing and controlling file processing behind the firewall…. And witnessed customers and prospects describing their need for an MFT solution that includes some B2B and EDI attributes.

Ipswitch’s acquisition of MessageWay creates the industry’s most powerful and complete suite of Managed File Transfer solutions with robust, highly scalable advanced file services that continues where MFT has traditionally left off – at the edge of the network.

[youtube]http://www.youtube.com/watch?v=U06p6axECSY[/youtube]

read more “Advancing MFT Solutions”

Tax season is behind us (at least for most of us) and we can all give a sigh of relief… but can we? This year, getting my taxes organized and handing them to my accountant seemed to be more difficult than usual. Fortunately for me, the Federal Government gave certain areas that were dealing with flooding a small extension that allowed me to find the time to pass my taxes into my accountant.

Once that task was completed, I was able to relax except for the fact I now had one day to get back into the accountant’s office and sign the documents for them to send to the IRS.

read more “Do People Realize What They Are Sending and the Risks Associated?”

Shocker!  So let me get this straight…. A leader in the B2B Gateway, MFT, and Integration Provider markets gets acquired and the leading analysts firms in the universe reduce it to an apps in the Cloud story????  SMH.  Let’s peel away just one layer of the onion… Just one layer, no analysis needed on this one.

Companies with investments in Connect:Direct and/ or Connect:Enterprise have to think long and hard about continuing their reliance on the NDM protocol.  We aren’t talking about just two or three companies, we are talking about thousands of financial, manufacturing, healthcare and telecomm companies.  So we need some advice on this one…

read more “Peeling the Sterling Onion”

To some folks this is just a flash banner on a website, amongst the many marketing messages that you typically find on a technology provider’s dot com website.

“IBM acquires Sterling Commerce from AT&T for $1.4B”.

For many customers it means reconsidering 30 year old technology that enables many mission critical processes.  When something like this happens, in my past life at Gartner I would be required to write 3 paragraphs: what happened, my analysis and what should customers do.  And I had to be politically correct because all three companies were important customers to Gartner.  I could give thoughtful analysis but I had to produce multiple caveats to indemnify myself and Gartner.  ( Hey it’s a decent business model!)

read more “IBM Buys Sterling- A Glimpse From The Land Of Rounding Errors”

People are non-consistent, incredibly stubborn and risk prone when it comes to information technology. Bottom line you can’t nor should you depend on them to accurately establish and mitigate risk according to your corporate standards and policies.

What incredibly geeky statement to make…

But it’s absolutely true. The future set of technologies from Ipswitch will include capabilities that better allow IT departments to have visibility, management and control of the things that people do. As vision and strategy guide it’s easy for me to make this statement, but trust me our product manager and senior developers are looking at me through the crosshairs of their rifles and shotguns. That is because they understand people dynamically assign and mitigate risk, based on context that we just cannot re-create in current IT environments.

read more “Living at the Intersection of People and Technology”