I participated on a panel discussion at SecureWorld Boston yesterday. The discussion topic was striking a balance between productivity and security and it yielded three thoughts that I would like to discuss in today’s blog.

  1. The notion that our companies are going to employ the same type of security policies that we used over the last 30 years is ludicrous. With the arrival of the digital natives into the workforce, simply assuming that your new knowledge workers can adapt to your existing security policy is a farce.How do you establish security mechanisms for information when the people who use this information and data on a daily basis have a much more radical perception on information security and risk? Most digital natives think nothing of providing personal information via the Internet because there is a firm understanding that the information already exists there. These digital natives have grown accustomed to the idea that you should check your credit report every six months and always look for fraudulent charges when the statement arrives.
    read more “Striking a balance between productivity and security”

Using free online storage and collaboration systems dramatically increases a company’s risk of a data breach.  Many of these tools automatically synchronize desktop folders with folders in the cloud.  Compromised credentials can give hackers easy access to all of a company’s sensitive information.

Companies need to monitor traffic over known P2P ports and over commonly used ones, like 80 and 21.  It’s not just data loss prevention, it’s ensuring that policies that address “what data can be sent to whom” are enforced – regardless of port and security mechanisms.

Most of today’s threats with P2P file sharing come from applications that work in conjunction with cloud services, leaving room for hackers to create desktop onramps for their own use.”

 In a recent case, the FTC found the breach.  The truth is – the companies breached should have found it first.

Many enterprise collaboration tools have browser-based portals set to automatically download documents from specific locations.  Simply changing the default settings away from “My Documents” can prevent employees from unknowingly downloading and installing applications that could increase a company’s risk of a breach.

How does the popular UK tech blogger, Jason Slater, use WS_FTP Professional?

WS_FTP Professional User Interface

In his latest blog post, “Mass Transferring Files with WS_FTP Professional,”  Jason reveals that he’s in the process of migrating his websites to a new dedicated web server.

In order to do this successfully, Jason needs to utilize a tool that transfers his data quickly and securely. That’s where WS_FTP Professional comes into play…

Jason explains that he relies on WS_FTP Professional to get this important job done and that he’s been using “WS_FTP for quite some years and [has] seen the product develop into the essential application it is today.”

To read Jason’s full  post on WS_FTP Professional, please visit his website, Jason Slater Technology Blog.

There was yet another security breach inside the government this week and this one involved an employee sending personal information via the Internet.

What in the world does that mean?

Open letter to the White House CIO: please better define what you mean by Internet. As I said in earlier blog posts, whenever you pull people into the middle of information technology it is unreasonable to expect that they will self-enforce 100% of the policies 100% of the time. We won’t lock our laptops all the time. We won’t choose passwords that are totally random with a combination of numbers and punctuation (my WEP password for my wireless router is based on the key 3210abcdef!) No matter how many encryption products you put on our desktop we will forget to use them and we won’t check for SSL encryption and check the certificate on every website that we go to.

  read more “Homeland alert! Beware of the Internet (but e-mailing, web browsing and file sharing are okay)”

People are non-consistent, incredibly stubborn and risk prone when it comes to information technology. Bottom line you can’t nor should you depend on them to accurately establish and mitigate risk according to your corporate standards and policies.

What incredibly geeky statement to make…

But it’s absolutely true. The future set of technologies from Ipswitch will include capabilities that better allow IT departments to have visibility, management and control of the things that people do. As vision and strategy guide it’s easy for me to make this statement, but trust me our product manager and senior developers are looking at me through the crosshairs of their rifles and shotguns. That is because they understand people dynamically assign and mitigate risk, based on context that we just cannot re-create in current IT environments.

read more “Living at the Intersection of People and Technology”

With awareness of data breaches at an all-time high, financial
institutions are working hard to implement policies and solutions
that protect sensitive financial information along with their
reputations and industry competitiveness. In today’s digital
world, critical financial data is being sent back and forth between
businesses and individuals at speeds faster than anyone ever
thought possible. While this information exchange allows financial
institutions to deliver higher levels of service and capitalise on
emerging growth opportunities, it also leaves them vulnerable to
security breaches and data leaks.
Hermes a multi-specialist asset manager, owned by BT Pension
Scheme (BTPS), deals with a huge amount of sensitive data and,
therefore, turned to Ipswitch to provide them with a secure and
reliable solution to help protect the transfer of data and information.
Requiring a fully versatile solution they installed Ipswitch’s MOVEit DMZ Enterprise.
Hermes offers a range of investment solutions ranging from alternative strategies, such as fund of hedge
funds and commodities, to engagement focus funds, real estate, private equity and specialist equity products.
Its pension fund management service, Hermes Pension Fund Management Limited (HPFM), runs alongside
its multi-specialist structure and acts as the executive arm of the BT Pension Scheme (BTPS). Hermes
currently invests assets on behalf of 204 clients across these product areas and has over £20 billion under
management.
“We needed to host an FTP site so that people could post information to us, which, obviously, needed to be
very secure due to the sensitivity of the data,” explained Jamie Dewar, Technical Services Manager, Hermes.
“We didn’t host FTP before as we were a ‘pull only’ organisation and just used the basic Microsoft mainline
tools. However, due to changing business requirements we required an enterprise-class FTP solution that
was highly secure.”
MOVEit DMZ is an enterprise data transfer server that boasts end-to-end encrypted transfer and storage of
data, as well as delivering powerful administration and reporting capabilities. It resides on a secure server in
a ‘de-militarised zone’ (DMZ) attached to a firewall. This enables it to be accessed through the firewall from
both inside and outside of a network for transfers including End-User-to-End-User, End-User-to-Backend-
System and Backend-System-to-Backend-System.

With awareness of data breaches at an all-time high, financial institutions are working hard to implement policies and solutions that protect sensitive financial information along with their reputations and industry competitiveness. In today’s digital world, critical financial data is being sent back and forth between businesses and individuals at speeds faster than anyone ever thought possible. While this information exchange allows financial institutions to deliver higher levels of service and capitalise on emerging growth opportunities, it also leaves them vulnerable to security breaches and data leaks.

Hermes a multi-specialist asset manager, owned by BT Pension Scheme (BTPS), deals with a huge amount of sensitive data and, therefore, turned to Ipswitch to provide them with a secure and reliable solution to help protect the transfer of data and information. Requiring a fully versatile solution they installed Ipswitch’s MOVEit DMZ Enterprise.

“We needed to host an FTP site so that people could post information to us, which, obviously, needed to be very secure due to the sensitivity of the data,” explained Jamie Dewar, Technical Services Manager, Hermes. “We didn’t host FTP before as we were a ‘pull only’ organisation and just used the basic Microsoft mainline tools. However, due to changing business requirements we required an enterprise-class FTP solution that was highly secure.”

Read more about Hermes and how they protect their private data: http://www.ipswitchft.com/resources/case-studies/moveit/enterprise-file-transfer-compliance