Posts Tagged ‘secure file sharing’

h1

Google Drive Wants a Piece of the File Sharing and Storage Pie – But It Might Not Taste So Sweet for Businesses

May 1, 2012

This week Google announced its newest offering, Google Drive. The launch of Google Drive, a cloud-based file storage and synchronization tool, places Google’s hat in the ring with other file sharing services. In response, Vice President of Sales and Client Services at FilesAnywhere, Shayne Mehringer, gave this statement:

“Google is king when it comes to Internet searching, and websites around the world count on them for outstanding targeted advertising abilities. However, this doesn’t necessarily make them right for the business and consumer file storage market. Oversaturation in the online storage and collaboration market is actually a good thing for us. Smart, professional consumers and corporations will now be forced to do their homework. Source 

h1

Top 10 managed file transfer considerations

April 11, 2012

 1. Platform Openness – To reduce the points of connection to sensitive data and reduce the risk of exposure to those without a need-to-know the MFT solution should be installed on the server operating system where the sensitive data and applications reside. If your corporate data mostly resides on the IBM X, then it would make sense to get a MFT solution that runs on the IBM X.

2. Authorization Controls – To meet many compliance regulations, the MFT solution must provide role based access to limit user access to certain servers or MFT functions based on user credentials.

 3. Secure FTP – Plain FTP is not secure. The MFT solution must support both SFTP (FTP over SSH) and FTPS (FTP over SSL) protocols for secure FTP transfers.

 4. Encryption Standards – At minimum, the solution should support the industry standard encryption standards: AES, Open PGP, AS2, SSH, SSL, TLS and S/MIME.

5. Database Integration – The MFT should readily connect to DB2, SQL Server, Oracle, MySQL and other popular database servers for extracting and inserting data.

6. Data Transformation – Is the ability to translate data between popular data formats including XML, CSV, Excel and fixed-width text formats.

7. Data Compression – Compresses and packages data using popular standards such as ZIP, GZIP and TAR to reduce transmission times.

8. Application Integration – The MFT should provide commands and APIs for interfacing with your applications.

 9. Scheduling – Allows transfers and other MFT functions to be scheduled for future dates and times.

10. Key Management – Does the MFT include management tools for creating, importing and exporting keys and certificates?

h1

Health Officials Seeking More Secure Mobile Devices

March 14, 2012

Mobile devices, from smartphones to tablet computers, are increasingly used in hospitals and other health care settings. But regulators fear that manufacturers have not taken adequate steps to safeguard privacy and security with the technology.

To help seal those gaps, the Department of Health and Human Services (HHS) has launched the Privacy & Security Mobile Device project. The initiative will be managed by the Office of the National Coordinator for Health Information Technology’s (ONC) Office of the Chief Privacy Officer and the HHS Office for Civil Rights.

The project also will work to develop case studies to help communicate to health care providers how to secure and protect health information when using mobile devices. An example of a provider use case scenario is the health care provider who is at home and on call, using a laptop to read a patient’s electronic medical record.

“The rationale behind this specific project is that the use of mobile devices in health care has skyrocketed in the last year,” said Joy Pritts, JD, chief privacy officer for ONC, in an interview. “The concern is that health information is some of the most sensitive information that there is.”

h1

CES 2012: A Federation of Storage Clouds will need data encryption

January 17, 2012

In 2012, these new technological advances provide home and personal cloud storage that can be used in addition to remote data center cloud storage. Together these various levels of networked storage, connected together through the public Internet, are creating a larger federated cloud service composed of public and private consumer cloud services.  Such a federation might provide new and useful services and entertainment capabilities for consumers in 2012. A federated cloud storage infrastructure could spur new businesses, new types of content, and new consumer devices to service these opportunities. Source CES 2012: A Federation of Storage Clouds

h1

Twitter lashes out at Google search changes

January 16, 2012

Google launched a social network in June, dubbed Google+, that offers many of the capabilities available on Twitter and on Facebook.

With Tuesday’s changes to Google’s search engine, photos and posts from Google+ will increasingly appear within the search results.

The changes effectively create customized search results for people who are logged in to Google. A person who searches for the term “Hawaii,” for example, might find private photos that their friends have shared on Google+ as well as public information about the islands.

Twitter’s general counsel, Alex Macgillivray, a former Google attorney, said in a Tweet on Tuesday that Google’s changes “warped” Web searches and represented a “bad day for the Internet.”

Source Twitter lashes out at Google search changes

h1

A Handful of 2012 Privacy & Security Predictions

January 3, 2012

A handful of thoughts on what 2012 may hold by Attorney Richard L. Santalesa:

  • The EU’s on deck Data Protection Regulation promises – or threatens depending on your viewpoint – to significantly revamp the EU’s data protection regimes, adding additional potential uncertainty to the EU arena.  The leaked DPR indicated a new broad extraterritorial reach, stronger protections for children under 18, embracing privacy by design and the right to be forgotten, a requirement to designate a privacy officer, and increased enforcement powers and penalties.  We’ll see what happens when the rubber meets the road.
  • Will the final version of the HIPAA breach notification rule make a long-awaited appearance in 2012, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act ?  The smart money says yes, especially since Congress recently admonished DHS to hurry up already given that the “interim” rule has been around since 2009.
  • The FTC plans to issue in early 2012 its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which I believe will have a significant impact on the 2012 privacy/infosec landscape.  The draft version, issued a year ago in December 2010, immediately sparked wide-ranging conversations on Do-Not-Track, Privacy by Design, Fair Information Practice Principles, Geolocation and other privacy-related issues, many of which quickly found their way into 2011’s proposed bills.  I expect the finalized report to be heavily influential on 2012’s infosec and privacy debates.
  • Information security and data protection issues surrounding contracting for cloud services will begin the road to maturity in 2012 as the federal government continues its push of fed agency IT needs into the cloud.  The result will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few.
  • Finally, 2012 will unfortunately see no end in sight to advanced attacks resulting in data breaches, with attacks on mobile devices to ramp up significantly.  In response the move to Big Data and data hoarding may reverse as companies in specific sectoral areas begin paring back on how much data they retain.

For additional 2012 infosec and privacy predictions, pop over to Christine Marciano of Cyber Data Risk Managers’ collection, which includes the author’s  views of 2012, at  http://www.dataprivacyinsurance.com/wp-content/uploads/2012/01/2012-DATA-PRIVACY-AND-INFORMATION-SECURITY-PREDICTIONS.pdf

h1

Study: IT’s Future Lies With Cloud Computing, Security and Mobile

November 7, 2011

Cloud computing, security and the mobile space hold the most growth potential in the coming years, according to IT professionals surveyed by tech staffing firm Modis.

While no single technology dominated that portion of the study, which polled 502 tech workers on issues related to their jobs and the IT industry, those areas took the top three spots. Cloud computing earned 29 percent of the vote, security tallied 21 percent and mobile scored 18 percent.

The technologies are linked, said Jack Cullen, president of Modis. As companies turn to cloud computing to deliver services over mobile devices, securing data is paramount, he said.

“Security has got to be one of the first things you think about even before talking about mobile applications or strategy,” he said. Firms first need to ask how they plan on securing their information in a cloud computing environment.

 Source:  Study: IT’s Future Lies With Cloud Computing, Security and Mobile