What Should You Store “In-the-cloud?”

Cloud computing is here to stay, and is a trend that will evolve and grow in the coming decade. But we are still pretty early in the hype cycle, and the market (and many of the associated technologies) is immature.

You want to take advantage of the economies-of-scale and the “elasticity” of a pay-as-you-go model. For many businesses and many individuals, this approach makes complete sense. But there is always the question of security. And in the highly-commoditized world of online storage, security is often sacrificed in order to offer competitive pricing.

There have been a few stories in the news, of late, that are pretty alarming. Just this week, DropBox had a security snafu that resulted in all DropBox accounts being completely unprotected for about four hours. At a networking event last night, I met someone who uses DropBox for his photography business. He was relatively unconcerned about the security issue, as the data that he posts is not confidential. It is, however, his copyrighted work.

There are other online storage services that have suffered from security issues. Similar problems have been reported in Google Docs and other services. And these same services are often rated by customers as inexpensive, convenient and easy to use.

So, should you stay away from cloud storage? Absolutely not! Just keep in mind that there is a place for everything. My rule of thumb is this: don’t store anything in a free or inexpensive online storage service that you wouldn’t post in a public forum. For confidential business files, protected personal information, intellectual property and the like, consider these questions before you make a decision about a cloud service:

1. Are the files stored in an encrypted format?
2. How are file permissions set up?
3. What is the company’s security track record? Have they had previous security breakdowns and what have they done to address them?
4. “Free” or “cheap” may be worth what you pay for it, in terms of protection.
5. What is the company’s security policy?
6. Are there guarantees for data security and penalties if these are not met?

Cloud-based storage, applications and infrastructure will continue to grow, but the security issues may not currently be keeping up with the growth. It’s important to be a smart consumer until security catches up.

Oxymorons and Confidentiality Notices

Many of our favorite oxymorons are funny because, while we understand the intent of the phrase, the words in the phrase are contradictory. Along with “Jumbo Shrimp” and “Voluntary Regulation,” we should consider “Confidentiality Notices” to be just as contradictory.

One such notice that appeared in my inbox recently tells me that if I am not the intended recipient, I am to destroy the email “without reading, using, copying or disclosing its contents to any other person.” OK…so how am I supposed to read the confidentiality notice at the bottom of the email without first having read the email? I am not informed that I shouldn’t read it until I have, in fact, already read it.

Typically, if postal mail is put into my mailbox that is not intended for me, I can clearly see this without opening the envelope. I simply jot a note on the envelope, put it back in my mail box and I am finished with it. I have no idea what it contains.

With an email, I can’t tell if it was intended for me until I have read it. So the confidentiality notice at the bottom is of little real use. Perhaps it reduces the liability of the sender, but it doesn’t make the information any more “confidential.” And it puts the entire responsibility for keeping your information private into the hands of someone who didn’t ask for that information in the first place, and perhaps doesn’t even know you.

Are you comfortable with that email security strategy?

Why You Shouldn’t Use Free Webmail Services for Business

OK, we’ve all done it. You’re working at home, trying to log in to a business application and you have forgotten your password. So you use your Gmail account to request your password and it is promptly sent to you – in clear text. Or maybe you are going on vacation and you want to give those key customers an easy way to communicate with you while you’re away – your mac.com account can easily be checked from your phone without requiring you to wade through the dozens (hundreds?) of email messages in your corporate email account.

Most people have multiple email addresses, often for different uses. But crossing over from a managed environment for your corporate email to a free webmail service can have unforeseen consequences:

1. Hackers
2. Unencrypted transfers
3. Policies of the service provider

In 2008, hackers breached the Yahoo! email account of Republican Vice Presidential Candidate Sarah Palin, accessing exchanges with state politicians, a contact list and some family photos. Ms. Palin should not have been using Yahoo! for official state business, and this breach reflects one reason why. More recently, a C-level executive had her Yahoo! email account hacked, as detailed in this Computerworld article. There is a lot more potential for security breaches in large webmail services like Yahoo! or Google. With millions of subscribers, the attraction for hackers is far greater than trying to hack a corporate server with a few hundred to a few thousand users, although those types of breaches can also happen.

Email is natively unsecure. We use it so frequently, and nearly always with success, so it’s easy to be lulled into the feeling that an email between you and an associate is just like a private conversation. It is not. Your email takes many hops between you and the recipient. And along the way, the information is as easy to read by an interested party as the front page of the newspaper. Your email is in plain text. There is absolutely no protection for the content of that email once you hit the “send” button.

Now, raise your hand if you have read the “Terms of Use” for your free webmail account. Yes, that’s what I thought. Yahoo! Mail Plus terms of service specifically states that Yahoo! makes no warranties that the service will be secure. “The use of the service is at your sole risk,” states the terms of service. Do you know who has access to the email that they store on their servers?

The important point, as data breaches continue to make the news, is this: think about the value of the information that you retain and that you share. What’s the value of your business contacts list? What’s the harm to you if your personal contacts list is breached? What’s the value of a calendar, a password, a description of a problem? Understanding the value of the data, and the impacts of a data breach, may result in making better decisions about what we share – and the services through which we share it.

Do you use your personal email account for work-related activities?

NY Yankees: Baseball, Hot Dogs, Apple Pie and a Massive Data Breach

It was just a simple human error. There were no hackers in a dark room in Russia. There was no covert inside operation. There wasn’t a set of high-tech network sniffing tools. Just an employee, trying to do his job, who executed a one-click PR catastrophe for the New York Yankees: a data breach of over 21,000 names, addresses, account numbers and email addresses of their loyal fan base.

Inadvertently releasing the personal information of thousands of people is bad enough, but this disaster is made worse by the fact that these names belong to the very people whose support keeps the Yankee organization going, and able to put a winning product on the field each year.

So, the question is, what do the Yankees do now? There are calls to fire this hapless employee, making him a sacrificial lamb for the purpose of satisfying the masses. But this problem goes far deeper into the organization than a worker who makes a mistake. If the Yankees simply fire this worker, and do nothing more, the problem still exists. This person does not deserve to lose his job. There is a fundamental security issue with the way that the organization does business.

This type of data breach is far more common than being “hacked” from outside of the organization. An article in Information Week indicates that 35.2% of data breaches are caused by human error. But we focus our attention on making sure that we have firewalls in place, strong passwords employed, perhaps even encrypted file transfer, but we ignore the security hole that’s big enough to drive a tank through: email security.

Managed File Transfer solutions are now taking on the issue of the ad hoc type of file transfers that occur through email – the exact scenario that caused the Yankees so much heartburn this week. Here’s what a Managed File Transfer solution needs to do:

1. Force the sender to verify the recipient before sending
2. Encrypt both the body of the email and the email attachment
3. Require a user name and password to be entered by the recipient in order to view the email
4. Have both the email and the attachment stored on a central server. When you send email attachments, you are sending copies of the file that can’t easily be controlled once you push the send button. If the attachment is stored on a server, the sender could simply delete the copy on the server, rather than spending time trying (unsuccessfully) to recall the message.

I hope that the New York Yankees will consider this: don’t fire this employee. Fix the root of the problem!

What do you think the Yankees should do?

Security Concerns for 2011

Here’s a great article from our strategic partner in the UK, Handd Business Solutions, written by managing partner Anthony Hodges.

Secure File Transfers – Your Key Security Concern in 2011

While the rest of the world is talking about how social media is the most important thing in 2011, small to large businesses’ know the truth – the most important thing in 2011 is the security and ease of transfer of large data files.

Why is this? Quite simply put, with all of the high profile security breaches and data losses of companies in the last 18 months, from Hotmail hacks, to the problems with several government organisations misplacing data, the whole concept of ‘data transfer’ has taken a hit. Whether you’re in the Banking and Finance field, or the Education and Universities system, the Retail industry or other areas such as Manufacturing, Building and Construction, data transfer of all types can be beneficial to both your company and your team.

Security as a top priority

As security is your top priority, the first thing you need to consider is the differences and failings in your transfer protocols. It’s likely that you’re using FTP and email, or other routes of data transfer that can create problems for your organisation, while MFT is one of the gold standards in data transfer and creates a compliant environment with an auditable trail and workflow.

In the case of FTP, you’ll find that there are some basic errors that will occur with FTP transfer protocols – from the problems with uploading large files to the inherent insecurity of sending the file via the protocols FTP uses.

Each of them can be easily solved by the use of Managed File Transfer – which will allow you to meet current compliance needs – and protect against the new problems emerging in Internet security, including the hacking problems that banks and other financial organisations are currently facing.

A recent study of European Businesses suggested that 53% of those surveyed said that their concern was security – 77% of all companies surveyed transfer critical data outside of their organisation, but over 60% have a uniform file transfer policy, while a startling 17% have no idea what to do if a file transfer error occurs.

What this suggests is that over 2/3rds of those working with file transfers, there is also a more concerning issue, including encrypting and decrypting data and antiviruses.

Understanding your complex needs

Understanding the needs of your company can take you through a complex hierarchy of understanding how your financial services are used how your company can protect and enhance its security policies, and understand the needs of file transfer and support your customers. MFT can help you meet and exceed most current security needs, while offering a simple, intergraded platform for your customers and clients, that is designed to be data centric, without overwhelming the users. It gives the best option when dealing with problems such as large file transfer, security and the issues that arise from transferring data between one location and another, and is the number one replacement for FTP.

HANDD Business Solutions are independent specialists providing Secure Managed File Transfer and Data Security solutions to a wide range of organisations, operating across all industry sectors. For further information about secure managed file transfer and data exchanges please visit www.handd.co.uk or call HANDD Business Solutions on +44 (0) 845 643 4063.

Maximizing LinkedIn

LinkedIn, which recently reached the 50 million user milestone, has long been considered the social networking site for professionals. If you’re in business, it is basically expected that you have a profile there.

Personally, LinkedIn has helped me in many ways. I guess the most significant would be providing me with the opportunity to join South River Technologies .

LinkedIn is even more effective for B2B businesses- 45% of B2B businesses acquired a customer directly from LinkedIn (only 26% B2C)

But, how do you maximize LinkedIn for your company and yourself? Well, I have found a few ways that have worked for me.

1. Acquire & Share Expertise —> LinkedIn has over 300,000 LinkedIn Groups that you can join.  Each group has its own Discussions Board, News Board, and Jobs postings. You can join a group about pretty much any subject matter. This gives you an opportunity to establish yourself as a subject matter expert. This is actually how the team here at South River Technologies and I were able to connect. Being that SRT is a Managed File Transfer solution provider, our CEO was a member of the Managed File Transfer group. I had posted some personal background information on the group’s message board. This led to an initial conversation with our CEO, Michael Ryan.

 

Furthermore, the LinkedIn Answers boards has more than 2,000,000 answers to a variety of questions for you to peruse.  The subject matter in both Groups and Answers covers a wide enough of topics that there is value for everyone to be participating.

2. Complete your profile!

Remember, LinkedIn profile completeness is not just about increasing chances for new leads. It’s about you and your personal brand

3. Create a company profile

In addition to your personal profile; Company Profiles are used to provide additional information about the company, its products and specialties, employees and company news. Your company profile can be a great tool to drive traffic back to your Website, as well as a way to reach out to other businesses.

 

For more ideas on maximizing LinkedIn visit the LinkedIn Blog.

For more information on South River Technologies please visit our website, http://www.southrivertech.com/

Managing License Activations

All of South River Technologies applications include a feature that permits them to run in trial mode for a specified number of days. This feature permits a potential customer to run the application in their environment for a while to determine if it meets the requirements.

 As is the case with most trials, it all comes to an end at some point and the software must be either purchased, or removed from your system. Of course, it’s our preference that you will decide to move ahead with the purchase.

 Once a registration code is purchased and entered into the program (eliminating the annoying nag screens), the program is activated. The registration code purchased determines how many times the software may be simultaneously activated. Multi-seat WebDrive licenses can be installed on multiple systems, server products can be installed on a single computer.

 SRT has set up a Customer Activation Portal where an end user may manage the activations on a given registration code. Using the Portal you have the ability to view your current activations, download the list of activations in XML format, deactivate one (or all) computer activations, edit the customer registration information for the registration code, and manage any SRT email mailing list subscriptions.

You can read all about the Customer Activation Portal in the knowledgebase article on our help desk.

How Much Do You Love Your Mother?

… Mother Earth, that is! (Mother’s Day is May 9th by the way) 

Let’s talk batteries for a moment. With the ever increasing number of electronic gadgets and toys, people are using more and more batteries; about three billion batteries are sold annually in the U.S.  The average person owns at least two button batteries, ten normal (AA, AAA, etc.) batteries, and throws out about eight per year.   These dead batteries are eating away at our planet.

Batteries contain heavy metals such as mercury, lead,  a highly toxic substance called cadmium, and nickel which can contaminate the environment if not properly discarded.  Trash is often burned but when incinerated, certain metals are released into the air, or can concentrate in the ash produced by the combustion process.

Potential problems or hazards:

•  Pollute the lakes and streams as the metals vaporize into the air when burned. 
•  Contribute to heavy metals that potentially may leach from solid waste landfills. 
•  Expose the environment and water to lead and acid. 
•  Contain strong corrosive acids. 
•  May cause burns or danger to eyes and skin.

In landfills, heavy metals have the potential to leak slowly into soil, groundwater or surface water. Dry cell batteries contribute about 88 percent of the total mercury and 50 percent of the cadmium in the municipal solid waste stream. In the past, batteries accounted for nearly half of the mercury used in the United States and over half of the mercury and cadmium in the municipal solid waste stream. When burned, some heavy metals such as mercury may vaporize and escape into the air, and cadmium and lead may end up in the ash.  Is that really how you want to treat your mother (earth)?

What do you do?

Buy the best battery for your product. Rechargeables  are recyclable, and though more costly, can outlast hundreds of disposable batteries, saving you money and the environment.   More than 2,500 retailers, including The Home Depot, Radio Shack and Sears, provide battery recycling collection boxes at stores nationwide. Last year, according to the Rechargeable Battery Recycling Corporation (RBRC), almost four and a half million pounds of rechargeables were collected in the United States and Canada. Keep up the good work!!

Disposing of Nickel Cadmium Cells

Nickel cadmium (nicad) cells are rechargeable so they have the same longevity advantage as lithium ion cells. Nickel is not so bad, but cadmium is definitely something to keep out of the environment. Never throw a nicad battery in the trash. Exchange nicads at the place of purchase or take them to a recycling center.

Disposing of Nickel Metal Hydride Cells

Also rechargeable, nickel-metal-hydride (NiMeHd) batteries are safe for landfill disposal in small numbers (< 10). Even so, they are completely recyclable and should be placed in the recycling stream if at all possible.

Disposing of Lead Acid Car Batteries

The lead acid battery is still the most popular choice for automotive applications. Since they contain lead, they should never be thrown in the trash. It is almost certain that you can trade in your old lead acid battery when you buy a new one. You will probably even receive a small payment (core charge).

Disposing of Small Button Cells

Small button-sized batteries are used to power watches and other low-power devices. It’s not easy to tell exactly what material are contained in these cells. Many contain silver, lead or other toxic metals. Take them to a recycler.

Take good care of your Mother (Earth). Choose to recharge, and recycle.

Finding a place near you to recycle. In the U. S. search the folowing:

Just visit the Recyclable Battery Recycling Corporation and type in your zip code
Read more at Suite101: Battery Disposal: Recycle Batteries the Right Way to Protect the Environment http://waste-reduction.suite101.com/article.cfm/barttery_disposal#ixzz0lkJgktoE

South River Technologies Announces Cornerstone MFT Platform

New Managed File Transfer Solution Closes Gaps in Security and Improves Visibility Into Data Flows and Processes 

ANNAPOLIS, Md.–(BUSINESS WIRE)–South River Technologies, Inc. (SRT), an innovator in managed file transfer and file collaboration software, today announced the release of its Cornerstone Managed File Transfer platform. Cornerstone closes gaps in security that can be left by traditional file transfer servers and offers unprecedented visibility into system activity and data movement. 

“Having visibility into your data flows gives you the ability to glean both business intelligence and to understand potential for risk and proactively address that issue.” 

Cornerstone MFT is a rebranded version of SRT’s popular Titan MFT solution. The new Cornerstone solution has been re-architected as a platform for adding specific modules that address the security, process, and data intelligence needs of SMBs and large enterprises. The suite of Cornerstone add-on modules enables customization of the Cornerstone solution, enabling the solution to evolve as the customer’s business needs change. 

Cornerstone Modules include Real-time PGP, an encryption module for data at rest; FIPS Certification module, a module that certifies FIPS compliance for government customers; QuickSend ad hoc file transfer module, to avoid the security and performance issues associated with emailing attachments while enabling users to work in the ways the are accustomed to working; StatsTrack reporting and auditing module provides unprecedented visibility into data flows and system activity to enable decision makers to anticipate rather than react; and a Web User Interface module that provides simple access to files without the requirement of installing software on individual PCs. 

Cornerstone MFT also works with SRT’s DMZedge Server, which reduces the risk of network intrusion, and the WebDrive virtual drive technology. WebDrive is a unique and innovative way to access files in Cornerstone, and other remote locations, from the convenience and familiarity of a drive letter. 

“Businesses are beginning to understand that a comprehensive IT security strategy requires more that just an encrypted file transfer,” says Michael Ryan, CEO of South River Technologies. “Having visibility into your data flows gives you the ability to glean both business intelligence and to understand potential for risk and proactively address that issue.” 

About South River Technologies 

South River Technologies is an innovator in secure file management and collaboration software. The Company’s software allows users to access, manage, and share files over the Internet in order to automate and streamline business processes and enhance productivity. SRT’s products enhance customers’ existing applications by instantly enabling secure access and Internet file sharing within those applications. More than 65,000 customers in over 112 countries use SRT’s software to make remote file access and collaboration more efficient for their customers, partners, and distributed workforce. For more information, please visit www.southrivertech.com. 

 

Contacts

South River Technologies
Tracy Welsh, 410-266-0667
tracy@southrivertech.com 

 

 

The Twelve Days of Titan

 

 

On the first day of Titan,
My true love sent to me,
An e-mail with a Regcode.

On the second day of Titan,
My true love sent to me:
Two Clustered Servers, and
An e-mail with a Regcode.

On the third day of Titan,
My true love sent to me:
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the fourth day of Titan,
My true love sent to me:
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the fifth day of Titan,
My true love sent to me:
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the sixth day of Titan,
My true love sent to me:
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the seventh day of Titan,
My true love sent to me:
Seven LDAP servers,
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the eighth day of Titan,
My true love sent to me:
Eight SFTP servers,
Seven LDAP servers,
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers,
An e-mail with a Regcode.

On the ninth day of Titan,
My true love sent to me:
Nine servers running,
Eight SFTP servers,
Seven LDAP servers,
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the tenth day of Titan,
My true love sent to me:
Ten clients connecting,
Nine servers running,
Eight SFTP servers,
Seven LDAP servers,
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the eleventh day of Titan,
My true love sent to me:
Eleven users uploading,
Ten clients connecting,
Nine servers running,
Eight SFTP servers,
Seven LDAP servers,
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode.

On the twelfth day of Titan,
My true love sent to me:
Twelve dats downloading,
Eleven users uploading,
Ten clients connecting,
Nine servers running,
Eight SFTP servers,
Seven LDAP servers,
Six new connections,
Five DMZs,
Four New Events,
Three Authentication modes,
Two Clustered Servers, and
An e-mail with a Regcode!

Have a Happy Holiday!