Security

Information Governance Can Limit Data Breaches But That Isn’t The Answer

2 Comments

 

Spocks Brain is Gone, the ultimate in data theftYou may have noticed that there has been a large amount of data and information leaking out into the universe lately. Between people not protecting information, breaking rules around information, or your classic data breach, our personal information is out there, without us, more than ever.

The one thing I hear after every breach is the call for better Information Governance or Records Management. As Don Lueders, whom I respect, put it,

So called ‘data breaches’ are thefts of information and, as such, they are first and foremost a traditional records management problem.  Until organizations understand this and include records management as a critical component of their long term cybersecurity strategy, data breaches – and the disastrous consequences they bring – will continue unabated.

I’ve said this before and I’ll say it again, this is a false sense of security. Disposing of records will not keep you out of the headlines. It will only give you a false sense of security.

Continue reading

Apple, Privacy, and Doing the Right Thing

5 Comments

Steve Jobs from a South Park episodeHere’s the deal. A Federal court has ordered Apple to comply with the FBI’s request to help break into the encrypted iPhone of one of the dead shooters from the San Bernadino shooting in California back in December. Apple publically refused in a well written letter that defended the importance of privacy and was signed by Tim Cook.

Who’s right?

It wouldn’t take a genius to determine that I might instinctively side with privacy and Tim Cook. I’m a big believer of ethical behavior in the tech world, the importance of firms protecting consumers from their own ignorance, and am proud that Tim Cook is a fellow Auburn grad.

But it isn’t that simple.

Continue reading

Box Makes a Huge Leap in Security

3 Comments

The Keymaster and Gatekeeper from GhostbustersI saw the Box’s announcement of their Enterprise Key Management (EKM) feature yesterday. This is a big jump forward for Box and puts them well in the front lines for cloud security among vendors with traction. Matt Weinberger had a good write-up about how Box’s EKM works complete with a Ghostbuster reference.

Chris Walker wrote about Box’s EKM announcement and quoted a tweet I made. The tweet follows but I encourage you to go read his post as it is a good one.

I wanted to expand on the quote up above in a comment on Chris’s post then I couldn’t stop typing. I decided to write it here.

Continue reading

Sony, Information Governance, and the Quest for Relevancy

9 Comments

Movie: The InterviewPeople have been writing for months about what could have prevented or lessened the impact the Sony hack. I’ve talked to many people in the information governance industry on this very topic. I’m a firm believer that even with proper information governance policies that were properly followed, the impact of the Sony hacks would be the same.

Of course, not everyone agrees. Lubor Ptacek asked if enterprise content management (ECM) could have prevented the hack. While his answer was not a definitive ‘Yes’, it did fall strongly on the side that it would have made a significant difference.

Lubor is a smart person so I’ve decided to visit his points in this post.  Before I start going point-by-point…

You Can’t Govern Stupid

Continue reading

Content Management Step 3, Control that Information

1 Comment

Auburn's Eagle FlyigAt this point, I’ve covered the first two Content Management steps towards achieving the proper Information Governance, knowing. The remaining steps are ones that the industry executes fairly well today, at least from a technical perspective. It just feels like a failure because we historically fail to Capture and Organize content properly.

The third step is Control. Control is something that most organizations have mastered, perhaps a little too well. If a piece of content gets into the system, locking it down is easy. The challenge here is not the technology, but the basic approach to controlling content.

Continue reading

Heartbleed is NOT an Open Source Issue

6 Comments

I was going to write a nice, calm post today when I came across Ralph Losey’s piece on the Heartbleed bug. It is a long piece and you can tell it was written by a lawyer. I have nothing against lawyers as two of my oldest and closest friends are lawyers. I’ve met and talked to Ralph before. He is a smart guy and general understands how technology can change the world. Ralph simply misses the point on Open Source.

Completely misses it.

This was a bug that was not caught before release, the same as happens in proprietary software. I know as I’ve released a few bugs in my day.

Continue reading

Have you Hired Snowden?

5 Comments

I have had a LOT of discussions with people over the past year about Edward Snowden, the NSA, and the impact on cloud adoption. My general response is that it would likely slow US adoption of the cloud by a few months and outside the US by a couple of years.

Well, it has be six months since this all started and I was starting to wonder about how this was panning out. Then Computerworld kindly published a piece stating that Chief Information Officers (CIOs) were sticking with the cloud despite the NSA.

While 20 CIOs are in no way a fair sample size, even if they are geographically dispersed, they did raise several excellent points.

Continue reading

What Constitutes a Cloud Product?

Yesterday, there was a pretty heated twitter debate between Ron Miller, Irina Guseva, Tony Byrne, and myself over what constitutes a Cloud Product. This was triggered by an article that Irina had published on the Real Story Group blog about what people should take away from the Adobe security breach (besides passwords).

I am not a big fan of how Irina portrayed cloud security as cloud systems are often more secure than many internal systems. Ron had more fundamental issues with the article.

Adobe calls this product Creative Cloud when it’s not a cloud product.

and

This had nothing to do with them being cloud. Adobe ID goes back years.

I tend to ignore most contradictions in a Twitter debate given the limits of the medium. I do want to counter both of Ron’s statements.

Continue reading

Security, Real or Imagined?

5 Comments

I’ve opined on the security of cloud solutions in the past, usually stating that the odds were good that established cloud vendors have better security than the average data center. Yesterday, I saw an shared an article about how researchers reversed engineered the Dropbox client. While this isn’t necessarily a critical issue for Dropbox, it does raise some interesting discussion points around security through obfuscation.

First, the Research

The researchers decompiled the Dropbox client which was compiled in a manner that decompiling was difficult. Once the researchers were able to do it, they hijacked the account. Given that a program would already possess full access to a person’s machine to accomplish this, there wouldn’t be new data to access through the client.

Continue reading

Launching the New Box, Progress Made One Step at a Time

8 Comments

imageSo a funny thing happened on my way to the West Coast this week, I was invited to a product launch at Box.net.  I’ve always been a fan of the concept of Content Management in the Cloud and the direction Box has taken in the Content Management space.

The established vendors are having to determine how to change both their business models and architecture before they more to the the cloud. Box is already there, they just need more features.

Continue reading