Protecting Customer Data

Lately, there have been many studies and reports regarding the lack of security in outsourced development and testing sites. Very recently the Ponemon Institute released a report entitled “Data Security in Development & Testing,” which is available at Haymarket Media Group. From these reports, it seems like companies are becoming more and more afraid to risk utilizing actual customer data when outsourcing their work. Companies that fear exposing customer data to contractors and other outsourced workers are losing out on the benefits of working with actual data.

It is unfortunate to keep reading these accounts, especially when Fortressware has been helping companies in this situation for years. Because of Fortressware, many companies have been able to start testing their work at remote locations using real customer data without the fear of losing that information to theft or incompetence. With the monitor and logging feature, they also can continue to stay compliant.

Using Fortressware, all sensitive material will be encrypted when it is created, stored, or transferred to anywhere inside or outside of the organization. Only authorized people can decrypt the information. When it is decrypted for use, Fortressware ensures the decrypted data and all material created from it will not be copied, uploaded, printed, or in any propagated outside of Fortressware’s controlled space. The greatest part is that employees can work on their data using the same tools they always have, all without impeding productivity.

Fortressware provides a productive solution to securely lock down any outsourced site and ensure complete compliance with the company’s security policy wherever the sites are. Take a look at the demo videos on the website where you can see Fortressware at work.

Companies cannot afford to remain unprotected

We still find it surprising that so many preventable data leaks are making headlines when there are simple solutions, like Personal Fortress, available for free. Very recently, there was a story reported about an ex-employee at Goldman Sachs Group, Inc. who allegedly stole software algorithms that let the firm do “sophisticated, high-speed and high-volume trades on various stock and commodities markets.” The bank has raised the possibility that someone using this program could use it to manipulate markets in unfair ways.

When Workgroup Fortress was first created, its main target was to prevent source code files being accidentally or maliciously stolen, just like in this case. Many companies we talked to have the mindset that their source code is not really worth that much. They figure that if the consultant wrote the code in the first place, they would remember it and be able to reproduce it in the future. The fact is, re-writing long code based on memory is neither efficient nor effective as the source files have been debugged and typically have multiple contributors. What data thieves really need are complete source code documents; not just a few lines.

As Goldman Sachs does not sell software as their focus, the real cost of this theft is greater than one might think. These algorithms allowed Goldman Sachs to remain competitive in a weak market. Now that others have potential access to their software, Goldman Sachs stands to lose millions of dollars each year all because of a rogue employee’s actions.

The real tragedy in this story lies in how easy it is to prevent data theft. With Fortressware, employees can access, utilize, and edit any information or code deemed confidential; however, they are actively prevented from copying, uploading, and unintentionally or maliciously stealing corporate data assets. In the case of Goldman Sachs, all of their confidential code would have remained protected and this headache avoided.

With the market as risky as it’s become, companies cannot afford to remain unprotected. Companies should not just count on hoping that it doesn’t happen to them. Download some of these solutions and see how easy it is for you to make sure the only headlines you’re in are good ones.

Recycle Flash Drives into Secure Drives

If you’re like me, you may possess, or know someone who possesses, lots of floppy disks, leftovers from another era. I don’t always know what’s on them, and certainly what is on them is not protected against prying eyes.

Now we see the same proliferation with USB flash drives. Who doesn’t have more than a few in a desk drawer? Some picked up as a nice giveway from a vendor, and others bought as needed. They’re great for moving files between machines, doing backups, or simply sharing information with friends and coworkers. But they’re so small that it’s easy to lose or misplace one. And, of course, the technology keeps getting better, with drives getting bigger and bigger, costing less and less. So we get the latest ones, and leave the old ones laying around.

There really is no reason to sweat it. Fortressware allows you to turn any USB flash drive into secure storage. Store data on the drive for any period of time, and transport the drive without fear that the data can fall into the wrong hands. And get a bonus. Even if you share the content with people you know, they won’t be able to share it with anyone else without your consent.

So recycle those drives in your drawer, retrofitting them with data protection and data leaking prevention capabilities at no charge, courtesy of Fortressware. Try it.

Go Green and Secure – Don’t Print

Isn’t it ironic? For hundreds of years the only practical way to make information available was to print it. And now so much of our information is in digital form from its inception, “in the cloud” as they say. Yet what do many people do when they get access to it? Yup, they turn it into paper again! Personal printers and email are everywhere. Just click “Print” to contribute to the 115 billion sheets of paper used annually by personal computers.

The obsession with creating hardcopies is an issue of waste. Do we really need to print that much paper? It’s also an issue of control and security. So much personal information available, so fast and so easy to put it on a piece of paper – oftentimes without the OK of the owner.

That’s where Fortressware comes in – giving the owner the means to maintain control over the content, allowing or disallowing the recipient’s right to print the information on paper. Most of the time, people disallow printing because there really is no necessity to do otherwise; content can be viewed electronically anyway – it’s
the right thing to do for so many reasons!

So go green and be secure with Fortressware! Try it!

Preventing Database Leaks

Even in the heart of Silicon Valley it seems no firm – however technology saavy – is immune from a serious data leak. On this occasion it was Meteora Technologies Group, a Web services provider utilized by Kleiner Perkins Caufield & Byers (KPCB). Here’s what Techcrunch reported:

Firms applying to KPCB’s investment fund for developing iPhone applications completed an online form. The form included questions that required the disclosure of intellectual property and financial information. Unfortunately, the aggregated data of close to 600 firms that had applied was dumped into a SQL file which Meteora inadvertently made available on the Web. The file’s contents were indexed quickly by Google.

This event illustrates once again the failings of a piecemeal approach to data security. Let’s focus on two.

1) Keeping data secure at 3rd party sites – One hopes that KPCB negotiated a service level agreement (SLA) with Meteora that included terms relating to security; something setting expectations for the collection, storage, and transfer of confidential information. Regardless, paper agreements are notoriously deficient in enforcement mechanisms. So if there were no teeth, Meteora was on its own to define how and when it would protect KPCB’s data.

2) Defining protection incrementally rather than comprehensively – Meteora may have had some great policies for securing data, e.g., proper authorization and authentication of everyone coming into contact with it, always encrypting laptops used offsite. But what about when data was stored to a server, a USB drive, or emailed, to name a few more potential points of failure? Each is addressable individually, but not without adding cost and complexity.

A much better approach is to always focus on the common denominator – the data, and keep it under continuous protection, no matter where it goes. And that’s where Fortressware comes into play. It’s a sufficiently “light” application to be quickly deployable across multiple sites. Had Meteora been using it, the MySQL database would have been accessible only within Fortressware’s secure virtual environment. The application would have run as usual with no modifications. But its contents, including .sql file dumps, would have been blocked from leaking all of the time – stored at Meteora, transferred to KPCB, and accessed at KPCB. With a Fortressware solution, the burden would have been lifted from the unfortunate employee who published the file. The solution would have prevented any file from being placed in an open directory on the Internet, accessible to Web users or search engines. And the same constraint would have applied to email, USB drives, CDs, or any other means for data to escape, thereby eliminating the embarrassment and damage to both companies.

Getting our private stuff back on the Internet

We live in an era where people enjoy expressing themselves, sharing their lives with other human beings around the world. Thanks to the Internet, there are more and more technologies and tools that allow them to do so easily.

 

Before the Internet, we hung out with people in the neighborhood whom we liked and with whom we shared things. Today, we do the same with friends in our e-neighborhood, the people from our social networks. Before, when you no longer felt like being with someone, you asked for your stuff back, like the photos and letters you shared. What should be the equivalent now with the Internet? How can you go to their house and ask for things back when they’re no longer part of your inner circle of friends? More seriously, many reports indicate that when companies hire, they no longer need private investigators or background checks to dig up information about you; they simply use Google Search.  And chances are that they’ll find out even more than you posted, however “privately.” The document you share with one contact or inner circle can quickly be shared with the world. Then to ask for something back becomes impossible. You’ll have no idea who all has your stuff.

 

We need a tool that can keep a piece of digitized information, be it a letter, a story, a diary, or a photo, under our control no matter whom we send it to – or didn’t send it to. That tool is our electronic leash for the information we deem private. If we want to share it among an inner circle, we’re assured that it stays inside that circle.  Moreover, we can jerk the leash and make sure our information is revoked whenever we want our stuff back. The Fortressware solution gives you this control. Try it, and let us know what you think! It’s available at no cost, and when you provide us with your feedback you can win a $25 Amazon gift certificate.

 

 

 

It’s the Law – Protecting Personal Information

Effective October 1, 2008, Nevada business owners must encrypt the personal information of their customers before they transmit it electronically outside their business.

It is great news for their customers, but only the first step towards protecting them – because protecting data when it’s on the move is only one part of the much larger data loss problem. What if the recipient of the data, such as a part-time accountant, chooses to share it with someone else, for example an out-of-state market research firm? How secure is the data on his computer, for instance from a family member or temporary employee? Or what if the accountant inadvertently attaches a decrypted file with sensitive data to an email? Ensuring that you maintain control over your data in these and similar risky situations can really contribute to your peace of mind. 

Only in this way, can we be sure that all of our efforts not to lose the data in our possession don’t get undone when it comes into someone else’s possession. So if we send out confidential information, such as a quarterly report, a layoff plan, or just our own private thoughts, we can be sure that information will not go astray. And all of this should be under the full control of the owner of the data to set up and manage transparently – without need for IT support. This is what the Fortressware team has been working to provide: a simple yet powerful solution to provide you with the means to protect whatever you need, whenever you need to, keeping it secure wherever it goes. If you do business in Nevada, you can satisfy the law AND gain a competitive advantage by giving our Personal Fortress a try.

We want to use only one tool to prevent files from leaking in any environment, personal or enterprise

Every report says the top three ways of losing data are: loss of a laptop, email to the wrong address, and lost of a USB drive. There are many solutions available for each of them, but that means three solutions for three of the top ways to lose data. We should do better than that!

 

Since the data we want to protect is the same item regardless of whether it is stored on the disk in your laptop, the USB drive in your briefcase, or the attachment to your email, it is too silly to have three different ways. Not only should any solution work across the board, it ought to be as transparent as creating or copying the data in the first place. In other words, when you store the data to the USB or disk, and when you attach the data to the email, the protection should just happen along the way, right until you are asked to enter the password for accessing the protected data.

 

And if the file is to be shared with others, the tool should allow the recipient to read the file as if your controls were not there after they properly identify themselves. This is what we call a simple to use yet powerful solution. Only with such a solution, the incidents like a global media company’s detailed PowerPoint presentation about potential layoffs would never happen.

A tool to let each of us control the files we send others

You wake up in the middle of night, worrying about the email containing the last review draft of your pending acquisition – which you sent hurriedly this afternoon as you ran late for a meeting.  Did you send it to Bob your PR consultant or Bob the journalist who has been asking for an interview? Oh, please, no . . . what if… you have to get up and take a look in your email sent box!

 

Sound familiar? Just in the past week I’ve received three emails that I shouldn’t have: one with some company’s bug report, one with a spreadsheet of business contacts, and one with an HR report.  With email’s auto-filling of addresses, how many of us have not made such a mistake?  Some mistakes may have an associated revenue value or provide the basis for an employee law suit, while others may just cause sheer embarrassment. What is true across the board is that each case is very individualized, not subject to a blanket security solution, such as is provided by an anti-virus product. The security required to protect data in these scenarios varies according to the person and the timing. What is private and extremely valuable data for one person may be of no significance to another. What was critically important and confidential yesterday may be public today.

 

So, we have a choice. Either we just take the risk and end up worrying about it, having to keep our fingers crossed, and sometimes seeing our worst fears realized. Or, we look for a tool that’s flexible enough to head off incidents such as these, one that’s capable of reacting to spontaneous decisions, working in line with current processes, and being effortless to use.

 

Why haven’t we seen this type of tool? The impact of a personal leak used to be localized and easily controlled compared to the impact of a machine in corporate network getting a virus. With blogging, peer-to-peer social networks, and other Internet technologies, one leak can get totally out of control and easily spread information into the ether, with no one sure who has seen or possesses what was supposed to be confidential.  It is time for individuals to have an extremely easy to use tool to put a stop to careless mistakes that result in the loss of data. That is the goal of Personal Fortress.