WatchDox blog

WatchDox Debuts SharePoint Connector at SharePoint 2011 conference

2011-10-03T09:00:00.000-07:00

We are unveiling the WatchDox SharePoint Connector today at the annual SharePoint conference in Anaheim. Feel free to stop by at our booth, #255, for a demo.

So what is there to see?
Over the last few years, WatchDox has been providing new ways of sharing documents securely with anyone and on any device. With our new WatchDox SharePoint Connector, enterprises can do so directly from SharePoint. We will be demonstrating how you can complement SharePoint’s strengths and extend it to allow document sharing with users outside the firewall and with users using mobile devices. All that, while also applying advanced protection, control and tracking to documents, preventing documents from being forwarded to unauthorized users and even destroying them remotely, if necessary.

Who is this for?
The WatchDox SharePoint Connector is for anyone who has sensitive information or intellectual property that needs to be shared: companies in manufacturing and semiconductor sharing blueprints or specs with partners or customers, financial institutions sharing various reports, government entities exchanging sensitive materials and many more.

Please visit our site for additional information about the WatchDox SharePoint Connector, or click here to view our latest announcement.

WikiLeaksLeaks – Anatomy Of A Leak Of A Leak

2011-09-02T21:31:00.001-07:00

We’ve all heard of WikiLeaks. WikiLeaks demonstrated the flaws in security policies and technologies at the places we all thought were most secure – the DoD and the government. But it seems not even WikiLeaks is immune to leaks. Apparently, the original, unredacted diplomatic cables document archive was made public, despite strong encryption and passwords placed around it by WikiLeaks. This interesting turn of events was revealed by Der Spiegel.

So it seems WikiLeaks fell in the same technological pitfall its victims had fallen into; Encryption is not sufficient to secure the exchange of documents. Once the data is decrypted, it cannot be controlled anymore, as we can see clearly here. Stronger, persistent, document-centric security is called for.

Data Leak Strikes Brazilian Government

2011-08-18T12:52:00.000-07:00

It seems leaks are not unique to the US government. Anonymous, the hacker group, recently exposed 5GB of Brazilian government documents by putting them on ThePirateBay, a file sharing web site.

Reports say the leak haven't gotten as much publicity as WikiLeaks since the content is not in English. But it seems many people have joined a new crowd-sourced effort to translate this massive amount of data into English. Updates can be found on this twitter page.

Despite WikiLeaks and numerous other incidents, it seems document security is still lax globally.

Virtual Data Rooms and the Insider Threat

2011-06-29T14:20:00.000-07:00

A recent piece in law.com asks the question: How can you guard your clients' information when the thief is one of your own? This is an important, and often overlooked point. While virtual data rooms provide a certain amount of protection from outsiders attempting to access sensitive information, most of these data rooms do little to prevent highly sensitive documents from leaking out as a result of insiders accidentally or maliciously copying or forwarding them to unauthorized users.

Take for example the recent incident where Kluger, a Wall Street trader, along with two accomplices, allegedly stole and traded material regarding M&A activity over a period of 17 years, obtained from leading firms such as Wilson Sonsini and others. They allegedly made over $32 million dollars from insider trading.

The takeaway is that while the insider threat is often bigger than the outsider threat, most technology is built around protecting from the latter. Virtual data rooms are a good example. If we really wish to secure document and information, rather than rely on ethical conduct alone, we must put in place new technology that ensures documents distribution is fully contained.

1 in 10 large UK businesses experienced a leak – or perhaps many more?

2011-04-19T16:28:00.000-07:00

According to a study by Dimension Data, 1 in 10 large UK businesses has experienced a data leak. The effects of the data loss incidents included reputation damage (91%), loss of competitive edge (27%), loss of suppliers/partners (18%), loss of customers (9%), and non-compliance fines (9%).

More importantly, over half of respondents think that their business may have suffered a leak that they are unaware of. And despite this fact, a third of the companies haven’t even assessed the business risks associated with data security!

It is obvious that the most important, non-replaceable resource is your data and documents. Hardware and software can be easily replaced. With a little awareness courtesy of WikiLeaks and other incidents, hopefully these stats will change and document security will finally get the attention it deserves.

Adobe Document Center Shuts Down

2011-04-05T10:55:00.000-07:00

Adobe Online Services recently alerted users that it is eliminating its document center this month. The company has warned users not to protect any additional documents via its site and to remove any security settings from existing documents before the shut-down date.

For former Adobe customers looking for an intuitive, Web-based method to secure documents, WatchDox is offering an alternative service that is easy-to-use and affordable.

The WatchDox Secure Document Sharing service lets you collaborate via sensitive documents easily and securely. Delivered as a software-as-a-service (SaaS) solution, WatchDox can be deployed and used within minutes and doesn’t require any software installation. As the document owner, WatchDox allows you to restrict recipients from copying, editing, printing or forwarding documents, and track all interactions with these documents.

WatchDox offers additional document protection, including watermarks, auto expiration, mobile device access, and secure editing and collaboration. For more information on WatchDox and the offer for Adobe Online Services customers, contact us here by clicking here.

Taxpayers Voice Document Security Fears About Online Filing

2011-04-05T10:44:00.000-07:00

During the last few weeks before April 15th, taxpayers face a range of worries related to filing requirements, expenses and the looming deadline. According to a recent poll, nearly half of those of us who pay taxes via desktop computers are also worried about electronic security.

A recent story on MyBankTracker.com quotes officials from Taxsoftware.com, an online tax preparation service, regarding its recent poll of taxpayers. The company found that 49 percent of those surveyed are concerned about online privacy issues related to filing taxes online. The percentage of those worried dropped for groups using newer technology. For example, nearly half of desktop computers said they were “somewhat or very concerned” about filing online, while only 31 percent of iPad users reported that level of apprehension.

That’s surprising, given the security holes in mobile communication devices, which are far less likely to have the protection of firewalls or anti-spyware software many of us have on our computers. Whether taxpayers are using a tablet, laptop or smartphone to file their returns, they need to be aware of how to prevent data leaks. When they embed security controls directly within their sensitive financial documents, they will gain peace of mind – at least until they hear back from Uncle Sam about their tax bills.

To learn how document security can make tax filing a more secure process, get WatchDox’s personal package, available free until tax day.

How to Prevent Data Leaks This Tax Season

2011-03-09T17:17:00.000-08:00

“Hooray, it’s tax season!” This is not something too many of us are likely to say this spring, as we compile mini-mountains of documents and set to work filling out forms for the IRS. But someone is excited about tax filing time, besides the accountants who count it as their busy season.

This season is a boon to identity thieves who are eager to take advantage of taxpayers sharing personal and sensitive data over insecure channels. To protect your data before, during and after filing with the IRS, follow some common-sense tips:

1. Avoid phishing scams. The IRS does not use e-mail to communicate with taxpayers. If a message shows up in your inbox purporting to be from the IRS, it is almost certainly a scam.

2. Protect your personally identifiable information (PII). If someone requests your Social Security or bank account numbers over the phone or via e-mail, decline to share that data.

3. Look for malware on your PC. Keep your anti-virus software updated, use a personal firewall, and act sensibly. Don’t open attachments unless they are necessary and come from trusted sources. Don’t surf unknown websites, and don’t download suspicious applications from the Internet.

4. Use e-mail with caution. E-mail is not a secure way to send sensitive documents. If you must use it, make sure your e-mail provider uses secure sockets layer (SSL). Look for the “https://” prefix in the address bar.

5. Protect your documents. You can encrypt your documents using Winzip or other tools, or use even stronger services that deliver protection, control and tracking of your documents even after they have been sent. Keep in mind that unprotected documents can leak even after they arrive at their destinations.

A Generational Threat To Document Security

2011-02-28T14:37:00.000-08:00

Generation X had apathy, Nirvana and flannel shirts. Generation Y had MySpace and a boomerang strategy to live with their parents forever. Today’ s young adults, dubbed "generation Gmail" in a recent study, have a strong frustration with corporate e-mail and a reckless attitude toward document security. At least, that seems to be the conclusion of the research released by Mimecast, an e-mail management company.

In dubbing young workers "generation Gmail", Mimecast notes that employees under 25 are social media savvy and quick to work around restrictive or poorly functioning corporate technology, including e-mail. Eighty-five percent of these young staffers use personal e-mail accounts to send and receive corporate data, according to the study, hence the moniker.

In covering the Mimecast findings, eWeek Europe quoted Mimecast Chief Scientist Nathaniel Borenstein as saying, "Employees increasingly mix and match technologies, using devices and platforms interchangeably to find workarounds that maximize their flexibility and productivity… Employers need to work out what they are going to do in the face of this cultural shift."

There are several things employers should do. They might consider augmenting corporate e-mail to deter employees from turning to private accounts to manage their workloads. More importantly, companies should dictate who can or cannot e-mail sensitive files to themselves or others. Whether generation Gmail intends harm or not, removing documents from the enterprise introduces an increased threat that data could leak to unauthorized parties. A document security solution lets these businesses protect data by embedding access parameters within each document. Such limits could eliminate the problem of forwarding sensitive e-mails and keep information locked down whether it resides on premise or in public e-mail servers.

WatchDox Plays Vital Role for Companies Demonstrating SAS-70, SSAE 16 and PCI Compliance

2011-02-15T11:27:00.000-08:00

Service providers and hosting companies providing services to highly regulated industries such as financial services and healthcare go to great lengths to prove they meet strict standards and regulations. This is required if their customers are to comply with Sarbanes-Oxley (SOX), The Health Insurance Portability, Accountability Act (HIPAA), Gramm-Leach-Bliley (GLBA) and other regulations. But to prove compliance means the service providers must share sensitive audit reports with their customers and partners.

WatchDox helps businesses distribute SAS-70 Type I, II, SSAE 16 and PCI-DSS audits to partners and customers while retaining the rights to regulate who can view, print, forward and copy the material. As these documents often contain sensitive operational data and detail the manner in which companies handle client information, controlling their distribution is crucial.

Our customers and partners tell us securing these reports is particularly important now, as several new regulations are emerging (SSAE 16) and others are evolving. Complying with those expectations need not require businesses to risk the leakage of sensitive and confidential material. By securing compliance reports wherever they go, enterprises share not only their audit data, but also model the way in which they protect all information, giving clients additional peace of mind about the companies with which they entrust their information.

Leak-Dependent Websites Fail To Learn From Others’ Document Security Mistakes

2011-02-03T13:50:00.000-08:00

Irony can be so cruel.

As the blog TG Daily reported last week, defectors from WikiLeaks are working on a complimentary website that will serve publishers of leaked documents. The top-secret nature of the OpenLeaks project was disrupted, though, by rival Cryptome, who recently published PDF images of the as-yet-unfinished website.

You can’t trust anyone these days.

One has to wonder how the founders of a website specializing in the dissemination of leaked information fail to understand the importance of document security. One also has to wonder whether the proliferation of leak-fed websites might be good news for purveyors of sensitive data. Maybe these sites, distracted by spying on one another, will eventually self-destruct.

Until then, they would do well to learn from the mistakes of their subjects. When sensitive information is left unattended or inadequately protected by archaic security measures such as passwords or e-mail encryption, it has a tendency to leak. Leaks get messy. Just ask the State Department.

For OpenLeaks -- which plans to launch its beta site in the second half of 2011, according to TG Daily – We encourage you to take a look at how WatchDox can protect your documents from prying

Ask Not Whether Your Employees Are Trustworthy, But Whether Your Document Security System Is

2011-01-20T14:51:00.000-08:00

Last week, ABC News reported new White House-developed guidelines for federal document security that focus, in large part, on the human element. Warning agencies
of the “insider threat” to document security were so obviously illustrated by massive
diplomatic and military leaks in recent months, the guidelines suggest supervisors
use polygraph tests, psychological screenings and other methods to gauge employee
happiness and trustworthiness.

It’s important to have reliable employees, of course. However, it is nearly impossible
to measure the fallibility of a human being or to predict what any individual might do in
certain circumstances. Moreover, many of the document leaks are not malicious, or occur by authorized third parties who are exposed to the documents.

Instead of attempting to probe employees’ psyches, federal agencies should ask some tough questions of their document protection technology. For example:

1. Since documents need to be shared among multiple parties, is my solution suitable for securely sharing and collaborating both internally and externally?

2. Does my solution truly protect my documents wherever they go, or does it offer only partial protection when in-transit?

3. Can my solution adjust to dynamic circumstances? Does what I have in place allow me to revoke documents or remotely wipe them if necessary?

4. Does the solution maintain a granular audit trail at all times?

5. Is the solution easy to use, or does it require costly IT resources to share or receive documents?

6. Can documents be accessed from multiple platforms (PCs and Macs)?

7. Does the solution allows access from mobile devices? Is this access secure?

8. Does the solution integrate into other systems I am using?

9. Does the solution support native viewing and editing of documents such as Excel sheets and Word documents, or do I need to make use of other applications and services?

10. Is the pricing model unlimited, or do I get charged per page or document?

The answers to the above questions will provide government agencies with quite a bit more actionable information than any polygraph test or psychological profile. When organizations embed protection within sensitive documents themselves – regardless of where they are or to whom they are delivered – they eliminate the impractical task of ferreting out potentially dishonest staffers.

WatchDox Announces $9.25M Series B Funding Led By Shasta Ventures

2011-01-18T15:12:00.000-08:00

As 2010 closed, thousands of organizations around the world were relying on WatchDox secure document sharing and virtual data room services. As 2011 begins, we’re announcing news that will bring our document control solution – and its accompanying peace of mind – to many more companies struggling to ensure sensitive data does not reach unintended eyes.

We just announced that Shasta Ventures has led a $9.25M Series B investment in WatchDox. WatchDox is the name of our flagship solution, and now, it is the name of our company, as well. We’re rebranding under the WatchDox moniker as we build up our global sales efforts to meet the rapidly increasing demand for document security that does the job it promises to do.

After a year in which document leaks plagued a wide range of organizations, from high-tech companies to the federal government, nearly every industry is realizing that focusing on protection at the company perimeter is futile. Legacy enterprise digital rights management products and data loss prevention solutions are clearly not effective in a mobile, cloud-based environment that depends upon internal and external sharing and collaboration.

With the funding we announced today, we’ll bring our document lifecycle protection technology to customers in the financial services, pharmaceutical, biotechnology, legal, energy, manufacturing, insurance and government markets. In these industries and in others, the demand for dynamic permissions is intense. Document owners want the means to restrict copying, printing and forwarding, as well as the means to wipe documents even after they have been downloaded.
That is what we do, and no one else matches our approach.

In announcing his company’s investment, Shasta Ventures Managing Director Ravi Mohan noted the momentum in the document security market and said he is excited about the opportunity to work in this space. We’re excited, too, and we’re looking forward to a big year for document lifecycle protection.

The Year In Review: The Most Infamous (and Unnecessary) Document Leaks of 2010

2011-01-05T12:04:00.000-08:00

If the world needed proof that public and private sector entities need to tighten their document controls, the past year was rife with cautionary examples. The low points of 2010 for organizations like Apple, Major League Baseball and the U.S. government are all the worse because they were preventable; impervious document security should be the story we see in 2011.

But before we look forward, let us learn from the past:

January 2010: The International Atomic Energy Agency (IAEA) inadvertently
publishes information regarding hundreds of civilian nuclear sites, including those that enrich uranium and other materials for use in nuclear weapons.

February 2010: The Shell oil and petrochemical company is hit by a massive data breach in which information about 176,000 employees and contractors is copied and forwarded to lobbyists and activists opposed to the company.

April 2010: A Dutch website posts confidential information about Microsoft
Windows Mobile Operating System 7.0. The documents describe the OS architecture, customization options and more.

May 2010: Engadget.com gets hold of Dell’s product specs on its as-yet-unveiled Streak tablet device.

June 2010: A Microsoft employee leaks strategy documents related to Windows 8. The details rapidly spread across the blogosphere.

July 2010: Apple gets burned by a U.K. retailer who leaks specifications about the next-generation iPod.

August 2010: Deadspin.com obtains and publishes the financial statements of Major
League Baseball teams, revealing controversial details of a revenue-parity program.

November 2010: Someone inside the U.S. Pentagon leaks 391,832 documented reports regarding operations in Iraq to Wikileaks.

December 2010: Wikileaks strikes again, this time with a quarter million cables from U.S. diplomats, revealing what The New York Times called “a raw look at U.S.
diplomacy.” U.S. banks shutter as Wikileaks hints that the financial market will be the subject of its next publication.

We were bombarded by nearly constant news of lax document security in 2010. What will your security resolutions be for 2011?

CIA Raises Critical Document Security Question For Other Government Agencies: WTF?

2010-12-30T16:18:00.000-08:00

Perhaps the CIA was suffering from a little bit of pre-holiday fatigue when it chose the name for its WikiLeaks investigative committee. Or perhaps the country’s top spies thought we could all use a laugh in the face of all those military and diplomatic leaks. Or, most likely according to the Washington Post, the Central Intelligence Agency was making a pointed remark about the way other government departments handle sensitive documents. In any case, the late-December unveiling of the CIA’s WikiLeaks Task Force -- the WTF -- caused a stir.

The Post notes that the CIA is studying the effect of recently published information about Iraq and Afghanistan and U.S. diplomatic efforts. The agency’s goal might be to assess the impact on its recruitment of informants. However, a secondary motive might be to draw a distinction between the CIA’s tightly held document policies versus those of other agencies.

Post reporter Greg Miller writes:
To some agency veterans, WikiLeaks has vindicated the CIA's long-standing aversion to sharing secrets with other government agencies… Even while moving to share more information over the past decade, the agency "has not capitulated to this business of making everything available to outsiders," said a former high-ranking CIA official who recently retired. "They don't even make everything available to insiders..."

While we don’t agree that all data needs to be in lock down to be secure, particularly when collaboration is so essential in most industries, the CIA raises an important point about security.

“WTF?” should just be the beginning of the questions we ask about the outrageous and unnecessary data dumps that landed at WikiLeaks. Here are some others we hope the CIA brings up during the course of its investigation:

• WTF? What are government agencies doing to control and protect documents it labels as “secret?”
• WTF? How are military and diplomatic leaders to collaborate safely without a mechanism to lock down documents and prevent recipients from forwarding, printing and copying them?
• WTF? When there are easy-to-deploy and easy-to-manage solutions for secure document sharing available, what excuse can there be for allowing hundreds of thousands of files to leave the Pentagon on a low-level staffer’s thumb drive?

Gartner Analyst Points To Security Flaws in Mobile Document Sharing; WatchDox Responds, “There’s An App For That”

2010-11-22T10:21:00.000-08:00

Earlier this month, Gartner Vice President and Distinguished Analyst Nick Jones wrote a blog that should be required reading for every executive who has ever conducted business on a mobile device. The piece, “When Will The Mobile Security Backlash Happen?” exposed a serious flaw in our love affair with mobility. Namely, that “enthusiasm is running ahead of reason,” as Jones writes, and the security parameters C-level decision makers have insisted on for standard operating systems have been absent from mobile ones.

Jones writes:
The explosion in the use of inadequately secured consumer devices some of which hold highly sensitive information is a ticking bomb that will eventually explode. At some point – probably quite soon – there will be a mobile data-loss event which cases a huge security panic. We could see company directors in court for inadequate attention to compliance regulations. Security is a fashion just as much as consumerisation so the pendulum will swing, and at some point there will be a backlash. People like your CEO who led the demands for more device choice and freedom will probably be the first to beat down your door to demand more audits and controls.
If you’re a CIO I suggest you get ready for the mobile security backlash now so that when it comes you’re prepared, and can be a hero.
There’s no reason any CIO should miss out on this opportunity for heroism. There have been serious gaps in mobile document security. That, however, has changed.

In July, we introduced WatchDox support for secure content collaboration via the Android 2.2 Froyo platform. This week, we rolled out WatchDox for the iPhone and iPad, delivering the first and only way to safeguard sensitive documents and intellectual property on these fastly-becoming ubiquitous devices. In the past, users who accessed sensitive documents, protected research reports, virtual data rooms and other business-critical materials with mobile devices opened their companies up to the serious threat of data leaks. Today, there’s an app for that.

WatchDox’s software-as-a-service solution enables businesses to easily set individualized protection parameters for user access via iOS, Android, BlackBerry Playbook and additional devices, all of which display documents inside secure viewers. We have now extended all WatchDox features to iPad and iPhone devices, including:
• Document tracking
• User authentication
• Copying, printing and forwarding controls
• User-specific watermarks
• Expiration dates
We share Gartner’s concern about the “ticking bomb” in mobile document sharing, and we’ll be continuing to roll out WatchDox support for other devices. Look for news in the coming year about BlackBerry, Windows Phone 7 and others.

Wikileaks’ Release Of Military Data Highlights Need For More Security and Control Over Documents

2010-11-09T09:29:00.000-08:00

Any corporation questioning the need for secure document sharing solutions need look no further than the latest dust-up at Wikileaks. The website, which focuses a critical eye on government by publishing leaked documents, notes that, “as a result of technical advances, particularly the Internet and cryptography, the risks of conveying important information can be lowered.” Technology lowers the risks for publishers of sensitive information, but the flipside of that is an increased risk for those who generate that information.

Wikileaks’ latest release featured the largest leak of classified military information in history, a total of 391,832 documented reports regarding operations in Iraq. How does that much information seep through the supposedly impermeable walls of the Pentagon? Perhaps in the same way that corporate intellectual property falls into the wrong hands.

Any organization dealing with sensitive material – whether that material details casualties of war, product specifications or customer lists – needs a level of document security that allows it to maintain control throughout the entire document lifecycle, even after material has been shared with partners or colleagues beyond the firewall of the organization. This means tracking the documents, retaining the right to revoke permissions and restricting forwarding or printing.
The latest Wikileaks publication points to a reality that faces more entities than just government agencies; with so many ways to use technology to exploit proprietary data, businesses need to harness solutions that can protect it. Particularly in industries reliant on collaboration – which is imperative in nearly every market – companies should seek out the means to securely control and protect their work from reaching unintended recipients.

WikiLeaks Afghanistan Documents – Hero or Traitor?

2010-07-27T11:17:00.000-07:00

Over the last few days the media is a-buzz with news of tens of thousands of US Army and Marine Corps secret documents chronicling the war in Afghanistan, that have been posted on WikiLeaks. Obviously, there is great controversy over the people who leaked these documents. Are they heroes or traitors? Is this conduct acceptable in a democratic society?

We can leave the moral debate to others. What is clear, though, is that surprisingly the army does not have sufficient control over its sensitive documents. According to NPR, over 750,000 people in the US have access to top secret documents (much more secret than the documents posted on WikiLeaks). And here's a scary thought: what if these documents are not secured any better than the documents in question?

What’s the exact issue here? We’re not talking about malicious hackers or Trojan horses. These documents were accessed by someone who had been authorized to access them (at least at that time), but then were downloaded and forwarded to an unauthorized party. The obvious conclusion is that the army is lacking the kind of rights management technology that would lock down such documents to prevent re-distribution by the authorized parties, and a technology to revoke access to documents after they have been downloaded. If these technologies were in place this incident would probably not have happened in the first place.

Apple iPod leak follows the Microsoft leak

2010-07-08T16:31:00.000-07:00

Shortly after the Microsoft Windows 8 leak, Apple follows suit with a leak of its upcoming iPod device. Front-facing camera, FaceTime and other key upcoming features have all been revealed as a UK retailer presentation leaked out. More details can be found here.

This type of leak incident is pretty rare for the highly secretive Apple. Short of the famous iPhone 4 prototype which got lost at a bar recently, Apple has been pretty successful at keeping new products under wraps until launch date. As in many similar situations, the fault lies at a third party who was authorized to access this information, however the information was not controlled in any way as it was shared, and ended up in the wrong hands.

Windows 8 Strategy Leaked

2010-06-29T13:47:00.001-07:00

It seems Microsoft is the latest victim to data leakage, following a very intense year in which highly sensitive documents were leaked from the TSA, Twitter, the climatic research unit and others. At the moment, it looks like an employee is responsible for this leak, which was apparently accidental. Derek Goode, a Microsoft employee, was in possession of slides on Windows 8, and somehow posted them online in a public place. An Italian blog got their hands on the slides and now it's all over the web. What's in this slideshow? Many details about the upcoming operating system, Windows 8 (for example, did you know it will have "fast boot" and facial recognition to replace passwords?), as well as information on the new Windows App store.

This is indeed a serious incident, and further proof for the need to lock down documents. Ironically, Microsoft is a developer of RMS (Rights Management Services), a well-known Digital Rights Management (DRM) platform. It seems Microsoft itself is not using RMS internally as much as they should. So why isn't rights management used pervasively even within Microsoft, a major vendor of such solutions? This could very well be because existing DRM/IRM solutions are just too cumbersome and complex to deploy, manage and maintain. The need is clear, but solution will have to be far more seamless if companies are to use it as widely... as they should.

Hackers are targeting systems storing companies' intellectual property

2010-03-05T17:04:00.000-08:00

According to the New York Times, McAfee has issued a warning about hackers specifically targeting companies' intellectual property being held in various source control and content management systems. We are definitely seeing a shift in the past few years from "amateur" hackers to professionals targeting more serious and lucrative targets, and often getting away with identity theft and intellectual property. It is also clear that data is increasingly targeted, rather than the the simple vandalism and prank attacks we used to know.

See full article at http://bits.blogs.nytimes.com/2010/03/05/flawed-security-exposes-vital-software-to-hackers.

Google Buzz security flaws?

2010-02-17T15:57:00.000-08:00

Are you storing sensitive information on Google? Google Buzz apparently introduces exploits that can jeopardize this information and make it available to the wrong people. (See article).

Use the cloud, but if you are storing sensitive materials choose the right cloud service with the appropriate levels of document security in place.

Cloud computing getting traction in government

2010-02-17T13:54:00.000-08:00

Despite all the hype, SaaS or cloud-computing services are still hard for some enterprises (and the government) to swallow. Security and compliance are often cited as a key concern. But it looks like cloud storage is finally being perceived as secure enough. See this recent article: http://thehill.com/blogs/hillicon-valley/technology/79027-labor-department-moves-to-the-cloud.
Quote: "GCE says its "cloud"--the giant servers storing all of the department's financial data on the Internet--is completely secure."
Adopting the cloud won't happen in a day, but it does seem we will ultimately get there.

Apple iPad DRM - good or bad?

2010-02-09T17:14:00.000-08:00

Protests seem to be already on their way, with people criticizing the iPad DRM (Digital Rights Management) approach. see article here. While we don't want to get into the argument about DRM for music, movies and books, at WatchDox we do believe controlling documents is an important business requirement.
Organizations will undoubtedly grow to use the iPad (and iPhone) more and more. They will be sending out price quotes, product specs, financials and other sensitive documents. It is important to be able to apply control in these cases so documents are not easily leaked out - whether intentionally or unintentionally. The iPad could serve as a great platform for secure distribution of business documents and we're looking forward to supporting it in the future.

IDC analyst names Confidela as top acquisition target

2010-02-03T14:38:00.000-08:00

Dan Yachin, an IDC analyst, lists the top coacquisition candidates for 2010 (see link below):
Who will exit in 2010?

A Conversation That Every CIO Must Have With Chief Counsel

2010-02-01T16:18:00.001-08:00

Came across this excellent article by Frank Kenney, research director at Gartner. Frank Kenney is saying how important it is to control and govern information flow.

Here's a short excerpt:

"Every CIO must ask Chief Counsel and all of the workers reporting to Legal (including internal and external attorneys, paralegals and administrative executives) how the information that flows in and out their department is governed and controlled. Here is a short survey that CIO should send to their legal department:

1.How are you exchanging information (legal or otherwise (remember that e-mails asking about your last vacation counts too)) with internal, corporate and external parties?
2.How are you maintaining chain of custody processes and procedures?
3.How are you showing compliance to judicial, regional and national, industry and internal regulations around the handling and privacy of corporate information?
4.What can you show a judge when asked, “Who has access to information?”
5.What are your current FedEx, UPS, DHL and courier/messenger policies around privacy and what are the costs of using such services?
6.Are you using e-mail to exchange information and if so what processes are in place for governance?"

You can find the full article here.

Data breach costs are on the rise

2010-01-26T16:29:00.001-08:00

According to a new study by the Ponemon Institute, data breach costs have risen to a record $6.65 billion in 2009. These include stolen or lost laptops, accounts errors and malicious attacks. The study goes on to single out leaks from third parties such as partners and contractors. Indeed, sharing of sensitive information with external parties is a tough challenge. It's challenging for two reasons; First, the technical challenge of sending a document out and still maintaining control over it at all time, and second, implementing it in a way that is easy to use and does not interfere with the usual course of business.

More details about the Ponemon study available here.

Another document security incident - nuclear data leaked

2010-01-11T09:06:00.000-08:00

Sensitive information regarding hundreds of civilian nuclear sites has been published, inadvertently. The information included locations for sites that store enriched uranium and other materials for use in nuclear weapons, and was meant to be seen by the International Atomic Energy Agency (IAEA) only, but it appeared for about a day on the GPO Web site. While this mix-up that is under investigation, putting in place document control measures would have made the situation reversible.

The TSA document security breach on The Daily Show

2009-12-16T12:41:00.000-08:00

The Daily Show With Jon Stewart

Mon - Thurs 11p / 10c

Theory v. Practice - TSA Leak

www.thedailyshow.com

Daily Show
Full Episodes

Political Humor

Health Care Crisis

TSA security breach

2009-12-09T12:58:00.000-08:00

CNN just released an article about a serious security breach where a Transportation Security Administration’s (TSA) travel screening manual has been posted online by a known third party contractor. The confidential and important manual details how screeners work, how screening is conducted, what the limits are for the X-ray machines and more.

According to CNN, Homeland Security Secretary Janet Napolitano stated that the agency has instituted an internal review of the incident "to see what else needs to be done so that the incident never recurs." Additionally, the TSA asked the inspector general to conduct an independent review "to supplement and complement what we are doing."

As a ranking member of the Senate Homeland Security Committee called the release of the information "shocking and reckless,” this illustrates again how important it is for organizations to lock down their sensitive documents, especially when it is shared with many individuals. Had the TSA put in place more controls over their documents, they would have been able to prevent the posting of this sensitive document, or at least track the source of the leak and undo the damage quickly.