Category: News

The report quite rightly concluded that it is not a lack of available technology that is responsible for those respondents not having a disaster recovery plan in place, but that in fact the IT industry hasn’t informed the market on the solutions available. The good news is that this lack of knowledge on the part of end-users presents a big opportunity to resellers to educate the luggards and reap the rewards.

With compliance and Sarbanes Oxley firmly lodged in the conciousness of IT Managers throughout the UK and Meta Group reporting that estimated demand for storage products has risen steadily during the past 12 to 18 months, the market is obviously growing.

There needs to be a simple solution offered by vendors to their channel partners that saves them money by minimising the time needed for configuration and pricing, while ensuring complete accuracy in their proposals for customers.

Two of the main reasons for companies deciding not to implement SANs were the cost of the hardware and the cost of implementation. The main reason, however, was the lack of a perceived business benefit for installing a SAN, an indication that despite the growth in demand for storage, the opportunity-cost is not being entirely explained, or entirely understood.

http://www.ebcvg.com/articles.php?id=909

To answer those questions, Belva charted stock prices before and after data losses at the likes of Polo Ralph Lauren, UPS, Choicepoint, Bank of America, and Citigroup; took into account other news during those time spans that likely affected the price; and also looked at the long range trends in each company’s stock.

“[Stock prices are] the only publicly visible measure of confidence in a corporate institution,” said Belva. Most security problems don’t effect the company’s stock price. Although prices may dip temporarily on bad news of a data breach, the price rebounds quickly. If Citigroup and UPS lost 3.9 million customer records every week and Bank of America’s employees were found to consistently sell customer information illegally, we would most likely change our minds about where we do business,” said Belva in his paper.

In the Citigroup/UPS incident, in which the latter lost a shipment of tapes containing nearly 4 million current and former accounts, Belva found that Citigroup’s stock price fell a puny .02 percent the day the financial firm put out a press release on the lost tapes, but that the stock actually rose 0.27 percent when the story made the media four days later.

UPS’ stock, meanwhile, climbed 0.22 percent the day after the story made the rounds.

Only when a data loss impacts the core business of a company — such as when Choicepoint admitted to selling data to fraudsters, or when third-party credit card processor CardSystems was hacked, resulting in the exposure of nearly 40 million cards — does the stock, and thus the company, take a hammering, Belva said. In Choicepoint’s case, its stock price fell 3.1 percent on the day the breach was reported, and then continued to fall.

“Based on the known cases, there is a good chance that the stock will decline in the short term and rebound soon after. In effect, it may be possible to make money off the publicly reported breach.

http://www.techweb.com/wire/security/171200329

The data-security problem reached a new level in June when it was disclosed that a security breach at payment processor CardSystems Solutions Inc. had led to the exposure of 40 million card accounts.

Citigroup has said it would encrypt all tapes bound for transit, while Bank of America improved its tape-tracking procedures and launched a system intended to thwart phishing.

“A day doesn’t go by where information security isn’t front and center,” says Katherine Busser, CIO of the U.S. card division at Capital One Financial Corp.

Banks, insurance companies, and investment firms will spend $362 billion worldwide this year on IT, according to research firm TowerGroup. Other IT priorities in financial services are profitability management and improving revenue streams using technology, according to research firm Financial Insights.

http://www.informationweek.com/showArticle.jhtml;jsessionid=JXRN20RYC05RQQSNDBECKH0CJUMEKJVN?articleID=170703276

Spam filtering is the major focus of any messaging security strategy.

While small companies on average spend 29.5 hours per week per 1,000 users to manage E-mail security, 9.1 hours per week per 1,000 users are spent combating unsolicited messages. Larger companies on average spend 15.2 hours per week per 1,000 users on messaging security, with 4.1 hours per week devoted to anti-spam management, according to Osterman Research. Yet, effective administration of messaging systems requires more than anti-spam management.

The research firm’s Messaging Security Market Trends 2005-2008 study finds that businesses face a myriad of messaging problems.
– Of the 115 companies surveyed, two-thirds struggle to provide adequate storage for E-messages.
– An equal number have inadequate E-mail archiving.
– Two in five say large E-mail attachments are taxing their messaging capability.
– Most alarming, nearly all surveyed companies have had their networks successfully penetrated by a virus, worm, or other form of malware through E-mail.
– Half the sites report employees sending or receiving inappropriate content electronically, while 40% have had staff view inappropriate content. E-mail bandwidth has been clogged at a third of sites because of employees oversubscribing to E-newsletters or mailing lists.
– Nearly half of all companies say employees have E-mailed or instant messaged confidential data, while nearly 20% have been infiltrated by a virus or related threat via IM.

Antivirus and anti-spam initiatives are the basis of any messaging security strategy. But content filtering for outbound E-mail and methods to monitor IM are lacking. Of the 115 companies Osterman Research surveyed, 43% don’t monitor the content of E-mails sent by employees, and three in five don’t monitor IM.

http://www.informationweek.com/showArticle.jhtml;jsessionid=KK01LHWEU4STQQSNDBCSKH0CJUMEKJVN?articleID=170702044

Therefore, monitoring and storing this mountain of content can easily seem like an overwhelming project to begin and maintain for corporations and banks alike. While it is has long been accepted that an employee’s corporate e-mail account is not protected under personal property laws, I do not believe that employees ever thought that their everyday banter would ever be neatly filed pending the possibility of future reference. Sarbanes Oxley (SOX) regulations may cause security auditors and data management professionals to move even the ever popular one-line emails to the filing cabinet.

This is because although emails are informal in nature, electronic documents are as legally binding as hard copy communications. Already, the Securities and Exchange Commission (SEC) requires all private brokerage houses and banks to save hard copy, email, and instant messenger communications in regard to any stock trade or investment which occurred within the past 3 years. This SEC retention of records statute (section 17a-4) has been continuously adjusted, added too, and enforced since 1939. These regulations were originally established to help assure that brokers did not raise their commission rates or become involved in investment fraud.

This need was stemmed by notable court cases such as Morgan Stanley V. Ronald Perelman (Revlon), a case which has already pushed Morgan Stanley ahead of the curve in saving all of their communications, and cost them somewhere in the ballpark of 1.45 billion dollars. Morgan Stanley is now leading the way in these practices in hope of avoiding further litigation and fines for not having proper email retention policies in place. Many entities are looking for the most cost effective services possible when beginning this process and this search has pointed towards hierarchical storage management services.

http://bankinfosecurity.com/node/2570

“Traditional firewall technologies can complicate several aspects of VoIP, most notably dynamic port trafficking and Network Address Translation (NAT) transversal,” says Victoria Fodale, In-Stat analyst.

“Security product vendors are adding functions that address voice applications in their products, but, as history has shown, security typically lags behind advances in technology.”

http://www.ebcvg.com/articles.php?id=876