Category: Security

Redact-It Brings Secure Black Outs to Electronically Stored Documents

Before storing documents electronically gained acceptance in the enterprise, retrieving documents meant parsing file cabinets and retrieving paper forms. And when it came time to share that information with the public without revealing classified information, it usually meant copying the original document and then pulling out a black marker that was used to cross out sensitive information on the copy, followed by more copying until the underlying text could no longer be seen. So while in the last decade most companies have scrapped file cabinets in favor of document images, more companies keep the black marker handy than they would probably like to admit.

Read More

Riverbed Dedupes Data Domain; Managing Encrypted Data Archives for 100 Years: Final Insights from Fall SNW 2008

One of the more interesting conversations I had was with John Martin, VP of Product Management with Riverbed Technology. For those of you unfamiliar with Riverbed, its Steelhead® appliances provides WAN acceleration to improve application performance across corporate WANs. As part of the underlying secret sauce in these appliances, Riverbed uses compression and deduplication technologies (among others) to accelerate application performance. That information is fairly well known. What is not so well known is that it has seen instances where it has improved the data reduction rates by 30 – 70% of data that was already deduplicated, and it has specifically seen these results when testing with Data Domain’s appliances.

Read More

Think AES is Unbreakable? RSA Security’s Shamir Debunks that Notion

The 2008 Crypto Conference provided a lot to talk about this year. If you didn’t know a Crypto Conference existed, you aren’t alone, but it is where the best and brightest mathematicians gather to discuss cryptographic and cryptoanalytic research. However at this conference Adi Shamir (the “S” in RSA Security that stands for Rivest, Shamir and Adleman and that is now owned by EMC) gave a presentation for a new attack on encryption systems called the “cube attack”. The ramifications of this attack sent a collective shockwave across the data security sector. Since encryption is revered as our best alternative and last safe harbor from data exposure, any weakness shown by encryption algorithms can have a dramatic ripple effect in data security.

Read More

Gartner Analyst Sees VMware Security as Immature; Wachovia Decouples Processing and I/O; Flashbacks to the Fall IBTA

As I write this blog entry, I am currently on a flight to New York City to attend the last day of the fall 2008 Storage Decisions conference. While I intend to post a blog entry about my experiences at SD this Friday, the flight is giving me some time to go back to last week and share some additional thoughts and insights I gained while attending the InfiniBand Trade Association (IBTA) Tech Forum in Las Vegas on Monday, Sept 15. While infiniband was obviously covered as part of this forum, it was done so in the larger context of what virtualizing the corporate infrastructure means and how that will contribute to how companies construct and manage their data centers in the future.

Read More

FTC Issues Red Flag Rules Reminder; Ensuring IT is Ready as Unlimited Liability Looms on the Horizon

The Federal Trade Commission (FTC) recently issued a reminder to financial companies of the upcoming November 1st 2008 deadline to be in compliance with the identity theft prevention program, and the pursuant FTC “Red Flag Rules.” If this is news to you, then you probably aren’t alone; but you should make yourself aware as your company might be subject to this regulation.

Read More

A License to Repair; Texas law has far reaching impact.

The State of Texas recently passed H.B. No. 2833 stating you must hold a license as a security services contractor if you “engage in business activity in which a license is required.” The law then outlines that a company acts as an “Investigations Company” under Section 1702.104, (4) (b) “…includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.” Investigation is a key word in the statute and appears to be broadly defined and it has lead to confusion and controversy.

Read More

Click Here to Signup for the DCIG Newsletter!

Categories

DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.