headtop

Compliance

The Next Generation of Backup will include incremental backups and CDP for VMware - June 13, 2008

Orlando Florida -- Symantec Corp. boosted its support for VMware's products in two new incremental releases for NetBackup at Symantec Vision.

The updates to NetBackup come as part of two new "double-dot" releases, NetBackup 6.5.2, which is available immediately and NetBackup 6.5.3, which is expected later this summer. "We have a new release model for NetBackup," said Matt Kixmoeller, vice president of product management for Symantec. "We're looking to get innovations to market faster, rather than just having an enormous big-bang release every few years."

Support for incremental and parallel snapshots of VMware hosts through NetBackup's VMware Consolidated Backup (VCB) integration are the main new features of the NetBackup 6.5.2 release, which also includes CDP and complete integration with PureDisk's data deduplication.

"On the large scale, the XenServer platform has some fundamental advantages," said Rob Soderberry, senior vice president for Symantec's storage and availability management group. "Our strategy is to create the best possible exploitation of the XenServer and VMware stack, and let customers and clients decide what they want to pursue."

Symantec is adding granular recovery technology into NetBackup. The feature was first incorporated into its product line with Backup Exec 11d, which allows unique object recovery from a single backup instead of through a secondary redundant backup that forced customers to use twice the space and time for backups if they wanted granular restores. Version 6.5.2 will make the feature available for Windows hosts, VMware hosts, and SharePoint Portal. Exchange integration will follow in NetBackup 6.5.3.

"Most snapshots, including Microsoft's VSS, don't allow you to get a file directly out without restoring the full snapshot," said analyst Lauren Whitehouse, Enterprise Strategy Group. "That feature puts Symantec a step above even Microsoft and other VCB integrations at this point."

NetBackup customer Eddy Navarro, a storage computer systems manager for J. Craig Venter Institute, said he's been waiting for the ability to schedule multiple concurrent snapshots of VMware hosts. "[In previous versions], NetBackup purposely set a cap on concurrent snapshots, meaning you could only schedule one at a time," Navarro said. This was done to avoid overwhelming environments that couldn't handle the load of parallel snapshots. "But, we have the infrastructure that can handle it," Navarro added.

Navarro said he's also looking forward to support for NDMP backups to disk in the new version. He wants that for his NetApp filers. While there might be ways to make the NAS backup standard dump directly to disk, Navarro wasn't familiar with them and wants all backups done through one portal. "I don't want to have to go back when I want to do a restore and say, now which way did I back this up?" he said.

New CDP, data deduplication integration

NetBackup 6.5.2 will also include the first integration with Symantec's CDP software acquired from Revivio in late 2006 and renamed RealTime 6.5.

NetBackup will be able to request snapshots from RealTime, but it will otherwise use a separate repository and interface until NetBackup 7.0 is released next year. While a new "NetBackup-like" interface on RealTime lays the groundwork for an integrated GUI, the repository will probably remain separate because Symantec expects users to deploy the "copy every write" software sparingly, according to Kixmoeller.

"The first generation of CDP struggled because there wasn't enough deep integration with applications," he said. With this re-release of Revivio's IP, NetBackup agents running on application servers will create pointers to quiesced snapshot copies in the CDP stream. The catalog of files and recovery screens will also be done in NetBackup.

Symantec has yet to integrate CDP with replication, another item on its roadmap since last year. "Symantec supports several replication products," said senior analyst Eric Burgener, Taneja Group. "Depending on how replication is linked into the CDP process, it can make it difficult to unlink it and use it with something else."

NetBackup 6.5.2 also completes an integration process between NetBackup and Symantec's PureDisk data deduplication software that has been ongoing since NetBackup 6.1. PureDisk agents can now perform data deduplication at the client, backup media server or target. Symantec is also supporting a stack of PureDisk, Veritas Cluster Server and Storage Foundation to create a grid architecture for post-process data deduplication on the target side.

While this stack of licenses could get confusing, the number of options Symantec is offering is more important, Whitehouse said. "It allows you to coordinate your backup strategy to your workload." "And, setting up various agents is a process you only do once."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-data-deduplication.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

CEO fired after major data lost! - June 7, 2008

The practice of sending across the country unencrypted, CD-based files on millions of child benefit claimants could have continued indefinitely if the discs hadn't gone missing, we have learned.

Orlando Florida -- Seven months before the CDs went missing, HM Revenue and Customs had already established a practice of transferring onto CD, for despatch by post, insecure, though password-protected, files on millions of child benefit claimants.

The lost discs contained details of all child benefit recipients: records for 25 million individuals and more than seven million families.

The records included parental names, addresses, dates of birth, child benefit and national insurance numbers and where relevant bank or building society details. Paul Gray, the chairman of HM Revenue and Customs, has resigned because of the incident.   This is not uncommon to see CXOs being asked to resign because of a data lost on their watch, after all it's the CXO who is signing or cutting the IT budget, say Brian McCarthy President and well know Security Consultant for Sencilo Solutions based in Orlando Florida. 

The practice of transferring all of the child benefit data onto CDs began in March this year after HMRC's auditor, the National Audit Office (NAO), ceased to accept sample records for its audit of the department's accounts.

In the past officials at the Department for Work and Pensions had selected sample child benefit files and passed these to the NAO whose auditors checked for possible fraud and error.

But in March this year, for an audit of HM Revenue and Customs's 2006/7 Resource Accounts, the NAO, to do a more robustly independent check on the child benefit data, requested a full copy of the details of claimants, not merely a part of the data that had been selected by the department.

Though HMRC does have rules on handling sensitive data, it is unclear whether it had specific, established procedures for handling the request of the National Audit Office.

Aware that the files on child benefit claimants were sensitive, the NAO in March 2007 asked that HMRC filter the information before sending it to the audit office. The National Audit Office asked for the child benefit records to be stripped of details of the parents, addresses and bank information, which McCarthy states is a best practice here in the States. 

HM Revenue and Customs replied that it could not do this - its systems were not sufficiently flexible. It explained it could download only the whole of the information. So it sent to the NAO, by courier-post, all of the details of parents and children, including some bank account details.   Not true states McCarthy, their are disk based encryption appliances on the market today which can protect anything from a USB hard drive to tapes, HM has their heads in the sand.

That was when the insecure practice began of HMRC sending unencrypted files to the National Audit Office. No alarm bells were raised over the practice in March 2007.

It appears that it was thought easier to send the claimant files on CD than trying to send them electronically. This raises questions about whether government departments are routinely sending CDs with sensitive data around the country, thus avoiding technical challenges and security restrictions on exchanging files electronically.  Easier, how is anything that is a manual process and the cost of mailing a disc easier?

So in March 2007 HM Revenue and Customs transferred the child benefit data onto CDs and sent them by courier-post from Washington, Tyne and Wear, to the National Audit Office which is near Victoria Station in London. They arrived safely - and the practice became established.

The data was sent to the NAO only partially formatted. It had to be loaded on the National Audit Office's mainframe systems before it could be manipulated.

In October this year, when the NAO wanted to do an audit of HMRC's 2007/08 Resource Accounts, it again asked the department for its child benefit data.

The sequence of events:

2 October 2007: The NAO formally asks HM Revenue and Customs for files on child benefit claimants.

18 October: HMRC tells the NAO that the CDs have been sent

24 October: The NAO informs HMRC that the discs have not arrived. The NAO asks for a second set to be sent - it needs them urgently to ensure an audit of HMRC's accounts is not delayed.

25 October: The NAO confirms receipt of the second set of discs. It staff point out that the first set has still not arrived.

5 November: HM Revenue and Customs confirms that the first set of CDs is still missing.

8 November: The NAO begins a search for the missing CDs and the loss of the data is raised formally as a security incident. It is only at this point that HMRC's senior management is informed - but not the Chancellor of the Exchequer Alistair Darling who is responsible for HMRC.

10 November: HMRC with the cooperation of the NAO begins a search for the CDs at the offices of the audit office at Victoria. The NAO has no record of having received the first set of CDs. Only now is Alistair Darling, the chancellor, informed.

11 November: HM Revenue and Customs and the police search the NAO's offices. Nothing is found.

20 November: Alistair Darling makes a statement to the House of Commons on the missing discs and Paul Gray, the chairman of HMRC resigns.

21 November: HM Revenue and Customs issues an apology.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-compliance-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.

Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.

Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management

How much should you spend on disaster recovery (DR)? - May 31, 2008

Orlando Florida -- It's a trick question that few, if any, storage administrators know how to answer. You can easily spend a king's ransom to protect your data, but few companies have that kind of money. The key to cost-effective DR is first placing a value on the data--and understanding how the data's value changes over time--and then matching various data protection technologies to that value.  Here in Florida Hurrican season starts tomorrow, June 1 and last until November 30th.  So my guess to those of us in the Gulf States - Will you be ready? 

In an earlier blog (see The search for cost-effective disaster recovery), I described how to develop an application/data classification foundation (ADCF) that lays the groundwork for cost-effective DR. This foundation has six steps:
Classify each application and its data into four categories:


  • Mission critical

  • Essential

  • Important

  • Less critical



  • Determine the required recovery point objective (RPO) and recovery time objective (RTO) for each class of data.

  • Determine the available DR options per class of data.

  • Establish each option's TCO for the expected life of the implementation.

  • Evaluate the skills required at all DR locations.

  • Match the data, DR options and skills to the budget to determine the breadth of the DR GAP (the difference between the level of DR required and the level of affordable DR, or the difference between the actual level provided and the level required).

  • Remote mirroring

  • Remote mirroring provides data accessibility protection for an application using physically separate locations. While similar to mirroring within a RAID array, remote mirroring takes place over MAN or WAN distances. It's usually between storage arrays or storage appliances, and can be synchronous or asynchronous.


Synchronous remote mirroring is the highest possible level for DR RPO and RTO. The RPO is "zero" lost data, and the RTO is typically seconds to minutes. Synchronous remote mirroring does this by neither completing nor acknowledging the local write until the remote write is completed and acknowledged. Additional writes can't occur until each preceding write has been completed and acknowledged. This means local performance is directly related to the performance of the DR remote device; distance is the limiting factor. Remote synchronous mirroring is rarely deployed for circuit distances greater than 160km (100 miles).  http://www.sencilo.com/storage-software.php

With asynchronous remote mirroring, local writes are completed and acknowledged before the remote writes. Asynchronous remote mirroring is a "store-and-forward" technique that reduces I/Os and wait delays, allowing remote writes to fall behind the local writes. This means the RPO for lost data can range from seconds to minutes, and even hours in some cases. Asynchronous remote mirroring is most often utilized when the remote site is a long distance from the local site.

The primary advantage of both synchronous and asynchronous remote mirroring is the minimal (asynchronous) to zero (synchronous) risk exposure in losing data during a disaster. A secondary advantage is the potential for quick data recovery when a disaster occurs. Remote mirroring doesn't require server agents, and it provides heterogeneous server and application support. 

Remote mirroring applications are often pricey, the equipment is usually expensive, and it typically requires at least twice the primary disk space and sometimes much more. However, when the lowest possible RPO and RTO are the requirement, remote mirroring is the answer.

Another disadvantage is that remote mirroring doesn't prevent a rolling disaster, data damage, corruption or accidental deletion. If data is corrupted, damaged or deleted at the primary site, it will also be at the DR site. Some asynchronous remote mirroring products timestamp each transaction and allow recovery to a point in time before the corruption or deletion occurred, but they're exceptions to the rule. This means procedures other than remote mirroring must also be implemented to allow for recovery of corrupted, damaged or deleted data. Other disadvantages include lack of support for heterogeneous arrays, no support for internal storage, and nearly no application and file information.

Less-expensive alternatives to remote mirroring can also provide the lowest possible RPO and RTO. They're generally continuous data protection (CDP) products and include time-based continuous snapshots, automated backup, replication of changed data and automated, generational-change distributed backup. They offer a lower TCO than remote mirroring, support heterogeneous storage and provide better rollback capabilities. But they usually require installing and managing agents. 

Backup
Backup applications copy primary stored data directly from the application server and move it over TCP/IP networks to a local backup server or remote DR backup server. The server then writes the copied data to disk or tape. RPO is the window between backups or incremental backups. RTO is minimally hours, but usually days to weeks.

While backup is the primary DR application deployed in most IT organizations, it also has the highest failure rate. Failures can be attributed to user error, bandwidth issues, throughput issues, tape issues and even application server availability requirements. http://www.sencilo.com/prod-storagesoftware.php

The primary advantage of backup is its familiarity--it's a known quantity, both good and bad. Storage administrators know how to deploy and use backup, and the TCO is relatively low depending on the storage environment.

The two key disadvantages of backup are that its RPO and RTO are usually quite high, and backup is a local process. There are exceptions, however. Several backup programs distribute and centralize backup while providing continuous incremental backups, shrinking the RPO considerably. Unfortunately, recovery time is still a lengthy process. Data consistency and usability--the ability to use the backed up data without modification, reordering or re-creation--may also be a problem. Backup programs require server-based agents and backup costs escalate sharply as the environment scales and grows more complex.

Backup products are evolving and improving. Virtual tape, disk-to-disk-to-tape (D2D2T) and massive array of idle disks (MAID) technologies speed backups and recovery times. New types of backup software, such as content-addressable storage (CAS), reduce the amount of data required to back up by sending only changed data and meta tags about data. This significantly reduces recovery times and dramatically increases recovered data usability. Distributed backup eliminates the installation of server agents. These new types of backup have RPOs and RTOs that can be used for critical data. http://www.sencilo.com/storage-data-deduplication.php

Replication
Replication software replicates data from server to server synchronously and asynchronously. There are incremental and CDP modes. Replicated data travels over TCP/IP networks to a remote server's disk, and then a backup client is needed to move the data to a storage device. RPO for replication is similar to the RPO for storage array remote mirroring, depending on whether it's synchronous or asynchronous. RTO can be a little faster because the DR application servers are already collocated with the DR storage.

Replication software is easy to install and operate. It can run locally and distributed, and because it's server-, storage- and infrastructure-agnostic, there are no hardware lock-ins. Replication software costs are less than those for backup software and much less than storage array-based remote mirroring. Replication has evolved to include application-aware agents, continuous protection and rollback capabilities. One important benefit to replication is data migration. Replication software simplifies the process and replicates only the data that needs to be replicated in a non-disruptive manner.

Replication software can't prevent damaged data from being replicated, and server agents must be maintained and managed. RTO can be significantly increased if there's a single DR server caching the replication from different application operating systems. In the event of a disaster, all data must be recovered and rewritten before the applications can access the data. This is similar to backup. If there's a DR replication server per operating system, the RTO rivals storage array mirroring.

Snapshot
A snapshot provides a point-in-time reference marker to data stored on a storage system. Snapshots are a way to speed RTOs. There are two primary types of snapshots: copy-on-write and split-mirror.

A copy-on-write snapshot stores changes and additions to existing data. Data recovery is rapid in case of a disk write error, corrupted file or program malfunction; however, all of the previous snapshots must be available if complete archiving or recovery is required. A split-mirrored snapshot references all the data on a set of mirrored drives where one is local and the other is local or remote. Each time the snapshot is run, it snaps the entire volume, not just new or updated data.

Snapshot is easy to install and operate. A copy-on-write snapshot provides a short RTO and a relatively slow RPO (data must still be recovered before it can be used). Split-mirror snapshots have a relatively long RPO, but they speed data recovery (RTO), duplication and data archival. One important benefit to split-mirror snapshots is that it's possible to access data offline for tasks such as data mining and offline production data testing. Some snapshot applications provide continuous snapshots and rollback capabilities based on a point in time, which offers faster RTO.

A split-mirror snapshot uses a lot of system resources and will degrade the performance of the platform it's running on while it creates the snapshot. And snapshots can't prevent a rolling disaster of snapping corrupt data.

DR hardware platforms
There are four principle hardware delivery platforms: storage array, general-purpose server, purpose-built storage appliance and the intelligent storage networking switch. The storage array is a purpose-built storage server for block or file-based storage. Many storage vendors provide optional storage array DR software, which includes synchronous and asynchronous remote mirroring and snapshot. These software products are typically specific to the individual vendor and its storage offerings.  http://www.sencilo.com/storage-area-network.php

Storage array-based software usually doesn't require application server agents. The arrays are server operating system-agnostic and the DR applications run fast. They are also installed in thousands of locations, and are proven and mature.

However, the array DR applications don't work with heterogeneous storage. In general, they don't have file-level or application awareness. (Array applications with application awareness use agents.) Storage array IOPS and throughput decline while DR applications are running. And these DR applications are licensed and managed on a per-array basis. Storage array DR applications have some of the highest TCOs and, in some cases, consume more raw storage than non-array based alternatives.

General-purpose servers have very low acquisition costs and low TCO. Implementing, servicing and managing them are known quantities. Performance is tunable and DR application performance leverages ongoing improvements in server technology. Increasing performance or scalability may be as simple as buying the next-larger server, and more memory and processing power. Other advantages include support for heterogeneous storage, and application and file-system awareness. General-purpose servers require DR application agents.

The purpose-built storage appliance is nothing more than a DR application optimized server. A good way to think of the purpose-built storage appliance is to view it as a networked storage controller. It leverages technologies specifically optimized for storage DR applications. Optimization includes I/O performance, throughput, scalability and high availability (no single point of failure). TCO is definitely lower than for the storage array or intelligent server, but the purpose-built appliance is proprietary. It may also have higher initial acquisition costs and may not keep up with server technology advances.

The intelligent storage networking switch is a relatively new DR delivery platform. The storage area network (SAN) switch is the ideal system to provide DR applications because it sits between application servers and their target storage, and it also has visibility into all servers and storage targets.

There are two principle types of intelligent storage-network switches. The first essentially integrates the purpose-built storage appliance as a server blade into a Fibre Channel SAN switch or director. The second packages it as a storage software delivery platform that just happens to use switching as part of its architecture. It leverages a new technology called split path acceleration of independent data streams (SPAID). SPAID improves performance by separating the control path (the slow path) from the data path (the fast path). It enables out-of-band virtualization without requiring server agents and runs most DR software applications without any changes. Initial costs and TCO will probably be much higher than for non-integrated systems.  http://www.sencilo.com/back-up-restore.php

No other platform has the DR application performance potential of the SPAID intelligent storage networking switch. SPAID switches have an inherently higher level of reliability, availability and serviceability than storage appliances because of the separation of control path from data path. Unfortunately, there are only a small handful of products that use the SPAID architecture. These include software from Incipient Inc., Maranti Networks, StoreAge Networking Technologies, Troika Networks Inc. and Veritas Software Corp. Of these, only StoreAge has a comprehensive suite of DR applications that works with all of the SPAID intelligent storage networking switches. Maranti has its own suite of DR applications, and Troika is working on a suite with tie-ins to other software-based DR applications. Incipient and Veritas are currently limited to volume management only.

Remember, a cost-effective DR strategy requires a mix of DR applications running on several platforms. Managing cost and effectiveness requires matching the value of the data to specific DR capabilities. This mix-and-match approach will reduce overall DR cost while meeting the organization's needs (see Sorting out disaster recovery options). Of course, this process must be repeated periodically to re-evaluate new technologies, products, SLA requirements and compliance regulations.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/continuity-disaster.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

Stolen data ending up in Google cache, say researchers - May 31, 2008

Orlando Florida -- The Finjan security researchers, who uncovered several unprotected hacker servers containing the sensitive email and Web-based data of thousands of people, demonstrated how easy it is to find the data using Google.

By using a simple string of search terms the researchers were able to find stolen passwords and usernames, Social Security numbers, and even the usernames and passwords of internal databases of companies all stored in Google's public caching server.

Google returns the results based on log files available on the unprotected servers. The servers stored stolen data collected by Trojan horses running on infected end-user PCs, Ayelet Heyman, a researcher at Finjan's Malicious Code Research Center, said in Finjan's Malicious Code Research Center blog.  It not that hard to protect these assessts, says Security Consultant Brian McCarthy of Sencilo Solutions.  Sencilo can provide both security services that can true up open areas but also we offer products to close and protect your company information. 

"Google just indexed these log files as they do with any other public file on the Web," Heyman said. "It's not a hoax as some people wrote; it's 100% harsh reality."

It's not the first time the search engine giant was used to uncover sensitive data or common security flaws in websites. Penetration tester Johnny Long was the first to make headlines explaining ways to turn Google into a malicious tool. Long's website has a Google hacking database. Tom Bowers, managing director of Allentown, Pa.-based Security Constructs LLC has also warned that IT professionals must learn how hackers use search engine queries to ensure sensitive data doesn't end up on the public caching servers.

Heyman urged people not to blame Google for caching the stolen information. Google indexed the log files on the server as they do with any other public file their crawlers find on the Web, Heyman said.  McCarthy goes on record and says Finjan and Heyman are nuts to cast the blame of Google, or another search engine company. 

In April, Finjan announced that it had discovered an unprotected server and others used as a drop site for the AdPack exploit toolkit. The server wasn't encrypted and no authentication was used to access it.

Yuval Ben-Itzhak, Finjan's chief technology officer, said more and more stolen data is turning up on popular search engine caching servers. The increase in sensitive data on search engine servers is likely due to the easy availability of crimeware toolkits such as NeoSploit, MPack, and AdPack. The toolkits make it easy for a novice to quickly find an unused server and begin stealing data. 

"The whole idea for selling these toolkits is to provide to people who are not security experts and do not have a computer science background," Ben-Itzhak said. The management features enable the criminal to use social engineering tactics and target a country or IP, or even by log types, he said.   http://www.sencilo.com/security-web-application-controllers.php

The researchers discovered sensitive information from Microsoft Outlook accounts including mail and personal folders, calendar, public folders and contacts. A mountain of healthcare information was also discovered, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers' data, including the physician's name. Banking data, including credit card numbers and account login numbers were also discovered on the server.

Businesses are also not immune. A large chunk of business data was discovered, including network folders and business contacts. Personnel files and business files marked confidential were also stolen using a Trojan. One message revealed details about an upcoming court case, while a few others contained business financial data such as invoice information.

The Finjan researchers said they notified more than 40 major international financial institutions located in the United States, Europe and India whose customers were compromised as well as various law enforcement agencies.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-compliance-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.

Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.

Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management

State Street's lack of security policies to blame for the lost of 45,000 Social Security Numbers - May 31, 2008

Jacksonville FLorida -- State Street Corp. is the latest firm to acknowledge a data breach, after a contractor hired to conduct data analysis lost a disk drive containing the personal information of 5,500 employees and 40,000 customer accounts.

State Street disclosed the information on its website four months after it learned of the problem. The financial services firm said Thursday that it began notifying employees and customers of the former Investors Bank & Trust Company, which it acquired in 2007. 

"As a precaution, State Street is notifying legacy IBT employees and certain legacy IBT customers that have been identified as having certain personal data on the stolen equipment," the firm said in a statement.

IBT contracted out a legal support service to review its electronic records and compile data for federal regulators as part of the acquisition in 2007. The data was initially encrypted, but State Street said the vendor unencrypted the information when it loaded the data onto computer equipment, which was stolen from its facility.

The information included individuals' names, addresses, dates of birth, and Social Security numbers.

State Street said it notified state and federal law enforcement, which is conducting an investigation. The firm said it took several months to reconstruct analyze a copy of the data stored on the stolen equipment. So far State Street customers and employees are not affected by the breach. State Street said it would be offering free to the victims that its analysis indicates may be affected.

The loss of disk drives and tapes is prompting more businesses to encrypt data at rest, said Scott Crawford, an analyst with Boulder, Colo.-based Enterprise Management Associates. 

In the State Street breach, the vendor handling the data unencrypted the information to conduct its analysis, but never encrypted it again. It happens often and companies sometimes fall prey to a false sense of security when deploying encryption. Ultimately the data is going to be accessed and sometimes another instance of the data is made that goes unencrypted, experts say. 

"The devil is in the details of implementation with crypto, where a poor implementation of a good algorithm gives a false sense of security and it's potentially worse than not using encryption at all," Crawford said. "Even when experts are involved, the processes can be a killer." 

What technology can do ends at how effective it is in managing or enforcing how people actually work with the data, Crawford said. Banks and financial services firms must comply with Basel II regulations with address operational risk management.

"Financial services have more motivation to be more thorough in managing operational risk, including risks posed by business partners," Crawford said.

Firms should have a centralized vendor management process in place that takes into account risk factors and be continually assessed to determine if the vendor is meeting the security requirements, said Ramon Krikken, a research analyst at Midvale, Utah-based Burton Group.

"Financial institutions are relatively quickly catching up with whole vendor management issue, but security has been an afterthought with vendor management," Krikken said.

Vendor evaluation should include assigning a risk score based on the sensitivity of the outsourced process. Vendor contracts should cover security issues and safeguards based on the risk factors assigned to the data, he said.

"It all comes down to having solid vendor due diligence, an area getting an increasing amount of attention," Krikken said. 

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-compliance-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.

Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.

Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management

Dave & Buster's data thieves will be prosecuted by US Department of Justice - May 14, 2008

Orlando Florida - The United States Department of Justice has charged and intends to prosecute individuals responsible for the theft of credit and debit card numbers from 11 Dave & Busters Inc. locations, including the one in Miami, Jacksonville and Orlando.

The thefts occurred from May to August of 2007. Although the stolen data was never retained or stored by Dave & Buster's, the data was illegally accessed from the Dave & Buster's computer systems during the card verification and transmission process. No personal information -- such as names, addresses, phone numbers, bank account numbers, PINs, or social security numbers -- were stolen.

The other stores involved are in Westminster, Colo.; Islandia and West Nyack, N.Y.; Utica, Mich.; Chicago; Columbus, Ohio; and Frisco, Dallas and Austin, Texas.

Dave & Buster's was alerted to the potential data intrusion in late August 2007. The company worked with both the Secret Service and Department of Justice and assisted them in the investigation. In addition, Dave & Buster's retained outside security experts who identified the source of the data compromise. As a result the company has implemented additional security measures to prevent such incidents from occurring in the future.

"As soon as we became aware of the breach in August 2007, we took steps to secure our systems and remain confident that they are safe today," said CEO Steve King.

Dallas-based Dave & Busters operates 50 restaurant/entertainment complexes in 19 states and in Canada and Mexico.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-compliance-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.

Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.

Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage
 

What the PCI Council wants you to know! - May 9, 2008

Jacksonville Florida -- When the Payment Card Industry (PCI) Security Standards Council released version 1.1 of the PCI Data Security Standard in September 2006, it clarified existing mandates and added, in Requirement 6.6, some new ones pertaining to the custom application code that handles protected payment card data.

Basically, the council offered enterprises a choice: have an application security organization review custom application code for common vulnerabilities, or install a Web application firewall in front of Web-facing applications.  See http://www.sencilo.com/security-web-application-controllers.php for more info. 

In keeping with the council's measured approach to improving the security of payment card data, what was put forward as a "best practice" in 2006 will become a full-blown requirement on June 30, 2008. Many companies are already bemoaning the burdensome nature of PCI compliance and will no doubt chafe at paying for either more outside consultants or more security hardware and software.

On the other hand, there are plenty of security professionals who will say that what the PCI DSS requires is nothing more than the same application development and deployment approach that many companies have used for years. I can think of several financial and telecom companies that adopted a similar strategy when working with internally imposed PCI-comparable standards in 1999. Since then, there has been an increase both in the number of people qualified to conduct code reviews and in the availability of commercially supported application-layer firewalls.

Amid today's threat climate, where there is no shortage of people prepared to use whatever attacks they can to gather and exploit payment card data, a strong case can be made for both putting an application-layer firewall in front of Web-facing applications and having application code independently reviewed. However, in the real world, where cost constraints have never been tighter, some enterprises must choose one or the other.

The case for application firewalls
The main reason for an application firewalls like Barracuda Networks is that it will, if properly supported, actively protect against emerging threats, something a one-time code review will not. Sure, a code review might be able to list classes of attack against which the code is deemed secure, and a reviewer may be able to discount some emerging threats by referring to that list. A code review, however, does not provide a way to tweak application proxies in response to attacks.

One common argument against the application firewall is that it may be tricky to fit into an existing architecture. Another objection is that it may work out to be more expensive than a code review. Pricing varies between brands but you could easily be looking at a purchase cost of around $5,000 for something that will handle around 900 MB of throughput, rising to around $8,000 for 2 gigabites per second (Gbps). Total cost will depend upon the level of application traffic, ongoing licensing fees and personnel costs to manage and maintain your Web application firewall capability. However, if you have staff on hand with the skills to tune and manage an application firewall, like the folks who are already running your enterprise firewall, the additional cost may only be incremental or a security based consultant like Sencilo Solutions of Lake Mary Florida. 

The case for code review
A code review is not cheap and in most cases much more expensive the a firewall. For whomever performs it, you are probably looking at tens of thousands of dollars in cost, although the exact figure will obviously depend upon application complexity. Bear in mind, though, that a code review doesn't require the same level of ongoing care and maintenance as a firewall (although future code revisions will need review).

However, enterprises should already be budgeting for code review as part of the software development process. Unfortunately, some earlier PCI guidelines gave the impression that internal code reviews would not be acceptable. Thankfully, we now know it's possible to use an internal staff for the review if it is a) trained and specialized in application-code assessments and b) not the same people who developed the application, this according to the Feb 2008 "Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified" document.

This clarification document approves, with the above caveat, the "proper use of automated application source code analyzer (scanning) tools" and the "proper use of automated web application security vulnerability assessment (scanning) tools."

Making the choice
So now it looks like there may be three avenues available, and in each case the choice may simply come down to people. Does the enterprise have staff who can:
a. Configure and maintain an application-layer firewall?
b. Perform a code review?
c. Use a third-party vulnerability detection tool and fix any problems the review uncovers?

Of course, the decision could also depend upon architecture considerations and how well an application-layer firewall would work with existing systems and devices.

Another factor to consider, particularly for those leaning toward a third-party code review, is how comfortable the organization may be with the status of its code. It is not unusual for payment card applications to develop over time and include some legacy code of unknown origin and unclear purpose. A security staff may not want to remove legacy code and run the risk of breaking a mission-critical application. Without suggesting that anyone should sweep potential bugs under the carpet, placing a firewall in front of an application might be less costly, or less disruptive, than re-writing it in light of a code review.

Finally, it has to be said that PCI DSS, admirable as its goals may be, has been far from perfect in practical terms. Not knowing exactly where the PCI Security Standards Council has drawn the line with Requirement 6.6 can be frustrating for those who are otherwise keen to toe that line. To a security professional who would normally urge the use of both code reviews and firewalls, it is another example of the compliance dilemma. If you promulgate a standard intended to increase security, you must be prepared to answer the question: "What must I do to comply with the standard?" The problem is, the question often becomes "What is the minimum I can do to be in compliance?" Just a few weeks ago, the PCI Council also released a clarification stating that companies can either perform the code review or install the application firewall, but that they would ideally like to see enterprises do both.

I recommend taking the time to understand PCI's Web application requirements, including the clarification documents, and consider how the approved options mesh with your architecture and resources. It is now clear that enterprises have multiple paths to compliance and, if executed properly, any of the options will not only help achieve compliance, but also improve Web application security.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare

What Symantec's Enterprise Vault Division does NOT want you to know! - May 6, 2008

Lake Mary, Florida -- Barracuda Networks Inc., the worldwide leader in email and Web security appliances, today launched the Barracuda Message Archiver 850 and 950 models for enterprises and large organizations searching for an affordable solution to preserve and index all emails.  The Barracuda Message Archiver 850 and 950 models also help organizations to efficiently store and manage emails while satisfying regulatory compliance criteria for saving email.“One of the biggest challenges facing larger organizations today is the need to balance making sure that their email server continues to operate efficiently while also future proofing their network for compliance,” said Stephen Pao, vice president of product management for Barracuda Networks.  “The Barracuda Message Archiver 850 and 950 enable enterprise customers to achieve legal and regulatory compliance needs while making more efficient use of storage technology by providing increased performance, reliability and scalability inside the IT organization.”


The Barracuda Message Archiver 850 can archive and index email for up to 4,000 users and the Barracuda Message Archiver 950 has enough processing power to handle 6,000 users.  Both models include dual-redundant power supplies and hot-swappable RAID arrays.  In addition to offering the full set of storage capabilities – including single instance storage and built-in storage and redundancy through internal or external mirroring – offered with all Barracuda Message Archiver models, the Barracuda Message Archiver 850 and 950 models also include a hardware-based iSCSI host based adapter for high-performance interaction with Storage Area Networks.


Reliable Search and Storage for Public Records Requests

As the second largest school district in Washington with more than 29,000 students spread across 54 schools, the Spokane Public School District in Spokane needed to ensure that it was equipped to quickly respond to email discovery requests.  In Washington, all public organizations, including school districts, are subject to public records requests and various entities can request specific information, such as emails, related to district operations.  Spokane Public Schools selected the Barracuda Message Archiver 850 to help manage and store the email of its more than 4,500 email users to fulfill these public records requests.


“Prior to installing the Barracuda Message Archiver 850 there was no centralized way to fulfill this type of request,” said Brown.  “All employees would be asked to go through their own email inboxes and forward any emails related to the specific request to the IT staff for inclusion in a response to the requesting entity.  This was a slow, time-consuming and ineffective process.”


As with the full Barracuda Message Archiver product line, the Barracuda Message Archiver 850 and 950 offer a complete set of message archiving features designed with both compliance and storage efficiency in mind.  The Barracuda Message Archiver stores and indexes all email for easy search and retrieval by both regular users and third-party auditors and offers greater ease of use and administration, enabling deployment in less than 60 minutes.


“We were pleased that the Barracuda Message Archiver 850 not only was able to archive on a going forward basis but it also allowed us to automatically import in all messages already in our email system giving us access to information that had been up to that point difficult to retrieve,” said Brown.  “In addition it is easy to maintain and we appreciate that updates and enhancements are made in a timely fashion.”


Pricing and Availability

The Barracuda Message Archiver 850 and 950 are currently available in the U.S. and priced at $29,999 and $44,999 respectively with no per user licensing fees.  International pricing and availability varies by region. 


About the Barracuda Message Archiver

The Barracuda Message Archiver is a complete and affordable email archiving solution, designed to effectively index and preserve all emails, achieve legal and regulatory compliance needs, and make more efficient use of storage technology inside the IT organization.  Leveraging standard policies and seamless access to messages, email content is fully indexed and backed up to enable administrators, auditors and end users quick retrieval of any email message stored in an organization’s email archive.  Delivered by Barracuda Central, Energize Updates provide automatic updates to its extensive library of virus and policy definitions for enhanced monitoring of compliance and corporate guidelines, document file format updates needed to decode content within email attachments and security updates for the underlying platform to remain free of potential security vulnerabilities.


For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php


About Us


Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.


Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.


Key words:  DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare cloud Enterprise Vault


RSA, the Security Division of EMC, Delivers Standards-Based Approach to Help Simplify Compliance - May 6, 2008

Orlando Florida -- RSA, The Security Division of EMC , today announced the findings of a new research paper that details the benefits organizations may gain -- including reduced costs and improved security -- by implementing a standards-based framework of security controls. The paper also details the ability of comprehensive security frameworks to help companies more easily comply with a variety of security requirements handed down by regulatory bodies, industry groups, partners, customers and internal policies.In addition, RSA announced new reports within the RSA enVision(R) security information and event management solution that are designed to enable organizations to more easily report on key aspects of the ISO 27002 standard -- a global code of practice for information security management which is useful in defining an effective set of best practice security controls as part of a compliance framework.


In March 2008, RSA commissioned Michael Rasmussen, industry analyst and President of Corporate Integrity, to undertake a research paper based on what it means to develop a "sustainable and cost-effective IT compliance program." The key findings of this project are that the typical approach to compliance -- responding on a regulation-by-regulation basis without an integrated IT compliance management program -- escalates costs, reduces visibility of the control environment overall, wastes resources, and leads to unnecessary complexity, inflexibility, vulnerability and exposure.


"A proactive approach to IT compliance allows organizations to look confidently to the future while also mitigating risk in the course of business," said Mr. Rasmussen. "An effective IT compliance program should be centered on a comprehensive framework, based on industry-wide standards -- such as ISO 27002."


Security Frameworks-Based Programs to Simplify IT Compliance


As organizations worldwide struggle to both comply with a plethora of compliance requirements and improve enterprise-wide security, a framework-based approach founded upon best practices and controls helps customers to build a proactive security program that may effectively break down the walls that often isolate organizational compliance silos. By driving compliance holistically, rather than on a requirement-by-requirement basis, companies may reduce costs by both avoiding redundant technology controls and easing the process of managing compliance. In addition, leveraging international standards such ISO 27002 as the foundation of an IT security and compliance program helps organizations align efforts to comply with key portions of many global regulations, including: the Payment Card Industry (PCI) Data Security Standard (DSS), HIPPA, Sarbanes-Oxley, the European Union's Data Protection requirements and regional data privacy laws.


"Our forward-thinking customers are using framework-based security and compliance programs to cost-effectively satisfy multiple requirements and manage information risk," said Steven Preston, Senior Director, Solutions Marketing at RSA, The Security Division of EMC. "This goal can be achieved through the application of a consistent, holistic set of repeatable, scalable, enterprise-wide controls, which are centered upon recognized IT security best practices."


RSA Solutions to Establish Security Frameworks for Simplified Compliance


RSA's portfolio of technology solutions offers key security controls that help organizations establish frameworks based upon global best practices and standards. Key controls delivered by RSA's solutions include:


New Reporting Capabilities Within the RSA enVision Platform for ISO 27002-based Security and Compliance Programs


The RSA enVision platform is designed to offer a comprehensive suite of out-of-the box reports, which help enable organizations to effectively monitor their ISO 27002-based security and compliance program. These reports are prepared to align directly with the ISO 27002 standard, and help enable organizations to effectively demonstrate compliance with critical areas of the specification. Reports within RSA enVision platform related to ISO 27002 focus on areas such as computer account logon activity, computer account status, control of collected evidence, control of human resources data, malicious software activity, password changes and expirations and source code access.


Information Security Services to support Framework-based Compliance Initiatives


In addition to delivering a broad range of security controls, various EMC information-centric security consulting services -- leveraging solutions from RSA -- help enable organizations to effectively enact framework-based compliance programs.


For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php


About Us


Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.


Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.


Key words:Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare


EMC has it's head in the Clouds - Cloud Storage that is! - May 6, 2008

Mozy, Inc., part of the Cloud Infrastructure and Services Division of EMC (NYSE:EMC), today announced the release of MozyHome for Mac, the industry's first unlimited online backup service for the Mac. Mac users in the home can now safely and cost-effectively back up all of their digital information over the Internet. With more than 700,000 total users worldwide and 6.2 billion files backed up, Mozy is the leading online backup service of choice for consumers and small businesses.

"Mozy is honoring its roots by augmenting its service to consumers and small businesses," said Vance Checketts, chief operating officer for Mozy. "We've had more than 43,000 individuals participate in our public beta and have devoted thousands of hours of development to this new MozyHome for Mac release."

Designed as a consumer service, MozyHome for Mac offers 2 gigabytes of online backup absolutely free with no expiration date, or $4.95 a month for unlimited online backup capacity. Mozy automatically protects all computer files including photos, music, videos and financial documents from data loss in the event of hard drive crash, accidental deletion, natural disaster or theft. All files are encrypted with 448-bit Blowfish encryption and the encrypted files are transferred via a 128-bit SSL connection – the same encryption used for online banking – during the backup process for extra security. After the initial backup, Mozy only backs up incremental changes to files and folders, meaning subsequent backups run extremely fast. In addition to the most recent backup, Mozy keeps 30 days worth of file versions as well. In the event of data loss, files may be recovered via the Mozy client software, downloaded from the Mozy website, or by ordering the files on a set of DVDs from Mozy.

"I had just completed my transition from Tiger to Leopard when my hard drive crashed," said Donald Malm, who participated in the MozyHome for Mac beta. "The restore of all my data from Mozy was completed without a single error. My Quicken data was exactly where I had left off the day before the crash. Never have I made a better purchasing decision since I started in the insurance and financial system design industry 52 years ago."

Later this summer, Mozy will release a business version of its Mac service to enhance its MozyPro and MozyEnterprise offerings. More than 20,000 business customers already trust Mozy to back up their data, and Mozy is currently backing up more than 7.5 petabytes, the equivalent to 7.8 million gigabytes, across multiple data centers. Businesses interested in an online backup service for the Mac can sign up to be notified at www.mozy.com/mac/probeta.

With the addition of the MozyHome for Mac service, EMC offers Mac users the industry's most robust backup and recovery options. Other data protection offerings for Mac users include EMC Retrospect for Macintosh and EMC LifeLine software.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ



headerbottomrounded