Data Protection
Is Symantec up for sale? - May 6, 2008
John Thompson must have known the question was coming. The Symantec CEO certainly heard the rumors. So when he was asked Wednesday night during his company’s earnings conference call about selling off parts of his company, Thompson couldn’t have been clearer.
“Contrary to popular rumor, we have no plans to divest of anything,” he said. “None.”
The rumors mainly involved the storage products that Symantec acquired from Veritas three years ago. And they were widely circulated. According to an Associated Press earnings preview story that ran this week:
Analysts are particularly interested in the possible sales of backup and recovery software product NetBackup and the company’s non-Windows Data Center Foundation, which comprises of storage and server management products.
Several technology bellwethers, including IBM, Hewlett-Packard and EMC have been named as potential buyers for Symantec’s storage products, including NetBackup. One executive from HP who did not wish to be known is quoted as saying "he has meet with John (Thompson) and it's all but signed."
AP could have added two other bellwethers who have been mentioned as suitors of all or some of the Symantec storage products - Oracle and Microsoft.
From the tone of Thompson’s voice when he answered the question, he’s not happy with the rumors. Yet Symantec is at least partially to blame. There have been frequent reorganizations since it bought Veritas, usually accompanied by layoffs. Symantec admitted a large layoff in April but would not give details. This left the door open for scared Symantec employees, disgruntled former employees and opportunistic competitors to attempt to fill in the details. And Symantec execs have talked about getting rid of poor performing units on previous earnings calls.
But Wednesday’s call was upbeat. Symantec reported outstanding results all around, and storage was front and center. Email archiving, backup, and storage management were among the product segments that posted double-digit year over year growth. Thompson and COO Enrique Salem talked of a bright future for Net Backup 6.5, Backup Exec 12, and Storage Foundation. They emphasized Symantec’s encryption and virtualization capabilities and gushed about three hot storage areas where Symantec has hardly been a pioneer: data deduplication, continuous data protection and software as a service (SaaS).
Symantec’s earnings were impressive in current economic conditions, although with 53 percent of its revenue from international sales, it took advantage of favorable foreign exchange rates against the dollar. Symantec gained share from its major rival EMC on the backup front, with 11 percent year-over-year growth compared to EMC’s 8 percent growth.
The question now is whether the strong storage performance will prompt Symante execs to forget about spinning off any pieces, or will it only add to the value of a possible sale? Thompson’s take is nothing is for sale. Despite what you might have heard.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare
It's not will Sun get out of the Storage Market, but when? - May 6, 2008
When Sun revealed its open source storage push this week, some in the industry wondered about its business model. In other words, how can Sun make money on open source storage products?
Then Sun reported its earnings Thursday night, and it became clear that its storage business isn’t exactly rolling in dough these days anyway.
Sun’s storage products generated $530 million in revenue last quarter, down 5.4 percent from a year ago and $100 million short of its target. Big-ticket items such as tape libraries and high-end disk systems were down in a quarter in which EMC and IBM reported increases. Server revenue also fell short by $100 million, making it a disastrous period for the new combined servers and storage unit.
Overall, Sun lost $34 million in the quarter compared to a profit of $67 million the year before. On the earnings call, Sun execs said they would be restructuring to the tune of 1,500 to 2,500 layoffs.
Can open source save this sinking ship? Sun CEO Jonathan Schwartz seems to think so, and he certainly hopes so. Open source was a common theme of his earnings call, with open storage getting its share of attention with statements such as: “We have a great variety of new Open Storage innovations [entering] the market within the next few quarters.”
Schwartz didn’t talk too much about how Sun will make money on open storage, except to emphasize how it would save money on R&D by having a common open platform for all of its servers and storage systems. Layoffs are expected to save Sun between $100 million and $150 million a year, although it’s not clear how much of the reduction will be in storage. Sun continues to the the butt for most jokes remarked a Sun reseller at SNW.
It remains to be seen what the quality of open storage products will be, but Sun has little to lose. It’s tried a lot of things over the years to jumpstart storage sales, including paying $4.1billion for tape library market leader StorageTek. Nothing has worked. Sun OEMs systems from Hitachi Data System, LSI and Dot Hill and usually has less success than other vendors who sell the same systems. For a while Sun planned its storage future around the 6920 midrange system, which it billed as a virtualization product and an EMC Clariion killer. Customers yawned, and Sun sold the technology to HDS last year.
Now its storage plans revolve around a large DAS system called Thumper and open source software. Considering its track record, things can’t really get much worse, can they?
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. It's technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare
Security for Exchange: Best Practices - May 6, 2008
Email is essential for business communication, but it wasn't designed with security or regulatory compliance in mind. As spammers and hackers continue to attack the world's email infrastructure, organizations face a daunting security challenge - trying to protect their email systems from a relentless barrage of spam, denial-of-service and other inbound attacks, losing sensitive data through accidental leakage, and maintaining regulatory compliance.
Tumbleweed MailGate provides a suite of comprehensive, high-performance email security solutions that simply and effectively protect you from the full spectrum of email security threats and risks. Through MailGate you can:
Implement effective email security.
MailGate secures inbound and outbound email traffic, and stops virus outbreaks, spam, botnet attacks, image-spam, worms, directory harvest, and denial-of-service attacks. MailGate ensures that email traffic and message contents flow reliably and securely.
Accidental data leak prevention.
With the most comprehensive suite of email security, content filtering that prevents accidental data leakage, and intelligent routing capabilities, MailGate simplifies compliance with industry and government regulations such as HIPAA, GLBA, Sarbanes-Oxley, CA-1386, as well as with your organization’s internal security and privacy policies.
Protect private information.
MailGate’s industry-leading email encryption technology not only blocks malicious traffic, but provides secure communication as well. MailGate delivers automatic gateway-to-gateway strong encryption for any remote domain through policy-basedTLS encryption. Also, with Secure Messenger, messages can be routed based on message content or the identity of senders and receivers through many encryption options, including remote certificate error checking and validation, S/MIME and PGP protocols, and patented secure Web-based delivery.
Reduce infrastructure and management costs. MailGate eliminates costly threats, such as spam, directory harvest and denial-of-service attacks, which all too often force organizations to buy too much infrastructure for the very traffic they don’t want. MailGate can reduce your raw email load by more than 80 percent, dramatically cut infrastructure overhead and administrative costs, and improve network throughput.
Centralized control for inbound and outbound email security
Inbound and outbound email security are interrelated and require common management, threat protection, content protection, and reporting. Unlike other products that rely on third-party solutions for encryption and antispam technology, Tumbleweed delivers best-of-breed, integrated email security solutions that are powerful, comprehensive, and easy to manage.
MailGate: Comprehensive email security built on a high-performance, highly secure Linux platform that installs in minutes and can process close to two million messages an hour. Flexible and easy to manage, MailGate provides intelligent network-edge defenses, antispam, antivirus, zero-hour virus outbreak protection, accidental data leakage protection through content filtering, policy management, gateway-to-gateway encryption, automated reporting, and a state-of-the-art, centralized management console.
Secure Messenger: A policy-based, secure message delivery product that dynamically applies user-defined email encryption and routing policies. Includes the industry's widest range of email encryption options including TLS, S-MIME, PGP, and patented Web-based message delivery.
Desktop Messenger: A secure, practical, and easy-to-use solution for sending encrypted email from the desktop to any recipient. Unlike other products that are difficult to manage, or require pre-installation for recipients, Desktop Messenger eliminates the hassle of PKI, and allows delivery to any new or external recipient via Secure Messenger.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.
Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.
Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare
PCI Council issues statement on Web application security as June 30 closes in - April 23, 2008
Tampa Florida - Responding to a wave of criticism and confusion surrounding the imminent deadline for a new section of the PCI Data Security Standard regarding Web application security, the PCI Security Standards Council on Tuesday released documentation intended to clarify the requirements for securing Web applications.
The clarification is meant to settle some of the confusion regarding the pending enforcement of PCI DSS Requirement 6.6 , which covers application firewalls and code reviews.
Security practitioners and industry observers had criticized the language in the new requirement, saying that it was unclear whether organizations needed to perform a code review and deploy a Web application firewall, or whether one or the other is sufficient. The new document explains that companies can do either the code review or install the application firewall, but that the council would ideally like to see them do both, states Brian McCarthy Security Expert and PCI chapter member.
"The intent of Requirement 6.6 is to ensure Web applications exposed to the public Internet are protected against the most common types of malicious input. There is a great deal of public information available regarding Web application vulnerabilities," the council wrote in its guidance. "Proper implementation of both options would provide the best multi-layered defense. PCI SSC recognizes that the cost and operational complexity of deploying both options may not be feasible. Further, one or the other option may not be possible in some situations. However, it should be possible to apply at least one of the alternatives described in this paper and proper implementation can meet the intent of the requirement." Products like the Barracuda Networks Web Firewall is the simplist and most affordable way to get into complience quickly.
For organizations considering the application code review option, the PCI SSC laid out some more detailed information on what qualifies as a code review. For example, the new guidance defines such reviews as being "dynamic and pro-active, requiring the specific initiation of a manual or automated process." The four options for code reviews that meet Requirement 6.6 include:
Manual review of application source code
Proper use of automated application source code analyzer tools
Manual Web application security vulnerability assessment
Proper use of automated Web application security vulnerability assessment tools
As for the Web application firewall, the PCI SSC specifies that the firewall be "a security policy enforcement point positioned between a Web application and the client end point." That's a fairly broad definition, and the new guidance further broadens it by saying that the firewall can be either a dedicated appliance or a software application running on a server. The software version comes with is own challenges unlike a Barracuda Networks Web Firewall.
However, the council is careful to say that simply deploying one of these protection methods is not enough to guarantee compliance with Requirement 6.6. "Note that compliance is not assured by merely implementing a product with the capabilities described in this paper," the guidance says. "Implementing a [Web application firewall] is one option to meet Requirement 6.6 and does not eliminate the need for a secure software development process."
The Deadline for 6.6 is due to go into effect on June 30 2008.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words:Â Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
LendingTree's Poor Security Practices are the cause for Data Breach - April 23, 2008
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Affordable Web Site Firewall for PCI Compliance to SMBs - April 19, 2008
Barracuda Networks Launches Barracuda Web Site Firewall -- New Barracuda Web Site Firewall Offers Complete Protection Against Site Vulnerabilities, Extends Affordable PCI Compliance to SMBs
Miami Florida - Barracuda Networks Inc., the worldwide leader in e-mail and Web security appliances, today launched the Barracuda Web Site Firewall product line, the industry's most cost-effective Web application security appliance. The Barracuda Web Site Firewall leverages the capabilities of the award-winning Web Application Controller product line acquired from NetContinuum in September 2007. Targeted at businesses of all sizes requiring Web application security and PCI compliance, the Barracuda Web Site Firewall starts at $4,999.
"Hackers are increasingly taking advantage of Web sites that do not have ample protection against major Web application attacks, and many of these sites belong to small and medium businesses," said Stephen Pao, vice president of product management for Barracuda Networks. "Until now, Web application security products have largely been targeted at large enterprises that have expansive IT budgets, leaving SMBs without an affordable option. The Barracuda Web Site Firewall delivers a powerful, easy-to-use solution for the 'rest of us.'"
By harnessing the same powerful protection offered by the Barracuda Web Application Controllers, the Barracuda Web Site Firewall secures Web sites against data theft, denial of service or defacement. As a full proxy, the Barracuda Web Site Firewall blocks or cloaks attacks, such as SQL injections, cross-site scripting attacks or buffer overflows, while preventing outbound sensitive data leakage. To minimize ongoing administration associated with security, the Barracuda Web Site Firewall automatically receives Energize Updates for the latest policy definitions, security updates and attack definitions. In addition, the Barracuda Web Site Firewall features the same user interface and management framework common to all Barracuda Networks products, including the Barracuda Spam Firewall and Barracuda Web Filter.
The Barracuda Web Site Firewall product line integrates varied degrees of traffic management capabilities, including SSL offloading, hardware-based SSL acceleration and load balancing, which increases both performance and availability of the applications. "Once again Barracuda is leading the way in affordable data protection", say Brian McCarthy CEO and Security Expert for Sencilo Solutions based in Orlando Florida.
Affordable PCI Compliance
In addition to ensuring the integrity and availability of a business' Web site, the Barracuda Web Site Firewall also enables Payment Card Industry Data Security Standard (PCI DSS) compliance for mainstream businesses that use their Web site or other Web applications to conduct retail transactions with customers.
"The Internet has enabled small and medium businesses to operate on a global scale, making it imperative that these businesses also have a means with which they can secure transactions containing credit card or other personal account data with customers all over the world," said Pao. "With the Barracuda Web Site Firewall, businesses can afford a comprehensive set of technologies designed to protect against unauthorized access to this sensitive information."
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
And the winner is........ - April 19, 2008
Leading Network Security Publication Honors Barracuda Spam Firewall and Barracuda IM Firewall at Annual Awards Gala
Jacksonville Florida – Barracuda Networks, Inc., the worldwide leader in email and Web security appliances, today announced that its Barracuda IM Firewall and Barracuda Spam Firewall were recognized by SC Magazine at the exclusive SC Magazine Awards Gala, held last week in conjunction with the annual RSA Conference. The Barracuda IM Firewall was selected for the Reader’s Trust Award for “Best IM Security Solution,” and the Barracuda Spam Firewall was awarded the 2008 SC Magazine Excellence Award for “Best SME Security Solution.”
As part of the Reader’s Trust Awards competition, SC Magazine readers representing IT’s most knowledgeable security professionals selected the Barracuda IM Firewall from among the industries’ finest solutions.
“We are truly honored to have been selected for these prestigious awards,” said Dean Drako, president and CEO of Barracuda Networks. “Knowing that the Barracuda IM Firewall was voted on by the readers of SC Magazine, is especially gratifying because we believe that many of those readers are also our customers, and we appreciate their continued support.”
Barracuda Networks and other 2008 SC Magazine Excellence Award winners were marked for distinction by a panel of 17 leading chief security officers from major corporations and large public sector organizations. The Barracuda Spam Firewall was selected for its excellence in protecting both small and medium enterprises.
“The Barracuda Spam Firewall was designed to be easy-to-use, powerful and affordable for businesses of all sizes,” said Drako. “To be recognized by this distinguished panel of security experts as the best overall SME security solution is an incredible honor for us.”
“In awarding the 2008 SC Magazine “Best SME Security Solution” Award, our judges have recognized Barracuda Networks as a key ally in their mission to safeguard businesses, customers and critical data in North America,” said SC Magazine Editor Illena Armstrong.
The awards highlight and showcase the best solutions, services and professionals while recognizing achievement and technical excellence in the information security industry. With more than 600 entries submitted in thirty categories, the 2008 SC Magazine Awards proved to be the most competitive in the program’s eleven year history.
The Barracuda Web Filter was also listed as a finalist for the Reader’s Trust Award for “Best Web Filtering Solution.” More information and a detailed list of categories and winners can be found at www.scmagazineus.com/awards.
About SC Magazine
SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Magazine Awards, SC Directory, SC Magazine Newswire and SC Magazine IT Security Executives Forums.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
So many E-mail Attacks - So little Time! We have the Answers - April 19, 2008
Virus-laden spam, targeted attacks and user ignorance make IT pros' jobs harder; here's how to cope.
Miami Florida - Mike Larsen has taken great pains to be able to sleep at night, confident that the e-mail systems at his workplace are being maintained and that the wall separating those systems from spam and phishing attacks still stands. But, as at many organizations, the wall guarding the e-mail systems at Larsen's company—travel agency Groople—is constantly under siege, with the attacks getting more brutal. "As Groople has grown, I have seen the volume of e-mail-based attacks skyrocket," said Larsen, the company's manager of IS. "It soon overburdened our e-mail gateway, and I was forced to implement new systems and software to handle the huge increase."
Vendors and enterprises alike are faced with a new e-mail threat landscape, where spam is increasingly laced with malware and targeted attacks have become more common. IT pros have a lot to consider—both in terms of technology and best practices—as they deal with the growing e-mail security challenge. According to Larsen, Groople grapples with about 1 million e-mails each month, 76 percent of which are either blocked by Barracuda Networks quarantined as spam. About 5 percent of spam messages get through to Groople in-boxes, he said.
To avoid this messaging traffic overburdening the network, the company went to a load-balanced e-mail gateway environment earlier this year. Larsen said he made sure security was woven into the gateway's fabric.
"Our entire e-mail infrastructure is architected in conjunction with our security infrastructure … to maximize the use of multiple layers of protection," Larsen said. "An attack must make it through several separate layers to get onto a user network. Any company that looks at e-mail as simply a business tool is blind. E-mail is a significant security threat to all businesses and should be addressed aggressively."
The New Threat Landscape
According to researchers at Symantec, one in every 617 spam messages now contains malicious code. "In the past, a message was either spam or a virus. … A single verdict was usually sufficient to catch it or remedy the situation," said Angelos Kottas, senior manager of product marketing for Symantec Messaging Security. "But what we're seeing as a trend is spam that also has malicious code embedded in it, so that a simplistic approach might not catch it."
In MessageLabs' monthly Intelligence Report for March, the company reported that it found one in every 169.2 e-mails containing a virus and one in every 228.7 e-mails containing a phishing attack. The report goes on to say that some of these attacks were targeted—aimed at specific people in various organizations. "We've been seeing a sharp increase in [targeted attacks]. On average, we will intercept about 30 targeted Trojans per day," said Mark Sunner, chief security analyst at MessageLabs. "In December 2005, that average would have been about two per week."Spam is clearly increasingly being used as an attack mechanism, infecting machines so they can be used in botnets to send more spam, said Gartner analyst Peter Firstbrook. While only one in every 150 to 200 e-mails may contain a virus, a much higher percentage of e-mails include a link to a malware-infected site.
"Sharing threat intelligence is one reason to have a coordinated SMTP and Web gateway," Firstbrook said, adding that, for many organizations, the lack of a secure Web gateway capable of filtering malware is a glaring hole in their defenses.
Many Means to Security End
Only a few weeks ago, a targeted e-mail attack reached the in-box of a county employee in Arlington County, Va. David Jordan, the county's chief information security and privacy officer, recalled that a password dump program had been hidden within an e-mail attachment. However, because the employee had received security awareness training, she did not open it. "The employee knew better than to open the attached file," said Jordan. "She simply forwarded the suspect e-mail to the technology services help desk."
The county uses Symantec Client Security, and Jordan said the system likely would have neutralized the malicious program even if the user had opened the attachment. Nonetheless, he cited the incident as an example of the importance of living in a constant state of vigilance from a security and employee education perspective.
"One of my missions is to make sure employees are educated and to empower them to be responsible and accountable for safe computing practices," he said. "For instance, I personally meet with every new hire during the training process to ensure individuals are aware of online threats and the county's security policies, which include Web and e-mail usage. Additionally, we conduct ongoing training and awareness initiatives, such as publishing weekly newsletters and alerting employees to the latest scams and e-mail threats via the county's SMS [Short Message Service] text alert system."
Indeed, no technology can protect an organization if users are not properly educated about the do's and don'ts of Web security, said Kevin Hewitt, network administrator for Stevens Aviation.
"Here at Stevens Aviation, we alert all of our users on any new possible threats," Hewitt said. "We do this to protect our network but also to help our users avoid these issues at home. In the event we send out an e-mail within the company to inform our users of new issues, we also include an FAQ section to review and remind our users of ways to avoid being scammed, infected or exploited."
Stevens Aviation opted for a software as a service approach to e-mail security with Webroot's E-mail Security SAAS. The aviation company receives about 120,000 e-mail messages daily, of which about 93 percent is spam, Hewitt said. The SAAS model, he added, saves bandwidth and allowed the company to eliminate a server that had been acting as the company's internal spam solution. Hewitt offered several e-mail security best practices, and he advises businesses to choose enablement over blocking when it comes to Web mail, allowing users to access Web-based accounts instead of their work e-mail for all personal transactions.
But letting employees access Web mail doesn't come without risks—and not just in terms of employee productivity.
In MessageLabs' Intelligence Report for February 2008, researchers noted that 4.6 percent of all spam originates from Web mail-based services. The researchers also found that the proportion of spam from Gmail increased twofold, from 1.3 percent in January to 2.6 percent in February. Yahoo Mail was the most abused Web mail service, responsible for sending 88.7 percent of all Web mail-based spam.
"I think some companies would just take the view, ‘We're not allowing Web mail because in theory it could be a bullet hole in your security,'" said Sunner, the MessageLabs security analyst. "If you think about it, if you've got a mail gateway, you've probably got some form of content filtering, some level of anti-virus protection. You'll be doing something almost certainly these days to protect your corporate e-mail system. So, having done that, if you allow access to Hotmail [for example], of course if someone then receives a virus in their Hotmail account and they go and access it, they completely blind-sided all the mechanisms you did put in place."
E-Mail Security or Content Security?
In an era of data breaches and insider leaks, a conversation about e-mail security is about more than just spam and malware—it is also about DLP (data leak prevention). In fact, the focus of enterprises has shifted more toward overall content security, said John Thielens, vice president of technology at Tumbleweed Communications.
"To [solve content security problems] today, you need to buy products from six or seven different vendors—a Web filter, an e-mail filter, a content analysis suite, a file transfer product, an endpoint protection suite," Thielens said.
DLP products offer a more comprehensive approach, with their content monitoring, data classification and policy enforcement capabilities.
The DLP market saw a number of acquisitions last year, and the technology is making its way into the enterprise market. However, many companies have been slow to deploy the technology, which helps to prevent the loss of sensitive data by stopping, for example, an e-mail including a Social Security number from crossing the mail gateway. In the report released last November "Extending Intellectual Property Protection Beyond the Firewall," analysts from Enterprise Strategy Group found that only 17 percent of the 109 respondents were using network-based DLP appliances at their organizations.
The ability to block classified data before it leaks out via e-mail can be a key element in e-mail security. But before investing in DLP, companies should first understand what their sensitive data is and what their business needs are, according to analysts. The risk of focusing too much on a block-and-allow approach is that employees—ultimately the last line of defense in security—will simply circumvent whatever protections are put in place, Thielens said.
"Think of the content management problem as a bubble in a long balloon animal. If you squeeze the controls around that bubble, the air just moves to the left, to the right," he said. "If you lock down e-mail, people start using files and Web and instant messaging. If you take this blocking mentality, you're always in catch-up mode.
"Instead, think about enablement, and tell people, ‘We're going to put some defensive controls that block the wrong ways of doing things in place, but we're also going to give you ways where you know how to do business with your content.'"
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing PCI Visa Email e-mail exchange
EMC leading the way in disk-based security with new encryption capabilities - April 12, 2008
Hialeah, Florida -- EMC Corp., a provider of information infrastructure solutions, announced Tuesday new data encryption capabilities for storage-devices that protects information at rest from unauthorized access or the unauthorized removal of a disk drive or array from a secured environment.
The new EMC PowerPath Encryption with RSA integrates EMC PowerPath path management software with encryption and key management technology from RSA, the security division of EMC. Now, customers deploying EMC Symmetrix and EMC CLARiiON storage systems can benefit from a consistent security strategy and deployment in and around the data center and across the IT stack with central management and automation of encryption keys.
With this integration, EMC continues to execute and deliver another proof point of its commitment in providing information-centric security in the infrastructure. PowerPath Encryption with RSA is part of a series of announcements made this week at the RSA Conference.
Leveraging EMC PowerPath software, with more than 600,000 licenses deployed, EMC PowerPath Encryption with RSA encrypts and decrypts data at the host, as it is sent to and from the array. The solution protects against unauthorized access or inadvertent loss of un-protected information via malicious attacks and spoofing of Fibre Channel hosts, and makes information inaccessible in the event of physical theft of media from the data center.
The new encryption solution uses RSA Key Manager for the Datacenter, an easy- to-use, centrally administered encryption key management system that can manage encryption keys at the database, file server, and storage layers. It is designed to simplify the deployment and ongoing use of encryption throughout the enterprise, and helps ensure that information is properly secured and fully accessible when needed at any point in its information lifecycle.
"Improving the level of information protection using encryption helps companies comply with internal, private and government standards, including the Payment Card Industry Data Security Standard (PCI DSS), an applicable compliance standards," says Brian McCarthy President of Sencilo Solution in Orlando Florida, and Enterprise partner for EMC. The PCI DSS applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data. As of the end of last year, any organization that accepts payment card transactions must be in compliance with the standard and PowerPath Encryption with RSA can form a foundation for meeting that standard.
Heidi Biggar, Analyst, Enterprise Strategy Group (ESG), said, "Recent ESG studies indicate that securing data independent of where it resides or how it's stored is a critical customer requirement. While important for organizations of all sizes, EMC PowerPath Encryption with RSA can yield immediate security benefits for those heavily regulated industries, such as public sector, financial services, retail and healthcare, by making sure data is inaccessible in the event of loss or theft. With this announcement, EMC delivers another solid proof point in how storage and security can work hand in hand."
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM
Best Practices for Backup, Archive, Recovery and E-Discovery - April 12, 2008
St. Peterburg Florida -- Many IT administrators at small and medium businesses (SMBs) are facing a new budget cycle as the New Year dawns. One of the items which many are considering investing in is data protection technology. Most have experienced an explosion in the amount of data requiring protection while not experiencing an equivalent increase in their IT budget. Additionally, the responsibility of complying with new governmental and industry regulations for data retention, archiving and electronic discovery has fallen squarely in the lap of IT staffs which stretches their budgets further.
Data Protection Has Become More Complex
Data protection used to be an easier proposition. You could simply designate a system as the backup server, install some backup software, attach a tape library and start backing up production servers to it. But, with the advent of critical production applications, server and storage virtualization, critical data stored on desktops and laptops, and increased recovery time and recovery point objectives (RTO and RPO) data protection has become much more complex.
Companies Must Now Do More with Less
It is easy to say that organizations must be more current and comprehensive in their backup, recovery and archiving procedures. Yet, few companies have the luxury of being able to assign the resources to address all these tasks optimally. The reality is that most organizations now count on increased productivity to drive profits. This means accomplishing more with fewer resources.
New Data Protection Technologies Abound
For companies looking to improve their data protection technology and procedures, there are a bewildering number of point solutions and possible combinations for data protection and archiving to be considered. It was not long ago when the backup solution was based on one piece of software. Now organizations must decide on all the hardware, too, including the compatible and scalable nature of each piece. In addition, they must consider a number of capabilities: disk-to-disk backup, VTLs, replication, snapshots, CDP, de-duplication, sophisticated archiving, email archiving, data encryption and security. Many options exist and many more are coming.
Deciding on a Solution – Conventional Approaches Do not Meet Today’s Requirements
Traditional solutions for data protection, email archiving and SAN storage are too complicated. There are too many parts to manage and consider: software, hardware, disk, tape, network, SAN – the decisions are overwhelming. Once the technology decisions have been made, the pieces have to be put together which can take weeks or even months.
Total Solution Appliance Solves Many Problems
Now, more than ever, organizations need the best products available to provide them with effective data protection. A new approach for companies to consider for their storage and data protection is an all-in-one, automated solution preconfigured to address all data storage and protection functionality, usually called an “appliance.”
Organizations piecing a solution together will need to work with several companies. Each will have a comprehensive and in-depth view of what their specific product can do to address a particular problem. These vendors, however, do not have a total view of the organization’s requirements and are not able to address the entire problem. When buying individual components, an organization makes a huge trade-off. Buyers search for components optimized for their specific function; not for a best-of-breed total solution. This time-consuming purchasing process involves a complex set of comparisons to work with compatible vendors. An appliance vendor, by contrast, picks the best and most compatible components and takes ownership of them. Most SMBs will only solve their backup problem once. The appliance vendor has solved the same problem hundreds of times.
When a company purchases an appliance, it forgoes the relationship with the individual component vendors. Thus, an appliance vendor is motivated to install a reliable product because they will have to support it! The “data protection” appliance vendor will have a more holistic view of an organization’s problem and is more concerned that the entire data storage and protection solution works to satisfaction.
Upgrading an appliance is also simpler for the end user. When an organization upgrades, it can be sure that all components remain compatible with each other. With an individual components solution, an upgrade often results in an entire system overhaul. Finally, a data protection appliance allows a company to buy the capacity and capabilities it needs now and expand the appliance as the company’s requirements grow. The business dictates the functionality of a storage solution, rather than the reverse.
The conventional integration of a component approach requires manual integration and diagnostic activities that consume both human and system resources. An appliance addresses this problem by providing a pre-integrated simple-to-install solution. This is a benefit for all companies but is particularly useful for SMBs that normally have only a few minutes a day to address any one problem.
Selecting an Appliance Solution
Below is a short laundry list of things to consider when evaluating a data protection appliance:
Easy to purchase, install, manage and support.
Optimizes backups, archives, restores, disaster recovery and electronic discovery to meet corporate RTO and RPO.
Complies fully with regulated retention policies.
Efficiently uses media.
Automates daily functions and reduces administrative hours.
Provides an adaptable and scalable foundation for future data protection and storage needs.
In sum, organizations must look beyond the conventional approaches and toward recovery solutions packaged and implemented with appliance approaches that incorporate the best in component technologies. To do less will probably assure being an early casualty of the tremendous data changes coming in the 21st century.
The new PowerPath Encryption with RSA yields a number of advantages compared to other encryption technologies, such as gateway products, including easier deployment. PowerPath Encryption with RSA can be added to environments and is transparent to hosts, applications, replication, and backup infrastructure. It also offers built-in high availability, as the PowerPath Encryption with RSA provides a management appliance that is configured in redundant pairs for no single point of failure, compared to alternative solutions that need multiple appliances to provide high availability.
The new PowerPath Encryption with RSA also offers better scalability and centralized management. PowerPath Encryption with RSA provides encryption at the host and centralizes key management with RSA Key Manager for the Datacenter, which can support tens of thousands of hosts compared to other solutions that need additional appliances to meet growth requirements and cannot be centrally managed. It also offers better Flexibility, as the PowerPath Encryption with RSA gives users the ability to choose the LUNs (logical unit number) or volumes they want to encrypt.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM
