Connect to HealthIT News
EMC has it's head in the Clouds - Cloud Storage that is! - May 6, 2008
Mozy, Inc., part of the Cloud Infrastructure and Services Division of EMC (NYSE:EMC), today announced the release of MozyHome for Mac, the industry's first unlimited online backup service for the Mac. Mac users in the home can now safely and cost-effectively back up all of their digital information over the Internet. With more than 700,000 total users worldwide and 6.2 billion files backed up, Mozy is the leading online backup service of choice for consumers and small businesses.
"Mozy is honoring its roots by augmenting its service to consumers and small businesses," said Vance Checketts, chief operating officer for Mozy. "We've had more than 43,000 individuals participate in our public beta and have devoted thousands of hours of development to this new MozyHome for Mac release."
Designed as a consumer service, MozyHome for Mac offers 2 gigabytes of online backup absolutely free with no expiration date, or $4.95 a month for unlimited online backup capacity. Mozy automatically protects all computer files including photos, music, videos and financial documents from data loss in the event of hard drive crash, accidental deletion, natural disaster or theft. All files are encrypted with 448-bit Blowfish encryption and the encrypted files are transferred via a 128-bit SSL connection the same encryption used for online banking during the backup process for extra security. After the initial backup, Mozy only backs up incremental changes to files and folders, meaning subsequent backups run extremely fast. In addition to the most recent backup, Mozy keeps 30 days worth of file versions as well. In the event of data loss, files may be recovered via the Mozy client software, downloaded from the Mozy website, or by ordering the files on a set of DVDs from Mozy.
"I had just completed my transition from Tiger to Leopard when my hard drive crashed," said Donald Malm, who participated in the MozyHome for Mac beta. "The restore of all my data from Mozy was completed without a single error. My Quicken data was exactly where I had left off the day before the crash. Never have I made a better purchasing decision since I started in the insurance and financial system design industry 52 years ago."
Later this summer, Mozy will release a business version of its Mac service to enhance its MozyPro and MozyEnterprise offerings. More than 20,000 business customers already trust Mozy to back up their data, and Mozy is currently backing up more than 7.5 petabytes, the equivalent to 7.8 million gigabytes, across multiple data centers. Businesses interested in an online backup service for the Mac can sign up to be notified at www.mozy.com/mac/probeta.
With the addition of the MozyHome for Mac service, EMC offers Mac users the industry's most robust backup and recovery options. Other data protection offerings for Mac users include EMC Retrospect for Macintosh and EMC LifeLine software.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral
Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ
A study found that 64 percent of respondents said Access Controls is the top security concern - May 6, 2008
Despite increased awareness of access control issues, healthcare providers continue to struggle with security and compliance related to user access, according to the results of a survey conducted at the Health Information Management and Systems Society 2008 conference in February.
The survey, conducted by enterprise provisioning and access control software vendor Courion at the show Feb. 24-28, revealed that 64 percent of respondents cited controlling user access to clinical systems as their top IT security concern.
The survey, which was conducted among 136 pre-screened HIMSS attendee respondents, found that 60 percent reported issues with users sharing passwords, 52 percent found that orphaned user accounts were not properly disabled after employment was terminated and 38 percent of respondents said there had been instances of inappropriate access.
Todd Chambers, chief marketing officer at Courion, said that while many hospitals are taking a more strategic view of security and privacy issues related to access, these issues were complicated by the fact that many organizations were relying on remote work forces, as well as mobile and wireless technology, which made it difficult to secure a hospital's IT environment.
Chambers said outside contractors, nurses or physicians who weren't part of the permanent staff, as well as third-party vendors, all needed access to systems and information to do their jobs, but that access could create vulnerabilities if they affected a caregiver's ability to deliver patient care.
"These guys are worried about getting their job done and caring for patients," Chambers said. "A security or compliance requirement is going to be ignored in favor of getting that job done—especially if those requirements stand in the way—if it's easy for [caregivers] to bypass and if they're not enforced by hospitals.”
Access issues are a major concern not only because they can leave hospital systems vulnerable to viruses and hackers, but because of the need to meet HIPAA audit requirements that require knowledge of who is accessing specific systems at what time and whether that access is authorized.
Chambers said one surprising statistic showed that the threat of a HIPAA compliance audit was the strongest incentive for increasing security initiatives, with 60 percent of survey respondents saying that was a major driver of security and compliance decisions, and 75 percent of respondents reporting they were concerned or very concerned about facing a HIPAA audit. Chambers said that while HIPAA audits were performed in the past, they have become more frequent recently.
"Until recently, the idea of a HIPAA audit was not that threatening. But now more HIPAA audits are taking place in hospitals that may not have even had any violations, and as the government enforces HIPAA, they are being more punitive," said Brian Mccarthy Security Expect and Co-founder of Sencilo Solutions in Lake Mary, Florida.
Typically, hospitals perform internal audits to test for security and compliance, but these usually are time-consuming and often don't prevent a breach from happening, since they can only report what has already happened.
The survey included a cross-section of healthcare providers ranging from community hospitals to multi-hospital systems, and was developed to augment a focus group Courion conducts that gathers insight into security and compliance in the healthcare industry.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words:Â Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare
Data Storage profits are up? - May 6, 2008
Compellent joined other storage companies including EMC and Commvault in reporting a strong first quarter despite a down economy. The company’s revenues more than doubled year over year to $18.3 million, growth of 107% over the first quarter of 2007 and 9% over the previous quarter.
The company also is still a ways from profitability, and lost $1.2 million last quarter despite the increased revenue. CEO Phil Soran said on the company’s earnings call that this is because Compellent is growing and is adding operating expenditures such as salaries for new employees. Soran said he expects Compellent to be profitable by the second half of this year.
With the rest of the country in financial turmoil, how are storage companies staying strong? “Storage is the last thing that gets cut from the IT budget,” was Soran’s answer. I would also imagine it’s because storage has always been a conservative market–it doesn’t have as far to fall as some other markets.
Another thing benefitting Compellent, according to Soran, is the acquisition of midrange disk array competitor EqualLogic by Dell. It’s been well-publicized that EqualLogic channel partners have been wary of the deal, if not downright alienated by it, because of Dell’s poor reputation in the channel. Soran declined to give any specific numbers around how many channel partners have defected or how much new business it accounts for, but volunteered anecdotally that Compellent is seeing more large EqualLogic channel partners looking its way as a result of the Dell deal.
Still, Soran says the company has a ways to go when it comes to gaining that mind share. Echoing some of NetApp’s statements when it rebranded itself earlier this year, Soran said Compellent does well when companies look at its products but often doesn’t get brought to the table.
I also asked him whether or not Compellent is seeing significant business as a tier-2 disk array in large shops. He said yes, but also declined to break out any numbers.
Soran attributed Compellent’s growth to the attractiveness of its consolidation and thin provisioning features in a down economy, similar to the power and capacity savings that have reportedly kept money flowing in to Data Domain’s coffers. But Soran said Compellent’s chief competitor remains EMC, which doesn’t yet offer many of the features he was referring to–and EMC also reported a stronger-than-expected first quarter.
“They have a good brand,” Soran said.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare
Is Symantec up for sale? - May 6, 2008
John Thompson must have known the question was coming. The Symantec CEO certainly heard the rumors. So when he was asked Wednesday night during his company’s earnings conference call about selling off parts of his company, Thompson couldn’t have been clearer.
“Contrary to popular rumor, we have no plans to divest of anything,” he said. “None.”
The rumors mainly involved the storage products that Symantec acquired from Veritas three years ago. And they were widely circulated. According to an Associated Press earnings preview story that ran this week:
Analysts are particularly interested in the possible sales of backup and recovery software product NetBackup and the company’s non-Windows Data Center Foundation, which comprises of storage and server management products.
Several technology bellwethers, including IBM, Hewlett-Packard and EMC have been named as potential buyers for Symantec’s storage products, including NetBackup. One executive from HP who did not wish to be known is quoted as saying "he has meet with John (Thompson) and it's all but signed."
AP could have added two other bellwethers who have been mentioned as suitors of all or some of the Symantec storage products - Oracle and Microsoft.
From the tone of Thompson’s voice when he answered the question, he’s not happy with the rumors. Yet Symantec is at least partially to blame. There have been frequent reorganizations since it bought Veritas, usually accompanied by layoffs. Symantec admitted a large layoff in April but would not give details. This left the door open for scared Symantec employees, disgruntled former employees and opportunistic competitors to attempt to fill in the details. And Symantec execs have talked about getting rid of poor performing units on previous earnings calls.
But Wednesday’s call was upbeat. Symantec reported outstanding results all around, and storage was front and center. Email archiving, backup, and storage management were among the product segments that posted double-digit year over year growth. Thompson and COO Enrique Salem talked of a bright future for Net Backup 6.5, Backup Exec 12, and Storage Foundation. They emphasized Symantec’s encryption and virtualization capabilities and gushed about three hot storage areas where Symantec has hardly been a pioneer: data deduplication, continuous data protection and software as a service (SaaS).
Symantec’s earnings were impressive in current economic conditions, although with 53 percent of its revenue from international sales, it took advantage of favorable foreign exchange rates against the dollar. Symantec gained share from its major rival EMC on the backup front, with 11 percent year-over-year growth compared to EMC’s 8 percent growth.
The question now is whether the strong storage performance will prompt Symante execs to forget about spinning off any pieces, or will it only add to the value of a possible sale? Thompson’s take is nothing is for sale. Despite what you might have heard.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare
It's not will Sun get out of the Storage Market, but when? - May 6, 2008
When Sun revealed its open source storage push this week, some in the industry wondered about its business model. In other words, how can Sun make money on open source storage products?
Then Sun reported its earnings Thursday night, and it became clear that its storage business isn’t exactly rolling in dough these days anyway.
Sun’s storage products generated $530 million in revenue last quarter, down 5.4 percent from a year ago and $100 million short of its target. Big-ticket items such as tape libraries and high-end disk systems were down in a quarter in which EMC and IBM reported increases. Server revenue also fell short by $100 million, making it a disastrous period for the new combined servers and storage unit.
Overall, Sun lost $34 million in the quarter compared to a profit of $67 million the year before. On the earnings call, Sun execs said they would be restructuring to the tune of 1,500 to 2,500 layoffs.
Can open source save this sinking ship? Sun CEO Jonathan Schwartz seems to think so, and he certainly hopes so. Open source was a common theme of his earnings call, with open storage getting its share of attention with statements such as: “We have a great variety of new Open Storage innovations [entering] the market within the next few quarters.”
Schwartz didn’t talk too much about how Sun will make money on open storage, except to emphasize how it would save money on R&D by having a common open platform for all of its servers and storage systems. Layoffs are expected to save Sun between $100 million and $150 million a year, although it’s not clear how much of the reduction will be in storage. Sun continues to the the butt for most jokes remarked a Sun reseller at SNW.
It remains to be seen what the quality of open storage products will be, but Sun has little to lose. It’s tried a lot of things over the years to jumpstart storage sales, including paying $4.1billion for tape library market leader StorageTek. Nothing has worked. Sun OEMs systems from Hitachi Data System, LSI and Dot Hill and usually has less success than other vendors who sell the same systems. For a while Sun planned its storage future around the 6920 midrange system, which it billed as a virtualization product and an EMC Clariion killer. Customers yawned, and Sun sold the technology to HDS last year.
Now its storage plans revolve around a large DAS system called Thumper and open source software. Considering its track record, things can’t really get much worse, can they?
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. It's technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare
Security for Exchange: Best Practices - May 6, 2008
Email is essential for business communication, but it wasn't designed with security or regulatory compliance in mind. As spammers and hackers continue to attack the world's email infrastructure, organizations face a daunting security challenge - trying to protect their email systems from a relentless barrage of spam, denial-of-service and other inbound attacks, losing sensitive data through accidental leakage, and maintaining regulatory compliance.
Tumbleweed MailGate provides a suite of comprehensive, high-performance email security solutions that simply and effectively protect you from the full spectrum of email security threats and risks. Through MailGate you can:
Implement effective email security.
MailGate secures inbound and outbound email traffic, and stops virus outbreaks, spam, botnet attacks, image-spam, worms, directory harvest, and denial-of-service attacks. MailGate ensures that email traffic and message contents flow reliably and securely.
Accidental data leak prevention.
With the most comprehensive suite of email security, content filtering that prevents accidental data leakage, and intelligent routing capabilities, MailGate simplifies compliance with industry and government regulations such as HIPAA, GLBA, Sarbanes-Oxley, CA-1386, as well as with your organization’s internal security and privacy policies.
Protect private information.
MailGate’s industry-leading email encryption technology not only blocks malicious traffic, but provides secure communication as well. MailGate delivers automatic gateway-to-gateway strong encryption for any remote domain through policy-basedTLS encryption. Also, with Secure Messenger, messages can be routed based on message content or the identity of senders and receivers through many encryption options, including remote certificate error checking and validation, S/MIME and PGP protocols, and patented secure Web-based delivery.
Reduce infrastructure and management costs. MailGate eliminates costly threats, such as spam, directory harvest and denial-of-service attacks, which all too often force organizations to buy too much infrastructure for the very traffic they don’t want. MailGate can reduce your raw email load by more than 80 percent, dramatically cut infrastructure overhead and administrative costs, and improve network throughput.
Centralized control for inbound and outbound email security
Inbound and outbound email security are interrelated and require common management, threat protection, content protection, and reporting. Unlike other products that rely on third-party solutions for encryption and antispam technology, Tumbleweed delivers best-of-breed, integrated email security solutions that are powerful, comprehensive, and easy to manage.
MailGate: Comprehensive email security built on a high-performance, highly secure Linux platform that installs in minutes and can process close to two million messages an hour. Flexible and easy to manage, MailGate provides intelligent network-edge defenses, antispam, antivirus, zero-hour virus outbreak protection, accidental data leakage protection through content filtering, policy management, gateway-to-gateway encryption, automated reporting, and a state-of-the-art, centralized management console.
Secure Messenger: A policy-based, secure message delivery product that dynamically applies user-defined email encryption and routing policies. Includes the industry's widest range of email encryption options including TLS, S-MIME, PGP, and patented Web-based message delivery.
Desktop Messenger: A secure, practical, and easy-to-use solution for sending encrypted email from the desktop to any recipient. Unlike other products that are difficult to manage, or require pre-installation for recipients, Desktop Messenger eliminates the hassle of PKI, and allows delivery to any new or external recipient via Secure Messenger.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.
Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.
Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare
PCI Council issues statement on Web application security as June 30 closes in - April 23, 2008
Tampa Florida - Responding to a wave of criticism and confusion surrounding the imminent deadline for a new section of the PCI Data Security Standard regarding Web application security, the PCI Security Standards Council on Tuesday released documentation intended to clarify the requirements for securing Web applications.
The clarification is meant to settle some of the confusion regarding the pending enforcement of PCI DSS Requirement 6.6 , which covers application firewalls and code reviews.
Security practitioners and industry observers had criticized the language in the new requirement, saying that it was unclear whether organizations needed to perform a code review and deploy a Web application firewall, or whether one or the other is sufficient. The new document explains that companies can do either the code review or install the application firewall, but that the council would ideally like to see them do both, states Brian McCarthy Security Expert and PCI chapter member.
"The intent of Requirement 6.6 is to ensure Web applications exposed to the public Internet are protected against the most common types of malicious input. There is a great deal of public information available regarding Web application vulnerabilities," the council wrote in its guidance. "Proper implementation of both options would provide the best multi-layered defense. PCI SSC recognizes that the cost and operational complexity of deploying both options may not be feasible. Further, one or the other option may not be possible in some situations. However, it should be possible to apply at least one of the alternatives described in this paper and proper implementation can meet the intent of the requirement." Products like the Barracuda Networks Web Firewall is the simplist and most affordable way to get into complience quickly.
For organizations considering the application code review option, the PCI SSC laid out some more detailed information on what qualifies as a code review. For example, the new guidance defines such reviews as being "dynamic and pro-active, requiring the specific initiation of a manual or automated process." The four options for code reviews that meet Requirement 6.6 include:
Manual review of application source code
Proper use of automated application source code analyzer tools
Manual Web application security vulnerability assessment
Proper use of automated Web application security vulnerability assessment tools
As for the Web application firewall, the PCI SSC specifies that the firewall be "a security policy enforcement point positioned between a Web application and the client end point." That's a fairly broad definition, and the new guidance further broadens it by saying that the firewall can be either a dedicated appliance or a software application running on a server. The software version comes with is own challenges unlike a Barracuda Networks Web Firewall.
However, the council is careful to say that simply deploying one of these protection methods is not enough to guarantee compliance with Requirement 6.6. "Note that compliance is not assured by merely implementing a product with the capabilities described in this paper," the guidance says. "Implementing a [Web application firewall] is one option to meet Requirement 6.6 and does not eliminate the need for a secure software development process."
The Deadline for 6.6 is due to go into effect on June 30 2008.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words:Â Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
LendingTree's Poor Security Practices are the cause for Data Breach - April 23, 2008
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
University of Miami given Failing Grades for Data Security - April 20, 2008
The Universities of Miami and Virginia acknowledge lost data on stolen tapes and laptops
The University of Miami and the University of Virginia are the two latest organizations to be rocked by data breaches after the theft of sensitive data affecting tens of thousands of people.
Miami Florida - Details of the University of Miami’s security snafu are starting to emerge after officials confirmed yesterday the theft of backup tapes containing medical data and Social Security numbers on some 47,000 people.
In a statement released Thursday, the university explained that the theft occurred when a case of tapes was stolen from a vehicle in downtown Coral Gables. The vehicle had been contracted by a “private off-site storage company," though officials but did not reveal the identity of the firm involved.
Anyone who has been a patient of a University of Miami physician or visited one of the university’s medical facilities since Jan. 1, 1999, is likely to be included on the tapes, according to officials.
Information contained on the stolen media includes names, addresses, Social Security numbers, health information, and, in some cases, credit card and financial data.
”We felt that in the best interest of the physician-patient relationship, we should be transparent in this matter,” said Pascal Goldschmidt, dean of the University of Miami’s Miller School of Medicine, in a statement, adding that he is confident that patients’ data is safe.
The tapes were written in a “complex and proprietary format," making it unlikely that a thief could access the data, according to the university. When the theft occurred last month, officials also brought in security specialist Terremark to work out whether data could be accessed from a similar set of backup tapes.
”Because of the highly proprietary compression and encoding used in writing the tapes, we were unable to extract any usable data,” said Christopher Day, senior VP of Terremark’s Secure Information Services group, in a statement.
At least one Security Consultant Brian McCarthy of Sencilo Solutions disagrees, "Mr. Day is flat at not telling the truth, the backup software is a free download via Symantec, as for the hardware I'd suggest he visit E-Bay to place a bid for a LTO tape reader". What Mr. Day should of been doing is recommending encryption technologies to his client, rather then filling them with false promises of security, states McCarthy. The only way to guarantee that the data is protected is to use encryption, say Mr. McCarthy.
Law enforcement agencies are currently investigating the theft, although Miami is not the only university dealing with the consequences of stolen data.
The University of Virginia also hit the headlines this week following the theft of a laptop from one of its employees. The laptop contained information on more than 7,000 staff, students, and faculty, according to media reports.
Local Charlottesville newspaper The Daily Progress reports that the laptop, which contained a file with names and Social Security numbers, was stolen from an undisclosed location in Albemarle County.
This is not the first time that the University of Virginia has been struck by a data breach.
Last year a hacker broke into the university’s network and accessed the records of 5,735 faculty members, prompting the school to call in the FBI to work on the case alongside the university police and its IT workers.
The University of Virginia did not respond to Byte and Switch’s requests for comment on the stolen laptop, although the local Albemarle County Police Department is said to be investigating the theft.
Research released today by analyst firm AMI Partners reveals the staggering scale of data breaches experienced by U.S. firms, with up to 86 percent of medium-sized American businesses reporting some form of security breach or data loss in the last 12 months.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Affordable Web Site Firewall for PCI Compliance to SMBs - April 19, 2008
Barracuda Networks Launches Barracuda Web Site Firewall -- New Barracuda Web Site Firewall Offers Complete Protection Against Site Vulnerabilities, Extends Affordable PCI Compliance to SMBs
Miami Florida - Barracuda Networks Inc., the worldwide leader in e-mail and Web security appliances, today launched the Barracuda Web Site Firewall product line, the industry's most cost-effective Web application security appliance. The Barracuda Web Site Firewall leverages the capabilities of the award-winning Web Application Controller product line acquired from NetContinuum in September 2007. Targeted at businesses of all sizes requiring Web application security and PCI compliance, the Barracuda Web Site Firewall starts at $4,999.
"Hackers are increasingly taking advantage of Web sites that do not have ample protection against major Web application attacks, and many of these sites belong to small and medium businesses," said Stephen Pao, vice president of product management for Barracuda Networks. "Until now, Web application security products have largely been targeted at large enterprises that have expansive IT budgets, leaving SMBs without an affordable option. The Barracuda Web Site Firewall delivers a powerful, easy-to-use solution for the 'rest of us.'"
By harnessing the same powerful protection offered by the Barracuda Web Application Controllers, the Barracuda Web Site Firewall secures Web sites against data theft, denial of service or defacement. As a full proxy, the Barracuda Web Site Firewall blocks or cloaks attacks, such as SQL injections, cross-site scripting attacks or buffer overflows, while preventing outbound sensitive data leakage. To minimize ongoing administration associated with security, the Barracuda Web Site Firewall automatically receives Energize Updates for the latest policy definitions, security updates and attack definitions. In addition, the Barracuda Web Site Firewall features the same user interface and management framework common to all Barracuda Networks products, including the Barracuda Spam Firewall and Barracuda Web Filter.
The Barracuda Web Site Firewall product line integrates varied degrees of traffic management capabilities, including SSL offloading, hardware-based SSL acceleration and load balancing, which increases both performance and availability of the applications. "Once again Barracuda is leading the way in affordable data protection", say Brian McCarthy CEO and Security Expert for Sencilo Solutions based in Orlando Florida.
Affordable PCI Compliance
In addition to ensuring the integrity and availability of a business' Web site, the Barracuda Web Site Firewall also enables Payment Card Industry Data Security Standard (PCI DSS) compliance for mainstream businesses that use their Web site or other Web applications to conduct retail transactions with customers.
"The Internet has enabled small and medium businesses to operate on a global scale, making it imperative that these businesses also have a means with which they can secure transactions containing credit card or other personal account data with customers all over the world," said Pao. "With the Barracuda Web Site Firewall, businesses can afford a comprehensive set of technologies designed to protect against unauthorized access to this sensitive information."
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
