By Erik Small -

SC Magazine just published an article with an interview with Frank Kenney, VP of Global Strategy.  He recently spoke in London at a press conference for InfoSecurity Europe, Europe’s leading information security event which took place on April 27-29, 2010.

A basic theme of the interview addresses the FTP market and the growing number of files sent back and forth in business environments.

From the article: “Referring to Gartner statistics, Kenney said that the market is growing in FTP, and two million MP3s are moved via email systems every four weeks.

He said: “From the iPhone and iGoogle portal pages to web mail and file-sharing websites to USB drives, corporate IT has to manage and control both sanctioned and ad-hoc applications, processes and systems.”

Read the full article: Problem with the professional consumer is leading to an information security headache

By boo -

just how secure.. is your security?

I just figured I’d share with the group some recent data and security breach news stories from the last few days…does it ever end?

• Snooping through the Power Socket (BBC)
• Elance hit by Security Breach (TechCrunch)
• Someone Call Security (Twitter)
• Questions on Cloud Security (Network World)

By c-emmons -

Nevada and Massachusetts have become the forerunners for data security recently.  With the current data security regulation (1.0), businesses are required to notify individuals if there is a potential personal information breach which could lead to identity theft.  This law is used mostly to set standards in responding to incidents but not in actually preventing them from occurring in the first place.  As many may remember, the reason for the regulation in the first place was due mainly to the data breach that companies such as TJX, ChoicePoint, DSW and BJ’s Wholesale suffered.  With TJX as their guinea pig, the Federal Trade Commission conducted a new wave of security referred to as Data Security Regulation 1.5.  This made higher standards for business security that penalized any data breaches.  However, it lacked an implementation of any technology to fight against this.  Which brings us to Data Security Regulation 2.0.

New laws in the states of Nevada and Mass are looking to set specific standards which include the use of encryption when collecting and transmitting hte personal information of its buyers. On October 1, 2008 the Nevada law was effective saying that information was not allowed to be transmitted other than via fax unless encrypted which is defined as “requiring the use of cryptographic keys to decipher data.”  Although Nevada is certainly a leader for security, it has nothing on the programs that Massachusetts is looking to install.  They are bearing down on all levels of companies and considering each to be on the level of banks and their need for information security.  Going much further than simply encrypting data, business must undergo operational requirements such as a developing a written information security program which must be approved by the standards of the Commonwealth of Massachusetts.  Encryption according to Mass is more narrowly defined as “the transformation of data through the use of algorithmic process, or an alternative method at least as secure, into a form which meaning cannot be assigned whithout the use of a confidential process or key.”  Due to the complexity of the law and complaints from business owners it will not be authorized until January 1st of 2010.  Businesses that store personal information in electronic or paper from must abide by these laws and any violations carry a heavy fee of $5000.

These new laws are just the beginning of information security practices.  It will be difficult to employ them, however, if all the standard vary state-to-state.  It is the best interest of the businesses everywhere to begin to implement security measures that comply with Massachusetts since it is the strictest.  Many enterprise leveled businesses and beyond have since begun to protect their name brand as well as their customer information by using ws_ftp and other file transfer products, which are in compliance with the law.   Until there is one standard law for all businesses, every company from McDonald’s to the local icecream store should start encrypting.

By Hugh Garber -

Not sure if you’re paying attention to the big RSA security conference held this week in San Francisco. I can tell you firsthand that the halls are buzzing with people looking to deploy more robust security solutions at organizations of all shapes and sizes. There’s lots of interest in trying to identify new encryption, Managed File Transfer, and identity solutions that will help enable the safe handling of company data and help businesses comply with various requirements.

All that being said, it will be interesting to see how today’s economic conditions will affect how organizations spend their scarce IT budget over the next year or so. Yes, everyone agrees that “security” is important. And yes, many companies are required to provide secure mechanism as part of corporate governance and compliance requirements. But the proof is in the pudding…. Will they spend the bucks to actually deliver improved secure solutions?

Here’s a real interesting article that talks about how technology vendors and the subset of security vendors are faring in today’s economy. The bad news is that global software spending is down 5% in 2009…. But security vendors are down much less. That’s a good indication that organizations are opting to focus and channel their scarce budget on providing secure and compliance solutions. That is encouraging news.

By Hugh Garber -

Are you familiar with MA 201 CRM 17?
If not, don’t worry…. you will be soon.
MA 201 CRM 17 is the new Massachusetts Data Protection regulation that goes into effect on May 1, 2009. This new compliance regulation will require that companies doing business with Massachusetts residents comply with stringent data protection requirements.
Every company, business partner and service provider that owns, licenses, stores, handles and/or maintains personal information about a resident of Massachusetts will need to meet set standards for protecting personal information of Massachusetts residents – whether that business is located in MA or not.
Nice to see Ipswitch out in front of the 201 CRM 17 regulation, already stating that their WS_FTP and MOVEit secure managed file transfer solutions will enable companies to comply with MA 201 CRM 17.
Here are the details from the Mass.gov website.
IMHO, this is comforting news for all us Massachusetts residents, assuming it’s actively enforced. I’m sure we’ll all be hearing more about MA 201 CMR 17 in the coming months….. Stay tuned!

By Hugh Garber -

Here’s a very insightful article posted on the ITC Review blog written by Gary Shottes, President of the Ipswitch File Transfer Division.
Here are a few quotes from the article that really make you contemplate rules and regulations that force companies to take responsibilities for a data breach…. Not to mention the positive outlook that technology is available to be deployed by organizations to protect sensitive company information:
“Many companies experience data breaches yet fail to tell their clients, let alone the authorities or police. The reason for this is due to the fact that the majority of companies realise they would expect to lose customers immediately, on a massive scale, if a data breach was revealed.
Security experts agree that employees not only need to change the way that they handle data but they also need to invest in software capable of controlling the movement.
File transfer provides the ability to encrypt files making it even harder for data breaches…. Hospitals, retail outlets and insurance companies are discovering the benefits of using these products to securely transfer data, especially with the size of the data being transferred and the ease of which transfers can be automated.“

By Hugh Garber -

Many FTPplanet readers have commented that there was a noticeable increased focus on SECURITY in my blog posts this year
And for good reason!
This article by BankInfoSecurity lists the top 10 security breaches of 2008. Pretty sobering to say the least!
Whether you are an individual at home, a small business, a large organization or anything in between, it’s pretty clear that you should take some precautions with your files and data to help ensure that your private information stays clear of bad people who are trying to do bad things.
In 2009, we’ll continue to focus on security and provide tips and insights on how you can protect your files and data from prying eyes.

By Erik Small -

Two exciting new features are included in the latest release of WS_FTP Server 7.
Here the summary of FIPS according to Wikipedia:
FIPS originates from the National Institute of Standards and Technology (NIST). It issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules which include both hardware and software components. Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140-1 and FIPS 140-2 certificates which specifies the exact module name, hardware, software, firmware, and/or applet version numbers.
Secure Copy (SCP) simply enables secure file transfers using product supporting the Secure Shell (SSH2) protocol, such as PuTTY and OpenSSH, and provides easy interoperability with Linux and Unix systems. SCP can interactively request any passwords or passphrases required to make a connection to a remote host. This means that during an upload, the client feeds the server with files to be uploaded, optionally including their basic attributes (permissions, timestamps). This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute.
WS_FTP Server 7 is in a better position to deliver the industry’s highest security to help businesses protect the confidentiality and integrity of their data. More on the release of WS_FTP Server 7, can be viewed on the WS_FTP Server 7 product website.