» Archive for the 'Security' Category

In the briefing room: Confidela WatchDox

Thursday, October 22nd, 2009 by Cody Burke

Creating content is easy; however, managing the distribution of that content in a secure and traceable way is problematic to say the least.

Confidela WatchDox

Confidela WatchDox

Simply e-mailing documents is not the answer, once the document leaves the outbox, all control and visibility is lost.  Additionally, solutions that do exist for sending documents securely often insert friction into the knowledge worker’s routine; some require an additional application to encrypt or send a document, ultimately lessening the likelihood of the solution being used.  For a tool to be used and widely adopted, it must be seamlessly incorporated into the knowledge worker’s existing toolset.

One company that is offering a solution to the problem of secure document sharing is Confidela, with its Software-as-a-Service WatchDox offering.  The product is a tool for sending documents securely from within Outlook via a plug-in or, alternatively, from a Web interface.  The Outlook plug-in adds a button in the UI when composing a new message.  The plug-in can be set as a manual option, an automatic suggestion whenever attachments are sent, or as fully automatic whenever a document is sent outside of a company.  Attachments are replaced with WatchDox links that the recipient clicks on to securely view the document.  When sending, the system prompts the sender to define policies, give permissions, and determine recipients.  The attachment is then pulled into a separate outbox, converted to a WatchDox link, and sent.

To receive a document, a recipient goes through a one-time authentication for their computer, similar to the way many banks do, with the computer’s footprint saved.  Users access the document via a link delivered in an e-mail, and the document appears blurred out when the focus is not on it.  According to the company, this feature should prevent screenshots and the like from being taken.  For the sender, a My Docs view provides usage information for documents that have been shared and sent out, what actions recipients have taken, any action required, and metadata surrounding the documents.

WatchDox is hosted on Amazon’s EC2 cloud Web service, and all documents are encrypted with a unique key.  For further security, Confidela keeps access controls separate from storage, and the company does not have access to those controls.

WatchDox impressed us with its ease of use and the fact that it works within existing tools without introducing additional friction between the knowledge worker and software.  Particularly as an Outlook plug-in, the ability to either set WatchDox as optional or automatic grants the users control while at the same time increasing the likelihood of use by locating it in the primary domain of the knowledge worker, the inbox.

Cody Burke is a senior analyst at Basex.

Google Apps Twitter Hack Raises Red Flags on Password Security

Thursday, July 16th, 2009 by David Goldes

One might presume that technology companies do a better job with such mundane tasks as password security than the great unwashed masses.  However, time and time again, this turns out not to be correct.  Yesterday, Twitter co-founder Biz Stone, posting in the company’s blog, revealed that a hacker had broken into an employee’s personal e-mail account and then gained access to that employee’s Google Apps account, which contained “notes, spreadsheets, ideas, financial details” – well, you get the picture.

Although Stone tries to emphasize that this has nothing to do with any vulnerabilities in Google Apps per se, the very fact that anyone can log into a Google Apps account from any browser if you have the correct user name and password does increase a company’s exposure.  Companies that keep their confidential information behind a corporate firewall in systems such as Lotus Notes or Microsoft SharePoint, are indeed less vulnerable simply because their systems could not be hacked with just a simple user name and password.

Multiple studies have revealed that close to half of computer users tend to use the same password over and over again – typically with the same, easy to remember, user name.  Indeed, TechCrunch, a blog that received Twitter’s confidential documents from the hacker, reported that Twitter uses the password “password” for its servers (presumably, it’s been changed by now).  The same article revealed that Twitter had also used a co-founder’s first name, Jack, as a user name for servers.

Moral of the story: use complex passwords with numbers and symbols interspersed.  Do not use words found in a dictionary.  Even better: use passphrases, i.e. concatenated words such as “thisismypassphrase123″.  Use a different user name/password combination for each account.  If one account is hacked, this will ensure that your other accounts remain safe.  Finally, do not leave passwords visibly written down.  Believe it or not,  I still see Post-It notes with passwords attached to monitors when visiting other companies.

David M. Goldes is the president of Basex.

Security Alert: Your Smartphone is Vulnerable

Friday, November 7th, 2008 by Jonathan Spira

Smart doesn’t always equal Secure.

Is your smartphone secured or was a password too much of a bother?  Think about what’s stored in your phone, including contact lists, e-mail messages, documents, proposals, spreadsheets, and presentations – many of which could be confidential.

Smartphones are much easier to lose track of than a laptop; they are also much more likely to be damaged or stolen.  Many don’t have remote wipe capabilities, a security feature popularized by Research in Motion’s BlackBerry devices, allowing the IT department to remotely delete all data from a lost or stolen device.

Before going out the door, make sure that you password protect your device (and please don’t select 123123 as your password).  It may be a bit inconvenient at times but it’s far better than the alternative.  If you are using a memory card, make sure it’s encrypted too.

If you are a CIO, you might want to standardize on a device type or platform (i.e. Palm OS, Windows Mobile, Symbian) and limit what information can be moved onto a mobile device from the corporate network.  If employees provide their own smartphones, require that security software be installed on the device or consider a move to employer-provided devices that are under your direct control.

Jonathan B. Spira is CEO and Chief Analyst at Basex.

Three Visionary Views: Basex Strategic Thinkers Conference, September 2004

Friday, October 1st, 2004 by Jonathan Spira

As frequent attendees of Basex Strategic Thinkers conferences know, one won’t find the VP of marketing from an IT company on the podium presenting his company’s 12-18 month roadmap.  Most speakers are end users, seasoned executives with experience in selecting, deploying, and managing Collaborative Business Environments (CBEs) and they speak about their experience in the trenches.

It is, however, equally important to hear from the companies that supply the tools used to build Collaborative Business Environments.  To round out the program, Basex invites senior executives from vendor companies to participate in the Visionary Vendor panel.  Each of the selected companies thrives on innovation and we ask executives to detail their long-term views on how Collaborative Business Environments will evolve and what the collaborative workplace will be like in a three to five year timeframe.  We also proscribe their presenting a 12-18 month product roadmap or infomercial.

So what did the Visionary Vendors have to say?  Elizabeth Eiss, president and chief operating officer of Xpert Universe, an expertise location company, pointed out that undocumented knowledge will be key to successful Collaborative Business Environments.  Basex’ own research demonstrates that most knowledge (as much as 80%) is stored in people’s heads, and that this resource leaves the building at the end of the day.  Managing it  – and making it accessible throughout the enterprise – will be a key challenge.  Moreover, creating rich tools with a CBE – possibly even replicating a face-to-face meeting virtually – will make all the difference.  When deploying such tools as expertise location, companies, Eiss pointed out, will need to adhere to Basex’ One Environment Rule to provide a rich user experience.

Graham Glynn, founder and CEO of Learning Management Solutions, pointed out that knowledge workers really need a single environment for accessing and organizing information – one that essentially follows them from cradle to grave, making it as simple to go to last week’s presentation file as course material from university a decade earlier.  This type of tool should serve the individual user, first and foremost, he noted, and should cover both personal and professional activities.  The challenge ahead is to connect information from multiple sources into information sets appropriate for projects and special interests.  Who hasn’t wanted to go back five or ten years, to coursework from university or notes from a chance meeting?

Eric Winsborrow, senior vice president, corporate strategy, for Cloudmark, an e-mail security company, stood in at the last moment for Cloudmark CEO Karl Jacob, and pointed out that many companies are still caught in an unsuccessful battle against spam e-mail.  If this scourge is not resolved sooner rather than later, the very effectiveness of the tools we rely upon on a minute-by-minute basis, such as e-mail, will be significantly diminished.  Spam e-mail represents a grave risk for the future of CBEs if not contained.  Attendees might’ve imagined they were suddenly in a university biology class, when Winsborrow turned his attention to the DNA of spam e-mail messages.  E-mail – as well as other documents – has a genetic map and each message a DNA.  Classifying e-mail messages by genetic similarity may provide a new means of identifying spam e-mail more accurately.  Spam e-mail has, in effect, “SpamGenes.”

The outlook for the future of Collaborative Business Environments, according to our speakers, is bright.  CBEs will allow knowledge workers to tap experts and tacit knowledge, and will maintain that knowledge and more from cradle to grave.  The CBE will be spam free, for the most part, as tools which identify spam based on a message’s DNA will get knowledge workers the messages they need and relegate junk mail to the dustbin.

Ellen Pearlman is a senior analyst at Basex.

Monty Python’s Flying Spam Circus

Friday, December 26th, 2003 by Jonathan Spira

This past Monday, Basex named spam e-mail Product of the Year.  More akin to when Time magazine named Adolf Hitler Man of the Year in 1938, rather than honoring spam, the Product of the Year designation serves to single out spam as a disruptive force that has had a major impact on almost everyone who uses a computer.  In other words, spam is truly the great equalizer, no one is immune, even Bill Gates gets spam.

The Product-of-the-Year designation is meant to recognize technologies that have had a major impact on how we work using information technology – and nothing has had a more profound effect than the disruptive nature of spam.

The past twenty odd years have been greatly influenced by technology and, in particular, the Internet.  Even compared with just two or three years ago, people today place a greater reliance and perhaps have a greater habituation to Internet-based technologies, such as the Web and, in particular, e-mail.  But what if a sinister force were to neutralize the simplicity and ease-of-use we take for granted?

Spam e-mail – thanks to its sheer volume alone – could easily be that force.  Spam accounts for almost 50% of all Internet traffic today, and is far from a victimless crime.  Basex estimates the cost of spam to companies worldwide is approximately $20 billion, including lost productivity, cost of anti-spam software, and user support issues.  Spam is omnipresent; it is the subject of newspaper articles, television news features, and analyst reports.

But was spam inevitable?  Bob Kahn, the co-designer of the TCP/IP protocol, says that spam is “hardly surprising.”  Brad Arbogast, Microsoft’s corporate vice president and executive sponsor on the issue of spam, notes that spam “is our customers’ number one complaint concerning e-mail today.”

In conjunction with the Product of  the Year announcement, Basex has released a report, Spam E-Mail and Its Impact on IT Spending and Productivity.

Jonathan B. Spira is CEO and Chief Analyst at Basex.