The amount of personal information compromised through data breaches was on the rise in 2011. According to the Privacy Rights Clearinghouse, about 30 million records were compromised in 2011 in 535 separate breaches in the United States. That’s up from 12.3 million in 2010. The numbers are much larger when viewed globally.
Most people assume that hackers using sophisticated techniques are to blame for all the data breaches. In most cases it’s the simple things that trip up organizations. Some don’t encrypt information inside databases. This was the case with Sony. Sensitive information is accessible on the Internet because someone left a server wide open. This was the case with the Texas Comptroller. People don’t take care of backup tapes or laptops and someone may steal them from a car. That has happened all too often.
It’s important for anyone keeping sensitive data to encrypt it. All current databases have built-in encryption, but someone has to implement it. All sensitive documents should be encrypted using a persistent security policy so the author can control who can access them. And make sure you don’t leave the keys (literally and figuratively) out so that anyone can easily come into your organization and steal something valuable.
Read the rest of this entry »
Imagine if the Founding Fathers of the United States had iPads when they were signing the Declaration of Independence or The US Constitution. Rather than pulling out a big quill pen and dipping it in ink, each delegate could have walked up to the desk and signed the document with their finger. In fact, they could have passed the iPad around to each other for signing rather than all walking up to the document. That would have helped Ben Franklin, since he had gout and it was tough for him to stand up and walk.
If John Hancock and Thomas Jefferson used DocuSign Ink to sign an electronic version of The Declaration of Independence, not only would the iPad have captured their signature, but it would have put a time and date stamp along with the GPS coordinates of where they signed. All of that information, including the document, would go to a secure storage area in the cloud and be retained.
Read the rest of this entry »
Todays headlines point to hackers and other criminals as the major causes of data breaches, but in fact a lot of the trouble starts with trusted employees. And one of the most trusted in your life is your doctor.
Recent reports by Manhattan Research have found that 81% of physicians use a smartphone, up from 72% in 2010. 30% of doctors use iPads to access electronic health records and communicate with patients. Unfortunately according to research by the Ponemon Institute, data breaches have risen 32% with 96% of all health care organizations surveyed experiencing at least one data breach in the past two years.
The report did not specify the percentage of breaches from mobile devices, but it stated, “Widespread use of mobile devices is putting patient data at risk.” Larry Ponemon, commenting on his first study of patient privacy and data security, said, “This year it seems the issue of mobile devices has ratcheted up, because the adoption rate of smartphones that are really smart, or tablet computers, seems to have increased significantly.”
Mobile devices create security risks in two ways. Data can reside on the device and someone using the device can access medical records at health care organizations. Any document or piece of data that contains personally identifiable information (PII) is at risk. Plus it’s easier to lose a smartphone than a laptop.
Read the rest of this entry »
The December 2011 issue of ENX Magazine features an article titled “Document, Data Security: Internal Controls, Data Governance, and Measuring & Managing Risk” written by Dave Anastasi, CEO of eDocument Sciences. This is the second in a series of articles where Dave looks at how data and document security are paramount concerns for all organizations of any size.
Below is the article in its entirety.
In my first article (November) of the Document, Data Security: “Turning Risks Into Opportunities” series, the initial goal was to bring high level awareness to the threats and opportunities that you and your customers face when it comes to protecting their and your most valuable asset, information.
Having looked at the high level risks and market opportunities in the first article, this month’s article will focus on three key areas (listed below) that individual organizations and their leaders (Public, Private, Government, Educational, and Non-Profit) are all responsible for with the objective of one important outcome; focusing on People, Processes and Technology ultimately creating a Control Conscience Corporate Culture™ (4 C’s). Also, then looking at creating a strategy that is highly effective, scalable and sustainable consistently creating strong value (financial, services and solutions) for its shareholders and/or constituents. Anything that impedes an organization from doing so negatively impacts the value that it provides.
Read the rest of this entry »
According to IDC, 80% of new commercial enterprise applications will be deployed on cloud platforms in 2012. Add to that the expectation that intelligent mobile devices will exceed “traditional computing” devices by almost 2 to 1 within the next 24 months and you have a very different world from just a few years ago.
Cloud computing is very hot and every major software, hardware and technology services company is trying to get into it. In some cases, vendors are throwing a web front end onto an application and calling it a cloud service. Many others are creating infrastructure for companies to run their own applications in the cloud or are providing complete business systems.
I was talking to a customer this week and the CIO said they are moving as much as they can to the cloud. Some will be public and some of it private. He said that a vendor would have a hard time getting a traditional server-based product in the door today. They don’t want to buy anymore servers, capitalize them and go through a chargeback allocation process.
Read the rest of this entry »
