The phones are coming, the tablets are coming! What can we do? Our network is being overrun and there’s nothing we can do about it.  When will the insanity stop?????

You may be getting this feeling as more people bring smart phones and tablets to work.  What was once a citadel of security and order has now become a free for all as new devices emerge everyday and threaten the nice controlled world of IT.  What has become a nightmare for some companies has become an opportunity to quickly innovate for others.

The movement of BYOD (bring your own device) to work has now reached the US Federal Government. In January 2012, Federal CIO Steven VanRoekel announced the launch of a mobile road map for the federal government. “We have a real opportunity to bring to bear mobile technology in federal government that changes the paradigm,” VanRoekel said. “The mobile strategy is a multipronged approach that is aimed at driving efficiency across the federal government, enhancing citizen-government interactions, and untethering federal employees from their desks.”

Read the rest of this entry »

It’s been over 11 years since President Clinton signed the Electronic Signatures in Global and National Commerce Act (ESIGN) into law in the United States, yet there are still people and businesses who question the legality of electronic signatures.  This is not as crazy as it sounds, because like many things in the US, state and local laws govern many business transactions.  So don’t be surprised if you are confused.

A case in point is a recent change in New York state law that affects real estate transactions.  On September 23, 2011, New York Governor Andrew Cuomo signed into law a bill that authorizes the electronic recording of documents or instruments affecting real property.  These can be digitized images of the original, executed paper instruments or electronically executed instruments.  This adds onto the existing New York state Electronic Signatures and Records Act (ESRA), which already allowed documents signed electronically to be received, accepted, recorded and stored by government entities in an electronic format.   ESRA clarified that electronic signatures are just as binding as hand-written signatures.

Read the rest of this entry »

This past week an incident occurred at HP that was both embarrassing and very costly.  Just prior to announcing its quarterly earnings on May 17, 2011, three memos were leaked from CEO Leo Apotheker that painted a very bleak picture for the company.  The memos warned of upcoming cost-cutting measures for the company that pointed to a rough few quarters ahead.  Apotheker told executives to “watch every penny and minimize all hiring” and said the firm’s current workforce plans were “unaffordable given the pressures on our business.”

The memos were leaked to news organizations that promptly reported the stories.  As a result of the information, HP’s stock price dropped 5%.  Given their market cap of around $80 billion, that’s a $4 billion oops.  Apotheker told CNBC that he would find out how the memos made their way to the media.  “It is very unfortunate that these things happen and we will try to get to the bottom of this,” Apotheker said. “But I have full confidence in the team that I am working with and we’ll continue to execute.”

Read the rest of this entry »

Next week at the RSA 2011 Conference, the American Bar Association (ABA) will release its new Data Breach and Encryption Handbook.  This book looks at the growing threat of data breaches and how encryption solutions can prevent sensitive data from being compromised.  Since the book is published by the ABA, there is a lot of focus on the legal complexities and ramifications surrounding data breach notification laws and their efficacy.

The book is a compilation of chapters of prominent legal and technology experts from the ABA Section of Science & Technology Law.  The authors will discuss the book’s findings during a panel at the RSA 2011 show and of course have copies for sale.

Given the complexity of the subject, I expect the discussion and solutions to be wide ranging.  Many of the laws developed in the last 10 years or so have the intention of preventing data breaches by using a stick methodology.  If you disclose confidential information, you must pay a fine.  Obviously this has worked in the case of many laws, but one of the areas of focus needs to be prevention in the first place.  Many people are concluding that prevention is cheaper than litigation.  This wasn’t always so as some organizations decided it was cheaper to fight in court than to spend the money on people, process and technology to prevent the problem from occurring.

Read the rest of this entry »

With all the headlines about WikiLeaks and the constant barrage of data breaches, it can be hard to understand where to focus your security efforts.  Most organizations have a combination of firewalls, intrusion detection systems, application proxies, virtual private network (VPN) servers and other perimeter defenses geared to keep people out. 

That’s important, but according to the 2010 Verizon Data Breach Report, most data breaches are caused by people already on the inside.  Almost 50% are existing employees stealing confidential information.  The main motivation is money, revenge or harming your organization in some way.

Read the rest of this entry »