October 17th
2011

Important Steps for Cloud Security

The recent release of the Cloud Security Alliance’s first whitepaper on Security as a Service is an important step for a lot of reasons. As part of the important debate around the impact of the cloud on security practices, it’s important not to forget that the cloud can also be a positive force when it comes to information security.   There’s no doubt that a wholesale move of sensitive data into cloud storage and processes is being held back by a raft of operational security concerns, as well as compliance and audit complexities.  But at the same time the opportunities to actually improve security overall do exist. In this white paper, the CSA outlined 10 types of service deliverables through the cloud itself: Identity and Access Management Data Loss Prevention Web Security Email Security Security Assessments Intrusion Management Security Information and Event Management Encryption Business Continuity and Disaster Recovery Network Security…

Read More »

No Comments
September 19th
2011

CREDANT’S 10TH ANNIVERSARY

We’re celebrating the 10th anniversary of CREDANT Technologies today!  I’m usually not big on celebrations, but I am on this one. I recall September 7th, 2001 as though it was only yesterday.  It was also a time for celebration.  My partner at Austin Ventures and I had just finalized the remaining terms on funding this new start-up along with my co-founders, Chris Burchett and Andrew Kahl.  The lawyers still had work to do, but we “had a deal.” Four days later on September 11th everything changed in our world, and I had high anxiety that it would also change our “deal.”  I called Chris later that day to ask if we should hold off and see what happens in the world.  Without hesitation, Chris replied, “Bob, there’s never a bad time to start what will become a great company.  Let’s go.”  Our character was being tested, but off we went….

Read More »

One Comment
September 19th
2011

CREDANT: A Risk Worth Taking

Ten years ago I took a risk.  The Internet bubble was bursting.  People I respected told me that investment dollars were fewer and harder to get.  But several of us had an idea.  We had a concept but no details.  We believed that data was leaking from organizations through mobile devices and other avenues and that this data represented a tremendous risk to people and organizations.  We believed that people’s privacy was at stake  if companies lost individual data and that it could be damaging to both the people and companies.  We believed that people deserved for their personal and corporate data to be safe—no matter where or how it was used.  The market was nascent, but we believed there was a need that many did not see yet. We didn’t really know how to meet that need, but we believed we could hire a good team and figure it…

Read More »

No Comments
September 19th
2011

Ten Years Hence

Ten Years Hence

The past ten years have seen changes in our world that seemed unimaginable in September of 2001. While some changes have been more tragic in nature and global in scope, many have been market-shifting advances in technology, medicine, and social interaction that have had a positive impact on how we live and conduct our lives on a daily basis. Regardless of which lens you view the last ten years through, I believe we can all say that this period has impacted all of our lives in a significant way. These last ten years have rewarded me both intellectually and emotionally. I have been privileged enough to help build and be part of an incredible family of employees, partners and world-class customers.  What we have accomplished together in the last decade continues to amaze me.  Whether it is the value we have created for our customers, the career opportunities and livelihoods we…

Read More »

No Comments
September 14th
2011

On the Importance of Focused Partnerships

Building a strategic partnership program for an enterprise-focused technology company is a tricky thing. Customers are in pursuit of a single pane of glass to manage a mythical suite of tightly integrated enterprise hardware and solutions from a handful of best-in-class providers.  We, as an industry, fall short of this idealized vision.  We live in an ultra-competitive world, and most development schedules are packed developing new features and product lines, and we don’t always have time to do as much business and technology integration as we would like.  Normally it falls on the Business Development to drive these initiatives. A big part of my role at CREDANT is driving these partnerships and integration.  What’s interesting to me is that there are no shortage of partnerships we can strike with fellow technology companies to enhance the experience of our customers or make Data Protection easier for customers to buy and implement….

Read More »

No Comments
August 30th
2011

Data Breaches Harder to Understand

On the off chance you missed any news outlet the last 30 days, an “anti security” movement has been reborn. Started in 1999, the Antisec Movement focused on encouraging security consultants and hackers not to disclose vulnerabilities to vendors. The recent resurgence of this movement has also morphed it into a campaign focusing on demonstrating the current weaknesses of security on the Internet. This is being brought to light via mass intrusion and the subsequent publishing of sensitive data such as e-mails, customer information and database details. The most recent rash of high-profile compromises can be tracked to a group known as LulzSec, a splinter group from the bigger Anonymous collective. Along with other recently formed groups such as “Uberleaks” (@uberleaks on Twitter), we saw dozens of small breaches a day that resulted in private information being exposed. Even with “Uberleaks” apparently calling it quits, the Antisec movement is still…

Read More »

No Comments
August 22nd
2011

Heading in the Wrong Direction with Data Protection?

Heading in the Wrong Direction with Data Protection?

Endpoint security is not the challenge it used to be. With a mobile workforce utilizing countless mobile devices, endpoint security has become infinitely more complex. Even compared to just five years ago, if you’re not actively managing the security of data on your endpoints, you’ve no-doubt got a situation that’s completely out of control. The thing is we’re living and working in a data-driven society. Within this society is a user base that believes data should be free rather than confined. Add in the gotta have it now mindset combined with the inability of many users to think about the consequences of their choices and we’ve got a serious information risk management problem on our hands. Take, for instance, users who insist on accessing the business network and data from their personal mobile devices. This reality exists in many, if not all, businesses in some fashion. But the risk doesn’t…

Read More »

No Comments
August 16th
2011

HIPAA/HITECH Compliance Is All or Nothing

HIPAA/HITECH Compliance Is All or Nothing

I’ve worked with HIPAA compliance ever since it was signed into law in 1996.  Over the years working with many covered entities (CEs), and ever since HITECH was signed into law a very large number of business associates (BAs), I’ve heard some of the same questions.  One I am getting more often from BAs, who for the most part are just now realizing that they need to get into compliance with HIPAA and HITECH, is: “With what parts of HIPAA and HITECH do I have to comply?” BAs, as well as CEs, need to understand that they must comply with all HIPAA Security Rule and HITECH requirements.  CEs need to comply with all HIPAA Privacy Rule requirements, and BAs will need to comply with them as well, depending on the types of services and products provided to CEs.  An important point is that CEs and BAs must safeguard protected health…

Read More »

One Comment
August 10th
2011

Overstated Insecurity – Part 2

Overstated Insecurity – Part 2

In my last post, I took on the argument that organizations in general are fairly indifferent to information security.  Yes, the breaches we see hitting the headlines are bad, but they hit the headlines precisely because they are news, not because they are the norm. However, I also made the point that I think things are going to get worse before they get better. What we see now is the first ripples of a change that is occurring in the very way we will have to think about information security.  The real splash is yet to come, and when it does, to quote paraphrase Robert Bolt, the wave may swamp more than a few boats. For a long, long time (at least as is measured in the computing industry) security practice was the security of “stuff.”  It was measured in firewalls deployed, network packets sniffed, devices monitored, locks on doors. …

Read More »

No Comments
August 2nd
2011

Overstated Insecurity – Part 1

In a recent article on Drdobbs.com, Andrew Binstock argues that breaches, especially the recent spate of very public hacks into large organizations by groups such as LulzSec, are the result of a degree of organizational indifference to security. “Given that these hacks were nothing new — every month seems to bring forth a new one — you’d have to conclude that many businesses don’t view themselves as having an obligation to their customers to make sure data is secure.” I think there’s certainly a kernel of truth here, but I also think it’s dangerous to use too broad a brush when painting a picture of the current state of security.  It’s hard to argue that a lot of companies have done a poor job of securing their infrastructure and information.  But—and it’s a very big but—a lot of companies have done a far, far better job than they are given…

Read More »

No Comments


Follow Us

Follow us on Twitter Follow us on Facebook Follow us on Youtube