November 5, 2014
Well, this is interesting. The Inquirer reports that the Germans are taking a stand against Google’s practice of consolidating users’ Web-wide data in, “Germany Tells Google to Pause for Permission Before Profiling People.” The Hamburg Data Protection Authority has a particular problem with Google’s one-privacy-policy-fits-all-countries stance. For its part, Google continues to assert that the “simpler, more effective services” it can provide by pulling the threads of our online presences are worth the privacy tradeoff. I’m sure the increased ad revenue is just a nice side-effect.
Reporter Dave Neal quotes Johannes Caspar, the Hamburg commissioner of data protection and freedom:
“On the substantial issue of combining user data across services, Google has not been willing to abide to the legally binding rules and refused to substantially improve the user’s controls. So we had to compel Google to do so by an administrative order. Our requirements aim at a fair balance between the concerns of the company and its users. The issue is up to Google now. The company must treat the data of its millions of users in a way that respects their privacy adequately while they use the various services of the company.”
I suppose we’ll see about that. What will be the next step in the struggle between Google and the world’s privacy advocates?
Cynthia Murrell, November 05, 2014
November 3, 2014
The article on Owler titled Context Relevant CEO Is Too Busy For Ballmer— He’s Protecting The Global Financial Market delves into the behind-the-scenes of big data company CEO Stephen Purpora. His startup, Context Relevant, a machine learning and predictive analytics company, is inking big deals with Bank of America Merrill Lynch and Goldman Sachs. The article explains,
“Context Relevant makes predictive analytics software that is currently being used by banks to predict how portfolios will be affected by changes. The technology also helps banks root out what Purpura calls “bad actors,” or those who would attack or steal from the financial system. “Banks sometimes have to find bad actors quickly because the bad actors threaten all of us,” he said. The system learns normal behavior so it can sense and isolate bad behavior when it occurs.”
According to the article, Purpora had no intention of getting into the bank security business only three years into the company’s life. But, when “a situation” arose with a bank and Context Relevant was called in for emergency help finding a bad actor. When the company’s software worked, and fast, other banks started lining up to work with Purpora. So far, the company has raised $42 million.
Chelsea Kerwin, November 03, 2014
April 29, 2014
Security is an obvious concern among any enterprise content management system; but with an implementation as big as SharePoint, it is hard to believe all users would be following the rules. CMS Wire relays the latest research and proves suspicions correct in their article, “SharePoint Users Routinely Breach Security Policies.”
The story begins:
“Research by Cryptzone shows at least 36 percent of SharePoint users are breaching security policies — and another 9 percent admit they have no idea how to prevent sensitive information from being uploaded. The study, conducted among attendees at Microsoft’s SharePoint Conference in Las Vegas in March, is a warning to organizations that it is essential to develop adequate information security policies.”
Stephen E. Arnold is a longtime leader in search and a frequent reporter on all things SharePoint. His Web service, ArnoldIT.com, often gives attention to the issues surrounding SharePoint security. In this case, abidance by SharePoint rules and regulations can often be improved if users are comfortable with the platform and feel that it suits their needs. Arnold finds that an implementation plan and a good deal of customization go a long way.
Emily Rae Aldridge, April 29, 2014
April 21, 2014
Security is central to any SharePoint installation, but a new study shows that security breaches may be more widespread and more severe than previously thought. At the SharePoint Conference in Las Vegas, CryptZone conducted an anonymous survey of SharePoint users. Read the full report in DarkReading.com’s article, “Cryptzone Survey Reveals SharePoint Users are Breaching Security Policies.”
The article begins:
“A study, conducted amongst attendees at last month’s Microsoft’s SharePoint Conference in Las Vegas (USA), has found that at least 36% of SharePoint users are breaching security policies, and gaining access to sensitive and confidential information to which they are not entitled. It also found that . . . nearly a quarter of them later confessed they knew of individuals who had accessed content that they were not entitled to, demonstrating that users were ignoring this directive. Most alarmingly of all, the majority of administrators perceive their ‘permission’ to be unrestricted.”
Stephen E. Arnold is a longtime leader in search and a follower of all things SharePoint. He reports his finding on his Web site ArnoldIT.com. He has found that security is among the top concerns of all SharePoint managers. Although users don’t typically want to share about their security weaknesses, greater transparency about security concerns can lead to more secure practices and implementations.
Emily Rae Aldridge, April 21, 2014
February 19, 2014
The announcement from Centrifuge titled Centrifuge Systems Strengthens Big Data Discovery and Security promotes the release of Centrifuge 2.10. The new features of the link analysis and visualization software include the ability to block access as well as grant access to specific individuals, a more flexible method of login validation and the ability to “define hidden data sources, data connections and connection parameters.” Stan Dushko, Chief Product Officer at Centrifuge, explains the upgrades and the reasoning behind them,
“With organizations steadily gathering vast amounts of data and much of it proprietary or sensitive in nature, exposing it within visualization tools without proper security controls in place may have unforeseen consequence…Can we really take the chance of providing open access to data we haven’t previously reviewed? Not knowing what’s in the data, is all the more reason to enforce proper security controls especially when the data itself is used to grant access or discover its existence altogether.”
The Big Data business intelligence software provider promises customers peace of mind and total confidence in their technology. They believe their system to be above and beyond the dashboard management systems of “traditional business intelligence solutions” due to their displays possibility of being reorganized in a more interactive way. Speaking of organization, you may notice that finding Centrifuge Systems in Google is an interesting exercise.
Chelsea Kerwin, February 19, 2014
January 15, 2014
The article ZyLAB Launches Intellectual Property Protection Program For Big Data on MetroCorpCounsel discusses the announcement by software developer ZyLAB only a few months after their thirtieth anniversary. The new program contains components of eDiscovery and Information Risk Management along with libraries that users can customize to protect and localize intellectual property. It is intended for use mainly by commercial enterprises in safeguarding their often-unprotected IP.
The article explains:
“The ZyLAB Intellectual Property Protection Program has been developed to support commercial organizations in protecting these important assets.
With ZyLAB’s eDiscovery and Information Risk Management System companies can locate Intellectual Property on their computer systems and actively prevent leakage or theft of this sensitive and valuable information. A user-installable library containing best practice methodology for eDiscovery enables the automatic identification of files that may contain IP. The library is available as an add-on to the ZyLAB platform.”
This process makes it much easier to notice those employees storing large amounts of IP in their emails or other personal locations, because it recognizes information that includes IP automatically. The prevention of data leakage ensures that companies will not have to face the loss of revenue, but also helps them to avoid lawsuits. As in so many areas, prevention beats cleanup when it comes to IP, according to chief strategist at ZyLAB Johannes Scholtes.
Chelsea Kerwin, January 15, 2014
January 10, 2014
When Netflix first launched I read an article about how everyone’s individual movie tastes are different. There are not any two alike and Netflix created an algorithm that managed to track each user’s queue down to the individual. It was scary and amazing at the same time. Netflix eventually decided to can the algorithm (or at least they told us), but it still leaves a thought that small traces of metadata can lead to you. The Threat Post, a Web site that tracks Internet security threats, reported on how “Stanford Researchers Find Connecting Metadata With User Names Is Simple.”
A claim has been made that user phone data anonymously generated cannot be tracked back to an individual. Stanford Researchers proved otherwise. The team started the Metaphone program that collects data from volunteers with Android phones. The project’s main point was to collect calls, text messages, and social network information for the Stanford Security Lab to connect metadata and surveillance. They selected 5,000 random numbers and were able to match 27% of the them using Web sites people user everyday.
The article states:
“ ‘What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, and then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73,’ said Jonathan Mayer and Patrick Mutchler in a blog post explaining the results.”
The article also points out that if money was not a problem, then the results would be even more accurate. The Stanford Researchers users a cheap data aggregator instead and accurately matched 91 out of 100 numbers. Data is not as protected or as anonymous as we thought. People are willing to share their whole lives on social media, but when security is mentioned they go bonkers over an issue like this? It is still a scary thought, but where is the line drawn over willing shared information and privacy?
Whitney Grace, January 10, 2014
December 24, 2013
While SharePoint is the mostly widely used collaboration software available, broad adoption does not quell the security concerns of organizations. And as mobile becomes more widely adopted, access is not limited to a single at-work machine. Organizations are getting creative about security and KM World covers a newly available solution in its story, “Secure collaboration in SharePoint and File Shares from HiSoftware.”
The article begins:
“HiSoftware has launched a new version of Security Sheriff specifically designed for secure collaboration of sensitive information stored in File Shares and SharePoint. The company explains the new Secure Document Viewer included in Security Sheriff allows users to open an encrypted document in a protected state to ensure that a user with read-only permission cannot open and decrypt a document, then manually distribute it using print, save as and send to actions, or copy its contents. It will then remove the file from their system once the file is closed.”
Stephen E. Arnold is a long time leader in search and the man behind ArnoldIT.com. He spends a lot of time writing about SharePoint and security is a common topic. SharePoint isn’t going anywhere anytime soon, so users would do well to pay attention to what the experts have to say about security.
Emily Rae Aldridge, December 24, 2013
December 9, 2013
Oracle prides itself on its Secure Enterprise Search that is advertised as offering secure, high quality search that easily works across all information sources on the enterprise format. The search product digs deep in local, private, and shared files housed on databases, intranets, document management systems, applications, and portals. With great ease it crawls and indexes results, guaranteeing that the first items in the results list are the most relevant. Also the Secure Enterprise Search offers analytics on search results and usage patterns.
Oracle provides current and prospective clients with “Oracle Secure Enterprise Search Documentation.” Oracle has released the 11g version of the Secure Enterprise Search with the following key assets:
· “Highly secure crawling, indexing, and searching
· A simple, intuitive search interface with browsing and display of search results by automatically-extracted topic and metadata attribute clusters
· Excellent search quality, with the most relevant items for a query shown first, even when the query spans diverse public or private data sources
· Analytics on search results and understanding of usage patterns
· Sub-second query performance
· Ease of administration and maintenance leveraging your existing IT expertise.”
Oracle continues to be one of the reliable enterprise searches, but like most software these days it faces strong competition from open source technology.
Whitney Grace, December 09, 2013
November 12, 2013
Those of us with experience in IT may not be surprised by the revelations InfoWorld shares in “6 Dirty Secrets of the IT Industry.” This magazine of IT gospel asked its readers to share their observations of shady IT matters, then fact-checked the results. See the article for the whole roster, but I’ll share a few bits here.
Secret number one is the broadest; Writer Dan Tynan colorfully titles this one, “Sys admins have your company by the short hairs.” He quotes Pierluigi Stella, CTO of security firm Network Box USA, who gives each of us good reason to send our IT departments the random gift basket:
“There are no secrets for IT. I can run a sniffer on my firewall and see every single packet that comes in and out of a specific computer. I can see what people write in their messages, where they go to on the Internet, what they post on Facebook. In fact, only ethics keep IT people from misusing and abusing this power. Think of it as having a mini-NSA in your office.”
Speaking of the NSA, Tynan calls those government snoopers “punks compared to consumer marketing companies and data brokers.” He cites the practices in casinos as the epitome of this very individualized marketing tactic, and provides examples. He goes on to quote former casino executive and Louisiana State University professor Michael Simon, who emphasizes that the practice is far from limited to casinos:
“I teach an MBA class on database analysis and mining, and all the companies we study collect customer information and target offers specific to customer habits. It’s routine business practice today, and it’s no secret. For example, I bring my dog to PetSmart for specific services and products, and the offers they send me are specific to my spending habits. . . instead of wasting time sending me stuff I won’t use like discounts on cat food or tropical fish.”
Whether you, like Simon, appreciate targeted marketing or you find it creepy, it is worth remembering how much data these entities are collecting on each of us.
It is also good to keep in mind some pitfalls of another practice that has become commonplace—storing data in the cloud. In fact, this could be the most disconcerting item on this list. Though we tend to think of the cloud in nebulous terms, that data is actually stored on real servers somewhere. When our data shares rack space with that of other entities, we run the risk of intrusion and confiscation through no fault of our own. The article emphasizes:
“Your cloud data could be swept up in an investigation of an entirely unrelated matter — simply because it was unlucky enough to be kept on the same servers as the persons being investigated. . . . Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud. ‘Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively,’ he says.”
Another suggestion is to encrypt your data, of course. Keeping a local backup is another good idea, since law enforcement seems to be under no obligation to grant access to your own confiscated data. For some of us, this is just more evidence that sensitive information does not belong in the cloud. Caveat Emptor.
Cynthia Murrell, November 12, 2013