by Joe Gleinser
13. April 2010 16:54
More and more we are being asked about email archival and encryption solutions. For most businesses compliance with SAS 70, HIPAA or other standards drives this need. Recently GCS has seen several of our clients contractually obligated to implement these systems to do business with the Fortune 1000. Whatever the cause email archival and encryption are technologies that are rapidly becoming commonplace.
As with many technologies today there are two basic strategies to address these needs. The first strategy is an on-premise system. A business will procure archival software, encryption software (or appliance) and storage adjacent to their email systems. Archival systems start at about $10k including the software, storage and deployment. Symantec Backup Exec 2010 offers archival solutions integrated to your standard data backup. Low cost NAS devices make ideal archival targets that minimize cost per GB of storage. GCS has grown fond of the Synology product line that includes integrated site-to-site replication technology.
Email encryption is nothing new. This blogger, and many readers, may remember installing PGP Email Encryption after blowing through Stephenson's Cryptonomicon at a tender age. That cumbersome implementation has been replaced with appliances that encrypt email based on policy including recipient domains, keyword matching, email tagging and more. Cisco's Ironport, ZixCorp, and Voltage offer appliance/gateway solutions. These devices can be quite a bit more expensive than archival systems with many businesses looking at investments of $50k or more.
If cash flow and ease of management is a concern, hosted/cloud options exist for both archival and encryption. Microsoft and Google both offer hosted email filtering (virus and spam), archival and encryption. With Microsoft's Hosted Exchange Filtering you can get email filtering and archival for about $75 per user per year. Many of the appliance vendors offer hosted solutions as well. Hometown-boys-now-Dell-division MessageOne delivers an archival and continuity solution that is widely acclaimed.
by Joe Gleinser
25. November 2009 05:18
Being called "a worst case scenario of cloud computing" on Twitter demanded I pick this book up. It is actually a terrifyingly good read that demonstrates Suarez's technical knowledge as well as his ability to craft a great thriller. In his fantasy world thousands of corporate networks are penetrated with an advanced botnet. Oh wait, that's the real world too. In Daemon the botnet is controlled by a deceased game developer with enough money to ensure his ambitions persist beyond the grave. These ambitions include murder, mayhem, extortion, and more. Good times!
A few thoughts:
1) Though much of the technology is still in early stages of adoption, it exists today. If you can hunt a deer over the internet, you obviously can kill a man.
2) Security breaches of the sort required to perpetrate a more realistic version of this attack occur constantly.
3) The book incorporates interesting socio-economic themes as well. Suarez is obviously under the impression that private industry exercises near absolute control over our government. I, for one, welcome our corporate overlords.
4) The disaffection of corporate IT employees from the business was another key theme. Similar to Heinlein's "The Roads Must Roll" in which a technical class realizes the power they can exert over those dependent on their abilities. A massive, unionized strike flexes their muscle. If you're an IT executive this should be yet another thing to keep you awake at night.
5) For anyone not using offline storage such as tape, read this book. Offline storage is a critical last defense against many attacks. Unfortunately a large percentage of IT execs don't value it to the extend it demands. In much the same way accounting standards dictate separation of tasks, offline backup tasks should be split from normal IT tasks and, where possible, from your IT staff. Let offline storage be your panic room.
Check this book out soon. The next installment of the story is released in January. I hope there are a dozen in this series.
by Joe Gleinser
19. November 2009 05:06
I was invited to be a guest speaker at the Texas Organization for Rural Community Hospitals' weekly webinar. This week's topic was an overview of IT Security for IT Executives and managers. My presentation covered basic risk assessment, common types of attacks and prevention strategies. I discussed several up and coming technologies such as application whitelisting, layer 7 firewalls, and network access protection. I also discussed various security standards such as SAS 70, PCI, and HIPAA.
As promised to the attendees, here is the slide deck:IT Security Overview.ppt (6.67 mb)