4 Ways IT must Change to Protect your Business

By E.K. Koh, VP of Solutions at NextLabs

It’s not your perimeter. It’s not your applications. In an age where there is no perimeter, where data moves from application to application, from servers to desktops to tablets and smart phones that the company does not even own, managing security at the perimeter or application is essential, but not sufficient. What is your value at risk? It is your DATA.

Data is Valuable

In a survey by Forrester, companies noted that corporate secrets (or intellectual property) comprise 2/3 of their information portfolio, with 1/3 being customer custodial data. The figure below shows the relative value of different types of data rated on a million dollar scale: more “4 Ways IT must Change to Protect your Business”

Data Security in the Cloud – beyond Encryption

by Sudhindra Kumar, Principal Software Engineer at NextLabs

Kentucky recently joined 46 other states in the U.S. that enacted a data breach notification law.  California is the vanguard – enacting the first such law in 2002.  And now, the high profile data breaches of retailers Target and Neiman Marcus are serving as stimulants for revisions to and improvements of the breach notification laws. more “Data Security in the Cloud – beyond Encryption”

DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION

By Dennis Andrie,

On November 18, 2013, The Defense Acquisition Regulatory Council (DARC) issued its final ruling for Defense Acquisition Regulations System (DFARS) Subpart 204.73 and associated contract clause 252.204-7012, Safeguarding of Unclassified Controlled Technical Information.The new subpart presents a high level guide to actions that need to be undertaken by companies that contract or subcontract with the U.S. Government to protect Unclassified Controlled Technical Information in the course of executing the U.S. Government contracts. more “DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

A “Cheat Sheet” on the Obama Export Control Reforms

By Gary Stanley.

The initial Obama export control reforms became effective on Oct 15th.  Although these reforms promise less licensing, they come at the price of more complex controls and more extensive record keeping.  The new rules must be approached in a systematic manner.   Here’s a “cheat sheet” to help you take advantage of these significant changes to U.S. export and re-export controls. more “A “Cheat Sheet” on the Obama Export Control Reforms”

Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance

The latest A&D news: Aeroflex’s $8 million dollar settlement with the U.S. Department of State for violations of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR).

The State Department reported it conducted an “extensive compliance review” and discovered “inadequate corporate oversight and a systemic and corporate-wide failure” which resulted in unauthorized exports and re-exports of electronics, microelectronics and related technical data that are subject to ITAR. more “Export Control in the News: AeroFlex’s ITAR Settlement and Standards for Export Compliance”

The Politics of Export Control Reform: Why Less Licensing = More Complexity

by Gary Stanley

Just as with past export control reform efforts in the Clinton and Bush II years, the Obama Administration started with the best of intentions to make U.S. export and re-export control rules more straightforward and less burdensome.  Without dispute, it has pushed through broader changes than any of its predecessors.

Like its predecessors’ changes, however, the Obama Administration’s may have reduced the licensing burden, but at the expense of making U.S. export and re-export controls more difficult to understand and administer.  The reason lies in the politics of U.S. export controls. more “The Politics of Export Control Reform: Why Less Licensing = More Complexity”