By E.K. Koh, VP of Solutions at NextLabs
It’s not your perimeter. It’s not your applications. In an age where there is no perimeter, where data moves from application to application, from servers to desktops to tablets and smart phones that the company does not even own, managing security at the perimeter or application is essential, but not sufficient. What is your value at risk? It is your DATA.
Data is Valuable
In a survey by Forrester, companies noted that corporate secrets (or intellectual property) comprise 2/3 of their information portfolio, with 1/3 being customer custodial data. The figure below shows the relative value of different types of data rated on a million dollar scale: more “4 Ways IT must Change to Protect your Business”
By E.K. Koh, VP of Solutions at NextLabs
It depends on whether you believe the analysts.
In the report “Information Security Predictions and Recommendations 2014”, Kuppinger Cole recommends that enterprises “Focus on strategic elements such as Information Rights Management for documents and Enterprise Key and Certificate Management (EKCM) for managing the secrets.” And, at the recent European Identity Conference, Kuppinger Cole identified Secure Information Sharing as a hot topic, by calling out Rights Management as an enabler. [Source: EIC 2014: Trends and Hot Topics, Kuppinger Cole, May 2014] more “Is this the Right time for Rights Management?”
by Andy Han, Senior VP of Products & Engineering at NextLabs and Jason Enzweiler, Senior Product Manager at Siemens
Increasing intellectual property threats, globalization and collaborative product development have something in common: the need for premium protection of intellectual property. Intellectual property is estimated to represent 70% of a company’s assets and around 6% of this is stolen each year (reference theregister.co.uk). more “CAD Under Siege with Persistent Threats that Require Persistent Protection”
by Sudhindra Kumar, Principal Software Engineer at NextLabs
Kentucky recently joined 46 other states in the U.S. that enacted a data breach notification law. California is the vanguard – enacting the first such law in 2002. And now, the high profile data breaches of retailers Target and Neiman Marcus are serving as stimulants for revisions to and improvements of the breach notification laws. more “Data Security in the Cloud – beyond Encryption”
By Mandy Pang, Senior Product Manager
SharePoint 2014 Key Security Takeaways – Our Top 5
- The conference attendees were buzzed on Attributes. Specifically, attribute-based security models for SharePoint. Role-based models are no longer making the cut – they leave collaboration vulnerable. Attribute-based solutions have fine-grained control.
- Clouds, of course was big, even bigger was the topic of protecting data in-transit to/from cloud and at rest in the cloud. Securing Office 365 was another hot topic. There was a great deal of discussion around the need for comprehensive end-to-end protection of intellectual property while satisfying the regulations set forth by a company’s compliance office. If the data or IP was to be accessed by or transmitted to an employee or contractor outside of the company’s firewall, then concern was expressed on how to safeguard the data.
- SPC14 was global with a good portion of attendees coming from Europe. Interestingly enough, a lot of European companies are looking to the U.S., particularly Silicon Valley, for solutions on automated information rights management.
- The architects, developers, and I.T. leaders with which I spoke were eager to learn about how to automate fine-grained access control for all work-product in a SharePoint environment.
- Extensibility was also discussed. At SPC14 the conversations were about information rights management extensibility – starting off with one Microsoft solution such as SharePoint, then extending the same information rights management solution to Office 365 and other products.
more “SharePoint 2014 Key Security Takeaways – Our Top 5”
By Sudhindra Kumar, Principal Software Engineer at NextLabs
In my previous blog, we discussed about Data Governance Policies and Regulatory Compliance.
In this post, we’ll see some of the options available to protect data at rest and in transit. A few years ago, protecting data in transit was considered more important than protecting data at rest. However, with the proliferation of Internet and cloud technologies, and the subsequent issues related to data breaches have put the spotlight on protecting data at rest as well. Let us take a look at different solutions for protecting data at rest and in transit: more “Cloud Security – Protecting data at rest and in transit – Information Risk Management for the Cloud”
By E.K. Koh
In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”
By Sandeep Chopra.
“Attributes” is the new Role?
In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.
In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”