Nearly 15% of universities competing in this year's NCAA tournament were breached during the past year. According to a database maintained by the Privacy Rights Clearinghouse, the following schools experienced some form of unintended data disclosure since July 2012:
In some cases, the breaches exposed social security numbers, usernames and passwords and other forms of personally identifiable information (PII). A good reminder that any institution handling information on behalf of students needs to take extra precaution to secure the data and ensure it's following disclosure rules laid out in the Family Educational Rights and Privacy Act.
I wanted to share a really cool interview that appeared this morning in O’Reilly Radar. We talk a lot at Gazzang about keeping health care data secure, but what happens when that information is shared? What can multiple organizations culling health care data learn about new diagnoses and treatments? Where do you draw the line between privacy concerns and making some data transparent for the “greater good?”
Check out the full article at the link below:
The need for security and privacy of enterprise data is not a new concept, but the evolution of big data changes the game in many ways. For starters, most of the NoSQL data stores in use today do not have sufficient mechanisms to secure big data. This white paper outlines some of the challenges associated with securing big data and offers tips for protecting your most important business asset.
See how Gazzang customers can use a Chef Cookbook to automate their data security deployments in big data or multimode environments. To download a copy of the Gazzang zNcrypt Chef Cookbook click here.
June 27, 2012 - Business Wire Press Release
Gazzang and 10gen, the company behind MongoDB, today announced a partnership that will help customers meet data security compliance regulations and guard against unauthorized access or attack. Gazzang also announced that its zNcrypt™ solution for encrypting and securing data recently achieved formal 10gen certification.
Gazzang zNcrypt works as a last line of defense for protecting data within MongoDB, transparently encrypting and securing information “on the fly.” Whether in the cloud or on premises, zNcrypt ensures there is minimal performance lag in the encryption or decryption process. The solution also includes robust key management and process-based access controls that meet compliance regulations and allow users to store their cryptographic keys separate from the encrypted data.
“10gen provides customers the ability to collect and store massive amounts of data and quickly call it into action when requested,” said Larry Warnock, CEO of Gazzang. “Because of the elastic nature of MongoDB, customers often store a variety of data for future use. This includes a mix of innocuous machine data as well as sensitive information that, if it were to be exposed publicly, could damage an organization’s reputation and violate compliance regulations for data security. We are pleased to offer enterprise data protection for 10gen customers worldwide.”
MongoDB is the leading NoSQL database helping more than one hundred thousand users quickly and easily code, scale, and operate applications. MongoDB bridges the gap between RDBMS and key-value stores -- instead of storing data in tables and rows, MongoDB stores data in documents with dynamic schemas. Global companies relying on MongoDB for storage of their application data include 02, Craigslist, Disney, eBay, Forbes, foursquare, Intuit, Shutterfly, Telefonica, and UK Government Digital Services.
“We are excited to work with Gazzang to bring enhanced data security to MongoDB,” said 10gen’s CEO Dwight Merriman. “Together, we are addressing customer demand for robust data protection that helps meet compliance guidelines including HIPAA, PCI-DSS and EU directives, and is designed to keep big data applications safe from unauthorized access or malicious attack.”
10gen and Gazzang will host a webinar on Tuesday, July 10, 2012 at 11:00 a.m. EDT, to discuss the partnership. Click here to register for the webinar, and learn how Gazzang can help protect sensitive data in MongoDB.
10gen is the company behind MongoDB, the leading NOSQL database. 10gen leads development, builds community, and provides commercial services. MongoDB is an open source document-oriented database helping tens of thousands of companies quickly and easily deliver, scale, and operate applications. Founded by DoubleClick’s Dwight Merriman and Eliot Horowitz and led by seasoned technologists, 10gen is funded by Flybridge Capital Partners, NEA, Sequoia Capital and Union Square Ventures. 10gen global customers include 02, Craigslist, Disney, eBay, Forbes, foursquare, Intuit, Shutterfly, Telefonica, UK Government Digital Services, and over 500 others. 10gen has dual headquarters in New York and Palo Alto with offices in Dublin, London, and Sydney. For more information, visit www.10gen.com or www.mongodb.org. Follow us on Twitter at @MongoDB and @10gen.
Gazzang provides data security solutions and operational diagnostics that help enterprises protect sensitive information and maintain performance in cloud environments. Gazzang is backed by Austin Ventures and Silver Creek Ventures. For more information, visit www.gazzang.com.
Schwartz MSL for 10gen
I would like to say that I was amazed at reading Bill Brenner's latest blog in CSO's online magazine this evening. Unfortunately, I'm not surprised at all. According to Bill, for the second year in a row, Verizon has released a report claiming that 79% of companies fail their initial PCI audits. Over confidence, complacency and misplaced priorities are listed as three possible reasons for widespread PCI non-compliance, as well as the fact that companies just can't figure out how to comply.
Four requirements of the PCI Standards are listed as being the toughest, which companies are struggling with. Those are: requirements 3 (protect stored cardholder date), 10 (track and monitor access), 11 (regularly test systems and processes), and 12 (maintain security policies), all of which are directly linked to protecting cardholder data.
Wow, these seem like four pretty important requirements. Let's look at just the first, "Protect stored cardholder data." Yep, pretty important. If you're a business storing customer's cardholder data, and it's not encrypted with AES 256 encryption and a state of the art encryption key management solution, then you are putting your brand (and your business) at huge risk. In my opening, I mentioned that I was not surprised that such a large percentage of companies are not PCI compliant. The reason I'm not surprised is that I just went through the process of changing my debit card number for the fourth time in a year due to fraudulent activity on my account.
Last November, my card number appeared to have been stolen from one of my favorite Tex-Mex restaurants in Houston. Once regular patrons began to figure out that the restaurant's IT system had been breached and their personal information had been stolen, word spread like wildfire and their 30-year old brand was drug through the mud like yesterday's enchilada. It nearly destroyed the family business. Take this micro-level example, and multiply it with the power of social media when assessing the risk to a nation-wide (or world-wide) brand.
Let's get back to basics, and protect the stored cardholder data as a top priority. There are now simple to implement solutions out there (we happen to sell one) which can provide the level of security necessary to protect your ... customer's data.
Merchants of the world...please...protect our stored cardholder data. Besides the fact that it's dangerous to your customers, it's also dangerous to your reputation and your brand. And really, don’t make me learn to make my own enchiladas.
Link to article referenced: http://blogs.csoonline.com/1718/verizon_companies_still_stink_at_payment_card_security
In my last blog, I talked about the upcoming DNG file format for digital images and noted JPEG as being a good format for preserving your existing pictures. As important as the file format, is how and where you will store these valuable files. With so many new devices capable of capturing pictures, like smart phones, tablets and music players, keeping your files organized is a common and difficult problem to solve. Even a well-seasoned technologist like myself may find themselves copying off files from an SD card to later not remember where they are stored. Or, in an effort to free up space from a laptop, move files to an external drive to later edit a file and lose track of where the original file is stored.
Backup processes have long been a pain point for many IT departments. Over the years, many backup solutions have been developed and evolved. Now, these same backup problems are affecting a totally different market. Families are trying to keep organized hundreds of jpegs, mp3s, doc, ppt files that are proliferating on their personal laptops, smart phones, tablets and the number of devices just keeps growing.
Other affected markets are home offices and small businesses that are now taking advantage of the cloud and all of the benefits of software as a service models. An obvious question is, “where is data stored on the cloud and how does it get backed up?” With emails stored on gmail, documents on laptops, pictures on facebook and blogs on wordpress, there is no central location for all of your valuable data. What happens if you need your data and you don't have internet access, or what happens if you lost some important documents and you need to recover them, where is the backup?
I recently looked into low-cost backup systems that can be used for home and small offices, including the online backup services. As a technologist, I often find non-tech savvy friends and family asking me how they can backup and manage all of their data. Let me start by saying that there is no silver bullet, and much like finding the right car for you, there is a backup solution that is right for your amount of data, technical skills and discipline to backup.
Below are few good tips to help find the backup strategy that is right for you.
Keep your data organized: It is much easier to have a good backup strategy if you know where all of your data is. If you have your data spread across many devices, you will end up making backups of the same data in multiple places – making it difficult to recover when you need it.
Keep your personal and work files separate: You will want to have a backup strategy for all of your personal files that goes to one location and your work files that will be backed up elsewhere.
Macs make it easy: If you happen to have an all-Mac environment (iphone, macbook, ipad, ipod, etc.), look no further. The Mac has a great solution for you with Time Machine and iCloud. For the rest of the world, we need to worry about compatibility for Windows, Mac, Androids, iphones. Keep this in mind and look for solutions that support a wide variety of devices.
SAAS offerings abound: There are many online SAAS solutions like http://www.carbonite.com, http://mozy.com/,http://www.dropbox.com/, http://www.crashplan.com/. The major advantage of these is that there is no hardware to purchase, they are easy to use and are instantly available to you. Some of the disadvantages are that the initial backup over the web may be slow, there is a risk of vendor lock-in and there is a recurring cost for the service.
Buy an external hard drive: External hard drives are a good first step in the right direction if you currently have no backup solution. For less than $100, you can purchase a 1TB external drive where you can backup thousands of files from the family or home office laptop, and most likely, sufficient to storage for all your music and pictures all on a single drive. Just plug the external drive into your PC or Mac and backup your files on a regular basis, then keep the drive in a safe location.
Check out NAS: A better solution to the external drives is to setup a Network Attached Storage (NAS) device on your home or small office network. These devices have been used in IT departments for many years but are now fit with consumer-friendly backup software for a new consumer market. These devices can easily plug into your existing router, accessible from any of your network devices. They usually provide tools and software to backup all of your data in a single location without being a technical guru. I highly recommend that you look at http://www.synology.com and http://www.qnap.com/ NAS and go from there to other vendors for other features and prices. And for lower-cost solutions, look for a NAS with bundled drives like http://www.netgear.com/home/products/storage/ or www.seagate.com/blackarmor/.
For any of these backup solutions, take the time to make sure the data is stored securely. Encryption will protect your data in case the data is compromised. Some of these devices like the NAS have built in encryption mechanisms. Other solutions will require you to have your own encryption software. If you are a Gazzang customer and using ezNcrypt, you can backup your encrypted data with the peace of mind that not only your data is secure but your encryption keys are also secure.
This article is not an in-depth analysis of backup solutions, nor examines all of their pros and cons. There are plenty of resources online to do your research. This is really more of a reminder to all to keep your data up and safe. The longer you wait to implement a solution, the bigger the problem will grow. And there will always be a better solution. If you only have a smart phone or tablet, try one of the online backups systems. If you are currently using an external hard drive, well those drives can fail. You may consider a NAS with mirrored hot swappable drives. If you are already using a NAS with all redundancy, then maybe plan to have your data encrypted and stored on Amazon Storage, or maybe you need to consider offline storage and send the drive to a safe and fireproof vault.
In summary, if you are like most people and have files, pictures, music spread all over multiple gadgets, start your research with the resources listed here to find a backup solution that is right to you, or to re-evaluate your current data organization, data security and encryption of your valuable data.