Category Archives: compliance

Parallels Mac Management Update: SCCM Branch Version 1802 will Force PKI Compliance for Users

As you know, Microsoft SCCM is updated periodically with what Microsoft calls branch versions. Since the first branch version, 1511, Parallels® Mac Management for Microsoft® SCCM has not had any down time due to Microsoft’s changes.  Jason Sandys, a Microsoft MVP and friend of Parallels, recently tweeted about the latest branch version—1802—and some rather big […]

The post Parallels Mac Management Update: SCCM Branch Version 1802 will Force PKI Compliance for Users appeared first on Parallels Blog.

Deloitte and Cloudera create compliance service in the cloud

CloudProfessional service company Deloitte and cloud operator Cloudera have launched a jointly created cloud service that helps financial services people meet their compliance obligations more easily. It aims to specifically ease the workload created by the supervisory rules of the capital analysis and review (CCAR) process.

The Deloitte CCAR service aims to help companies cope with the masses of data needed to stress test financial products as regulations constantly change. Annual CCAR supervisory rules regularly specify new scenarios and datasets to be used in credit risk, liquidity risk, market risk, pre-provision net revenue (PPNR) and capital management models.

The cost and time involved in constantly processing these complicated variables, in order to generate the forecasted stress estimates, is escalating as the number of quarterly and yearly models multiples, according to Deloitte.

The Deloitte-designed solution includes accelerators to streamline data selection, data quality, variables conversion, data ingestion and management and to convert or migrate models to the SAS DS2 or Apache Spark or Python programming languages.

Cloudera was approached to use its expertise in Apache Hadoop open source software frameworks in order to create the visualization and dashboard tools promised in the system. The tools are designed to interact with the results of stress tests so they can quickly identify trends and potential sources of risk.

Deloitte built accelerators in Spark that cater for a wide variety of contingencies, which cuts the cost and risk of migrating existing CCAR models into an open source environment at first and into  the SAS DS2 once it is released.

“The current regulatory environment that our clients face is more complex than at any time in history,” said Ashish Verma, director at Deloitte Consulting LLP. “This complexity in regulation has led to complexity in data management, making compliance very costly with little benefit to the business.”

Cloudera has created a ‘cost effective solution’ to the problems faced by clients, said Verma, “storing this data within Cloudera Enterprise means companies can perform additional non-compliance analysis and potentially develop a deeper understanding of their businesses.”

Rackspace launches managed security and compliance service for enterprise cloud clients

Security concept with padlock icon on digital screenRackspace has announced new managed security and compliance assistance services to protect businesses and mitigate the risk of cyber threats. These services will give Rackspace clients ‘holistic’ coverage across cover complex, multi-cloud environments, it claims.

The service will provide consultation and tailored security using Rackspace’s inhouse expertise. It can both improve security while cutting the cost of vigilance, Rackspace claimed.

The Rackspace Managed Security offering is to be backed by round the clock support from the Customer Security Operations Center (CSOC) at Rackspace headquarters and will open in October. The service comprises four elements: host and network protection, vulnerability management, threat intelligence and compliance assistance.

Host and Network Protection will protect against zero-day and non-malware attacks as well as traditional compromise tactics. Security Analytics uses a security information and event management (SIEM) system paired with big data analytics to collect and analyse security data from the customer’s environment. As part of its Vulnerability Management service Rackspace will scan its clients’ environments and tailor its responses to estimated threats. Meanwhile, its Threat Intelligence will use fuse information from 20 feeds with Rackspace’s own internal data to constantly redraw the changing threat landscape.

All this information will help clients meet their governance objectives, as part of Rackspace’s Compliance Assistance service, which offers detailed proof of configuration hardening and monitoring, patch monitoring and user observance, the service provider said.

This information, in tandem with detail about file integrity, will help cloud service managers and CIOs to keep on top of their mounting compliance challenge, claimed Brian Kelly, chief security officer at Rackspace.

“Cyber-attacks are the new normal for companies,” said Kelly. It will be a lot cheaper and quicker to use Rackspace to manage cloud services, said Kelly. “We have 16 years of first-hand knowledge managing IT infrastructure and direct experience with today’s complex threats.”

Secure File Delivery with an Audit Trail

My Docs Online has enhanced its web-based secure file delivery feature to add additional controls and a comprehensive delivery audit trail.

“We were the first to offer web-based file delivery, back in 1999,” said Stephen Campbell, CEO of My Docs Online, “and we’ve consistently enhanced and expanded our capabilities as user needs have evolved. What we are seeing now is the need for optional controls like passwords, variable expiration limits, and most importantly, a detailed audit trail documenting delivery and the ability to make changes after the fact. No other product offers our range of options coupled with an audit trail.”

In order to offer such a wide range of options without making the feature cumbersome to use, customization controls allow unneeded options to be hidden, allowing a streamlined, custom experience for each user. In addition, group administrators can control defaults and enforce group policies such as requiring passwords or setting a fixed expiration.

The new “Smart Label” feature allows users label a Share, and also save default values like custom comments and expirations for future use. Smart Labels also add more value to the Share Management portion of the product, making it easier to locate, verify and control Shares.

Users also have the option to generate a link they can send themselves, or select email addresses from an address book and let My Docs Online send the email.

The file delivery page displays the customer’s logo, and offers an optional zipped download of all files when there is more than one.

A web API is also available for third-party use.

More details are available in the My Docs Online FAQ.

When Businesses Share Files They Need Control, Tracking and Audit

When My Docs Online, an online file sharing and delivery service with 15 years experience, revamped their Share feature in July, they focused on control, tracking  and audit.

“We’ve been doing this for businesses and professionals for some time,” said CEO Stephen Campbell, “And we know that in addition to ease of use for both sender and recipients, the sender also needs the ability to control, modify, and track delivery.”

The result is the addition of a Share Management tool that lets senders see exactly what transpired on the receiving side, with download logging, IP addresses, and results. The new tool also allows easy cancellation, modification of expiration, addition or change to delivery passwords, and more.

The new release also introduced labels to allow tagging of a Share with a meaningful label, including “Smart Labels” that pre-determine delivery features including a default password, number of days before the delivery expires, and a pre-formatted comment.

“A decade ago all our file deliveries were done with My Docs Online sending an email on the customer’s behalf,” said Campbell. “Now fully 50 per cent of the time customers choose to get a link from us and send it themselves. The label option in part replaces the email address they are no longer including, making it easier to find and track a particular Share.”

Six weeks into the new release, the company has been able to gain some insight into usage patterns:

  • 8 percent of Shares use a delivery password for increased security
  • 59 percent involved a single file, and another third were for between 2 and ten files. Only one in a hundred Shares involved more than 30 files.

More stats and info are available on the My Docs Online blog.

PowerDMS Expanding in Orlando Aided by City Incentives

PowerDMS, Inc., a cloud-based document management software company, will expand its presence in downtown Orlando, Florida, adding 65 new jobs over the next three years and investing $400,000 into the region. In addition to being awarded a financial incentive from the City of Orlando, PowerDMS recently secured growth equity funding from Ballast Point Ventures and plans to use the investment to augment its sales and marketing team and enhance its technology platform by offering new features to its customer base, which includes law enforcement, public safety, healthcare and retail.

Founded in 2001, the company’s software platform provides “practical tools necessary to organize and manage crucial documents and industry standards, thereby helping organizations maintain compliance with constantly evolving industry accreditation protocols.”

Structured as a software-as-a-service (SaaS) model, PowerDMS combines attributes of Governance and Risk Compliance (GRC) and Enterprise Content Management (ECM) into its software platform, allowing customers to manage risk through living compliance documentation and content.

The application provides tools to organize and manage crucial documents and industry standards, train and test employees, and uphold proof of compliance, thereby helping organizations reduce risk and liability.

“Downtown Orlando is a great location for dynamic tech companies like PowerDMS,” said Orlando Mayor Buddy Dyer, “with a talented labor force, business friendly environment and high quality of life, Orlando has become an ideal site for corporate headquarters looking to expand.”

 

TWD & Associates, IP Data Solutions Partner For Compliant Cloud-based eDiscovery

TWD & Associates, Inc. (TWD), a communication and collaboration solutions provider for the public sector, today announced it has partnered with IP Data Solutions (IPDS), a Service Disabled Veteran Owned Small Business, to provide electronic discovery (eDiscovery) solutions for archived content systems.  Archived content, including legacy email and data files, are migrated to a secure, cloud-based environment with sophisticated, integrated software search tools, allowing users to quickly and easily locate documentation for litigation, research, Inspector General (IG),General Counsel, U.S. Government Accountability Office (GAO) and Congressional Budget Office (CBO) requests.

“Government agencies must comply with data retention and email archival legislation to ensure information is available and accessible,” said Larry Besterman, President and CEO, TWD.  “A normal eDiscovery process could require weeks to cull through existing archives.  Our solution allows a search to be performed in seconds.”

The eDiscovery solution works with customers’ current cloud strategies and is compliant with all federal mandates.  By placing archived email and files in the cloud, users have infinite scalability, allowing their data to grow or reduce in accordance with their retention policies.  It also has synergy with existing discovery systems, if current systems are in place across an organization.  The solution requires no hardware or software and is provided as a managed service, improving efficiencies, increasing cost savings and allowing accessibility from any location by an authorized user.  It allows agencies to integrate their storage, archiving and eDiscovery needs into one solution, reducing the requirements for duplicative data storage.

“Electronic discovery has traditionally been a very expensive and reactive activity,” said Gary Thompson, President, IPDS.  “Given these times of intense budgetary constraints, a solution like ours is valuable because it helps clients implement a more proactive, cost-effective and efficient approach to what is normally a complicated process.”

The cloud-based infrastructure is Statement on Accounting Standards (SAS) 70 Type II, PCI Data Security Standard (PCI DSS) Level 1, International Organization of Standards (ISO) 27001 and Federal Information Security Management Act (FISMA) compliant.  Additionally all client data resides within the continental United States (CONUS).

To learn more about the joint TWD and IPDS eDiscovery solution, call IPDS at (301) 519-8015.

SmartRulesR DLP Thwarts email Distribution of Confidential Info

New Zealand-owned cloud email security and hosting company SMX has released SmartRules DLP, designed to safeguard confidential information against unauthorized email distribution.

SmartRules DLP (Data Loss Prevention) is one of a number of new service improvements currently being rolled out by SMX, following research and development support from Callaghan Innovation.

SMX’s co-founder and chief technology officer, Thom Hooker, says the R&D funding has enabled SMX to accelerate software development in several key areas. He says SmartRules® DLP has been given urgent priority, following the recent security breaches experienced by Government organizations.

“SMX is the leading cloud email security solution used by Government organizations with around 60 Government sector customers,” Thom Hooker says. “SmartRules® DLP meets the most stringent compliance requirements with easy-to-use rule building and related compliance processes.

“Email makes it very easy for employees to accidentally – or intentionally – send sensitive documents to recipients outside the organization,” Hooker says. “By deploying SMX’s SmartRules® DLP, customers can define rules to block and report on employees attempting to send sensitive documents externally. SmartRules® DLP can be configured to detect visible data as well as scanning for hidden metadata. The use of hidden metadata tags inside documents makes it harder for users to subvert DLP rules looking for visible text – that is, by changing the document name.”

Hooker says SMX’s SmartRules® DLP can also detect sensitive content embedded in archives – such as .zip, .rar, .tar, .gz, and so on – and can be configured to block emails containing archives that cannot be opened – for example, password protected or unknown document types.

Another significant new enhancement to the SMX Cloud Email Security Suite, Hooker says, will be beefing up the SMX email hosting platform with enterprise-grade security, reliability and new features. SMX will offer 100 percent availability, as well as enterprise-ready tools such as shared calendars, online data storage similar to Dropbox, global address books and support for ActiveSync to sync contacts, emails and calendars with mobile devices.

AvePoint DocAve Update Adds SharePoint Governance Automation Features

AvePoint, announced the latest version of DocAve Governance Automation Service Pack (SP) 2. DocAve Governance Automation SP2 allows business content owners to make content move or copy requests directly within SharePoint or through a newly enhanced graphical user interface that promotes a more intuitive, user-friendly experience.

Governance Automation enables organizations to close the custom code gap created by homegrown governance solutions, by providing Service Catalog Offerings such as site collection provisioning, site provisioning, site collection lifecycle management, permissions management, and now, content move or copy requests.

Through an automated approval process and execution, business content owners can now request to move, copy, and restructure SharePoint sites, content, and topology within or across SharePoint environments while maintaining valuable metadata, security and versioning.

“An organization’s SharePoint environment is only as good as its ability to govern the users and content it supports. Governance Automation SP2 provides unique business advantages that redefine SharePoint as a service, allowing organizations the ability to more effectively deliver business-critical workloads and truly monitor and track what is being done in SharePoint on a daily basis,” said George Petrou, Chief Technology Officer at AvePoint. “Governance Automation is another piece to help solve the enterprise collaboration puzzle, providing organizations with the information management solutions to meet their needs now and in the future.”

Governance Automation SP2 addresses evolving information governance policies and organizational change management by enabling end users to submit content move or copy requests through an enhanced user interface or directly within Microsoft SharePoint via a webpart, giving business users the ability to submit requests on their own, increasing ease of use and productivity.

Enhanced features include:

  • Content Move or Copy Service Request: Within a single request and through a fully auditable approval process, business content owners have the ability to comprehensively move, copy and restructure SharePoint sites, content, and topology, along with their corresponding security settings and metadata, across SharePoint farms. Governance Automation also provides developers the ability to request sample production data for in development or testing environments for increased application reliability and improved quality assurance. Requests are then automatically executed by Governance Automation, optimizing operational efficiency and proactively protecting against compliance infractions, thereby enabling your IT resources to perform higher business value activities while ensuring content is only changed by those with the proper permissions to do so.
  • Newly designed graphical user interface (GUI): Designed to mirror SharePoint 2013 and Microsoft Windows 8 style, the newly designed GUI provides users with a simple but contemporary workspace that is effective either as a standalone tool or as a webpart in SharePoint.  Governance Automation’s new GUI was designed for improved usability and intuitive user interaction in order to promote end user adoption and resolve ambiguity around requesting services from IT administrators.

DocAve Governance Automation SP2 is generally available today, March 5, 2013. For more information visit AvePoint’s website.

SaaSID Releases CAM 2.0, Adding Audit Dashboard for Security, Compliance

Web application security provider, SaaSID, has launched Cloud Application Manager 2.0 (CAM), the latest version of its browser-based authentication, management and auditing solution. CAM 2.0’s comprehensive audit report is now displayed in CAM Analytics, an intuitive dashboard that provides clear visibility of Web application use throughout an organization. The new software simplifies administration of authentication, feature controls and password management to help CIOs comply with data security regulations, standards and internal policies, by making it easier to govern, monitor and audit every user interaction with Web applications.

CAM 2.0’s comprehensive suite of dashboards in CAM Analytics provide at-a-glance graphics, showing managers exactly how employees are interacting with Web applications and associated corporate data, regardless of whether employees are working on company workstations or personally-owned computing devices. Detailed analytics provide managers with a complete overview of Web application use and the ability to drill down into reports for additional information. Activities such as exporting customer lists, or attaching sensitive files to Webmail, are tracked and clearly displayed for compliance. A range of graphic elements show social media activity and interactions with corporate applications, providing managers with complete visibility of departmental and individual use of Web applications.

CAM 2.0 users can now be authenticated and logged into Web applications from the SaaSID server. This server-side authentication improves security by ensuring that log-in credentials are protected from malware that might be present on an unsecured device. Users do not know their login details, so they cannot write them down, share them, or access managed applications from unprotected devices. Once CAM 2.0 has authenticated a user, the session is handed to the device and the user works with the application as normal.

Additional new features within CAM 2.0 include:

  • The new Restriction Learning feature which allows in-house IT staff to apply their own restrictions to application features. The simple GUI allows administrators to test the effect of restrictions prior to implementation.
  • Support for more two factor authentication solutions, including offerings from RSA, Vasco and ActivIdentity.
  • The new Password Wizard which learns the workflow for Web application authentication processes, enabling automated password resets. Organisations can use this new feature to change passwords at chosen intervals and to enforce strong password security for all Web applications managed by CAM 2.0: saving administration time and support costs, without impeding productivity.

CAM is a browser extension that goes beyond single sign-on (SSO) by enabling IT staff to manage Web application features according to employee roles. CAM assists organisations in maintaining security and compliance when they adopt Web applications and implement bring your own device (BYOD) programmes, by creating a comprehensive audit trail of all employee interactions with these Web applications.

To request a free trial or a demo of SaaSID’s CAM 2.0, see www.saasid.com.