Category Archives: New Zealand

CSA lends prototype compliance tool to six-year cloud security project

The CSA is part of the STRATUS project, a six-year cybersecurity project

The CSA is part of the STRATUS project, a six-year cybersecurity project

The Cloud Security Alliance (CSA) said this week that it is lending a prototype data auditing and compliance regulation tool to the STRATUS initiative, a six-year multi-million dollar cybersecurity project funded by New Zealand’s Ministry of Business, Innovation, and Employment.

STRATUS, which stands for Security Technologies Returning Accountability, Transparency and User-centric Services in the Cloud, is a project being led by the University of Waikato intends to develop a series of security tools, techniques and capabilities to help give cloud users more control over how they secure the cloud services they use.

As part of the project the CSA showed how cloud data governance could be automated by applying auditing guidelines (CSA Cloud Control Matrix, ISO standards, etc.) and compliance regulations using a recently developed online tool.

The organisation, which is leading the data governance and accountability subproject within STRATUS, said it would also help support STRATUS’ commercialisation efforts.

“STRATUS’ approach to research commercialisation is different from typical scientific research grants,” said Dr. Ryan Ko, principal investigator of STRATUS, and CSA APAC research advisor.

“STRATUS understands that for cloud security innovation to reach a global audience, it will require a platform which will allow these cutting-edge cloud services to quickly align to global best practices and requirements – a core CSA strength given its strong research outputs such as the Cloud Controls Matrix and the Cloud Data Governance Working Group,” Ko said.

Aloysius Cheang, managing director for CSA APAC: “We have developed a prototype tool based on our work so far, that has received positive reviews. In addition, we are working to connect STRATUS and New Zealand to the CSA eco-system through our local chapter. More importantly, we are beginning to see some preliminary results of the efforts to connect to dots to commercialisation efforts as well as standardization efforts.”

The organisation reckons it should be able to show off the “fruit of these efforts” in November this year.

NZ Ministry of Health taps IBM gov cloud

NZ's Ministry of Health is moving some of its core services onto IBM cloud

NZ’s Ministry of Health is moving some of its core services onto IBM cloud

New Zealand’s Ministry of Health has enlisted IBM to help the department set up a cloud-based system to support the country’s national healthcare IT infrastructure.

The Ministry manages a set of technical services that support both internal IT systems and national health systems including the National Health Payment System, which processes transactions for pharmacies and healthcare providers, and a National Health Index, which supports planning and coordination in health service delivery.

The deal will see the Ministry deploy all of its internal systems on IBM’s managed cloud infrastructure (hosted in-country) for a minimum of five years.

“The agreement is a key element in improving the Ministry of Health’s ability to deliver shared services for the sector, which enables secure access to personal health records for patients and their health care providers,” said Graeme Osborne, Director of the National Health IT Board. “Our aim is to improve productivity and patient safety, and enable new models of care through strategic technology investments.”

The move follows an pledge made by Health Benefits Limited, the crown company set up in 2010 to support health service provision, to consolidate the infrastructure of all twenty District Health Boards onto IBM’s cloud platform.

“We continue to invest in advanced technology infrastructure vital for New Zealand’s long-term economic growth. IBM’s cloud services offer customers like the Ministry of Health the most comprehensive enterprise-grade cloud environment in New Zealand and will support new, enhanced services for the public, suppliers and staff,” says Andrew Buchanan, cloud business leader, IBM New Zealand.

“This agreement further demonstrates our leadership and commitment to health care innovation,” Buchanan added.

SmartRulesR DLP Thwarts email Distribution of Confidential Info

New Zealand-owned cloud email security and hosting company SMX has released SmartRules DLP, designed to safeguard confidential information against unauthorized email distribution.

SmartRules DLP (Data Loss Prevention) is one of a number of new service improvements currently being rolled out by SMX, following research and development support from Callaghan Innovation.

SMX’s co-founder and chief technology officer, Thom Hooker, says the R&D funding has enabled SMX to accelerate software development in several key areas. He says SmartRules® DLP has been given urgent priority, following the recent security breaches experienced by Government organizations.

“SMX is the leading cloud email security solution used by Government organizations with around 60 Government sector customers,” Thom Hooker says. “SmartRules® DLP meets the most stringent compliance requirements with easy-to-use rule building and related compliance processes.

“Email makes it very easy for employees to accidentally – or intentionally – send sensitive documents to recipients outside the organization,” Hooker says. “By deploying SMX’s SmartRules® DLP, customers can define rules to block and report on employees attempting to send sensitive documents externally. SmartRules® DLP can be configured to detect visible data as well as scanning for hidden metadata. The use of hidden metadata tags inside documents makes it harder for users to subvert DLP rules looking for visible text – that is, by changing the document name.”

Hooker says SMX’s SmartRules® DLP can also detect sensitive content embedded in archives – such as .zip, .rar, .tar, .gz, and so on – and can be configured to block emails containing archives that cannot be opened – for example, password protected or unknown document types.

Another significant new enhancement to the SMX Cloud Email Security Suite, Hooker says, will be beefing up the SMX email hosting platform with enterprise-grade security, reliability and new features. SMX will offer 100 percent availability, as well as enterprise-ready tools such as shared calendars, online data storage similar to Dropbox, global address books and support for ActiveSync to sync contacts, emails and calendars with mobile devices.