Around our office there is a lot of talk about “hybrid Cloud” as we help our customers create strategies to safely migrate from on-premise to cloud storage and applications. A hybrid cloud strategy provides both flexibility and peace of mind, enabling organizations to ease into utilizing the Cloud at their pace. The actual challenge however is not finding the right balance between on-premise and the Cloud, but coping with the multitude of cloud options.
Archive for ‘Compliance’
TITUS is excited to announce the addition of Outlook for Mac to our Classification for Outlook offering!
Email is everywhere. It’s across various platforms and devices, even within a single organization. While the majority of users may still be on Windows based computers, more and more are beginning to choose Macs.
According to Aberdeen Research, 20% of organizations have enterprise email installations that include both Windows and Mac. In isolation, this number may not seem particularly large, but often these Mac deployments are on desktops where the most sensitive information resides – primarily executive offices, as well as designers and developers.
If your efforts to secure the information transmitted via email is limited only to certain members of your organization, you are risking breaches of either your own intellectual property (IP), or of PII, PCI or PHI. You don’t want to spill your secret sauce, or face the possibility of loss of consumer trust, market share, or substantial fines.
During a recent TITUS event, I had the opportunity to listen to a conversation between a deployed customer and another still in the planning phase that highlighted the classification challenges many organizations are facing. The questions being asked of the deployed customer weren’t technical ones, but focused on business transformation, such as:
- How did you train your users on the meaning of the classification levels?
- Would you recommend a full-fledged, single phase implementation or break it into several smaller phases?
- How much did you choose to involve the workers in the application of classification at first?
On 28th May 2018, the European Union (EU) General Data Protection Regulation (GDPR) will come into force with harsh fines and onerous implications. The primary goal of GDPR is to harmonize the protection of personal data across all EU member states. It will have an impact in the EU and around the world, affecting any organization that handles the personal data of EU residents. Don’t let that seemingly distant date delay you from starting to prepare.
As a Brit who thinks our country is great, but also a European who spends a large part of his time travelling around the continent, I was shocked to find that the UK electorate voted to leave the European Union! If I’m honest with myself, I didn’t see it coming. My general impression of the British public is that, on the whole, we are conservative with a small “c” and typically vote to maintain the status quo. – the grass is very rarely greener…
I think that I communicate with my colleagues almost as much via email as through verbal communications – even those I share an office with. In fact, probably about a third of the verbal communications are social interaction rather than direct business discussion. In email, however, most of the communication with my colleagues contains business information, sometimes including large attachments containing sensitive strategic plans. And unlike a verbal conversation which is lost to the ether, email endures. So, while talking about business plans outside the office where someone might overhear has some risk to the company, sending an email to the wrong recipient can be significantly more damaging. Yet, organizations are still not protecting themselves from these accidental breaches.
As a case in point I offer you this example from the National Football League (NFL). It is reported that on July 1st, the New Orleans Saints intended to send an email to the NFL head office regarding their plans to pick up a player who was just put on waivers (released) by the Cleveland Browns. The email, however, was accidentally addressed to the entire league. In other words, they broadcast their plan to all of their competition.
I was speaking at an event in Stockholm recently, and was preceded by an eminent lawyer in the field of data protection. He was telling the audience how, after years of discussion, the European Union’s new data protection framework, the EU General Data Protection Regulation, has finally been agreed upon. He gave lots of detail on the specific obligations organisations will now have to comply with to ensure the protection of personal data, but in essence his message boiled down to three things:
• You are accountable and need to be able to demonstrate compliance coherently across your processes, employees and systems
• If you get it wrong, it’s really going to hurt
• You need to start thinking about how to become compliant before it’s too late (more…)
Data privacy in the cloud continues to be a hot topic for regulators. This week, I’d like to cover two important data privacy developments that have a tie-in to concerns about US surveillance programs and cloud data. The first is the US Email Privacy Act, and the second is the revocation of the US-EU Safe Harbor agreement.
Email Privacy Act
The Email Privacy Act is a proposed US Federal law that would require the government to obtain a warrant before accessing email, text messages, and other private content stored in the cloud by Internet Service Providers.
If your organization is a bulk power system owner or operation in North America, then you probably already know that you need to be compliant with NERC CIP v5 by April 1, 2016.
For readers who are not familiar with the topic, North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. NERC develops and enforces Reliability Standards, including Critical Infrastructure Protection (CIP) standards to secure cyber assets essential to the reliable operation of the electric grid.