Forrester analysts Heidi Shey and John Kindervag recently released a Strategy Deep Dive report focused on a topic that is near and dear to us here at TITUS – Defining Your Data. (more…)
Archive for the ‘Uncategorized’ Category
Back in August, the TITUS marketing team sat in a meeting and brainstormed for the name of our first information security conference. With a list of names starting with every letter of the alphabet it was a very introspective exercise for our entire team. After multiple meetings and a few great debates, we came full circle and all agreed to the first conference name proposed…..FOUNDATIONS. (more…)
“Everything that happens once can never happen again. But everything that happens twice will surely happen a third time.”
That just about sums up our feelings as we head into our third year as a Silver Sponsor of the RSA Conference in San Francisco. Back in 2011…incredible debut for TITUS at the conference. 2012…wow, what an amazing week! 2013…only time will tell, but if the lead up to the show is any indication, we’re going to have a busy, fantastic, one-of-a-kind week in San Francisco!! (more…)
Mobile email security: Why using a lightweight container is the recommended approach for both security and work/life balanceThursday, December 13th, 2012
It’s no secret. I dress up at work. It is not required at my workplace, nor is it necessarily the culture. It’s a personal choice. I think it provides benefits for my work life, as well as my home life. How does dressing up at work help in my personal life? And what does this have to do with mobile email security? Good questions.
We all know mobile devices are everywhere. We all see the stats. We all have one. Most of us use our mobile devices for both personal and business endeavors. For employees and managers alike, mobile computing is a welcome trend. They can check their email and conduct other business in any location. If they can combine work and personal information on their device, they only require a single device for all their needs. This causes a serious security problem, especially for the most used app on any mobile device: email. Today’s smartphones make it difficult to draw the line between personal and business email, as both business and personal email (and their attachments) tend to live all in the same place, and without separation. This is where the problem of protecting business information, all mixed together with personal information becomes very difficult. With more and more users mixing business and personal data on their mobile devices, the risk of a data leak occurring from email increases significantly because:
- Mobile devices are often used in public environments, where users are more likely to get distracted. This increases the potential for mistakes and accidental emails.
- Mobile devices are easily lost, misplaced or stolen. How do we protect sensitive data on the missing device?
- Privacy/e-Discovery. How do organizations know what data is on the mobile device? How can this data be found for e-Discovery purposes? What right does the company have to data on the device, when business data is mixed with personal data?
What is the answer to mitigating this biggest mobile risk of email? Dress up at work.
Transforming the Security Classification System – or, Why don’t I know what really happened at Roswell?Tuesday, December 11th, 2012
I will save you the time, the report from the Public Interest Declassification Board will not tell you if we have made alien contact, but, it does make recommendations on the use of Classification, how and why Declassification is important and that Technology will facilitate both.
It is important to remember that we live in an age of instant information and communications. Unable to remember who the first Archivist of the United States was? Just Google it! Why should I not be able to do the same for any Governmental document? The answer is simple. You may not have a need to know, the information is still classified, or it is stuck in the approximately 400 Million back log to be reviewed for declassification. This report outlines ways to address your right to know, the fact that it is still classified (possibly unnecessarily over classified) and how to remove that 400 Million back log. (more…)
On Tuesday we gave a joint presentation with McAfee and NATO called “NATO and TITUS – Intelligent Data Loss Prevention with Endpoint Classification”. There was a great turnout for the presentation with a full house of about 200 people in the room. John Tatman, Principal IA Engineer, NATO talked about how the joint TITUS McAfee solution is helping NATO protect its information. Also discussed was how the TITUS products now plug seamlessly into the McAfee EPO management environment. EPO can be used to deploy the TITUS classification tools, and can also be used to log and report on classification events within the enterprise. This combined TITUS McAfee reporting solution can give you an idea of how classification is being used within the enterprise, as well as policy violations such as trying to downgrade classifications, or send sensitive information outside the organization. For more information on this solution see our press release at http://www.titus.com/press/2012/NATO_TITUS_McAfee_Release.php
In their keynote this morning, McAfee talked about what they will be enabling in EPO V5. They demonstrated the concept of real time EPO in EPO 5.0. This real time concept allows administrators to query, in near natural language, what is happening in their environment. The answers don’t come from a compiled database of information, but rather from information collected in real time. One of the example queries was “Show me all running applications on my system”. This query can report on any rogue or unsupported applications being run in the system. Once you have this real-time information, you can use it to do real time risk mitigation. In the above example you could remove or prevent the non-approved applications.
Back to the sessions. Signing off for now.
Last week, Microsoft held its annual Worldwide Partner Conference in Toronto, Canada amidst 16,000 partners. This conference is a forum for Microsoft partners to network and share information with each other, and is a great arena to catch the latest news and product announcements while sharing new business models and products.
For many organizations, Microsoft is an important partner, and TITUS is no different, and in 2012, the TITUS and Microsoft relationship has never been stronger! This year at WPC, Microsoft asked TITUS to showcase some of the innovative ways we harnessing Windows Server 2012 technology, which releases later this year. TITUS took this opportunity to show how we can extend Dynamic Access Control to SharePoint 2010. This means that organizations can set permissions centrally with DAC, and security policies can be changed centrally and then be immediately enforced in SharePoint. There would be no need to go and change the security in SharePoint to accommodate a change in policy.
Charlie blogged about some details on this innovative solution here.
We saw lots of great traction with this technology at the conference, where Microsoft had a big focus on Windows Server 2012. Partners were very interested in how we were extending the already powerful capabilities of DAC. We were also wow’ing Microsoft by bringing SharePoint into the Server 2012 equation.
All in all this was a very valuable show and will lead to much more innovation with future and existing Microsoft technology, so stay tuned!
TITUS recently achieved “McAfee Compatible integration to ePO” status for all three of our classification products (TITUS Message Classification, TITUS Classification for Microsoft Office, and TITUS Classification for Desktop).
You’re probably thinking, “But we’ve known for a long time that TITUS worked well with McAfee DLP so now what is different and why should it matter to me?”
In Part 4 of this blog series on Dynamic Access Control we discussed how to configure Claim Types in order to be abe to use user claims in Central Access Rules. In Part 3 of the series we discussed how to configure Windows Server 2012 Central Access Rules. In this, the final post of our blog series we’ll discuss how Central Access Rules can be deployed to the enterprise using Central Access Policy.