25. January 2011 · Comments Off on SaaS Compliance solution from Navajo Systems · Categories: blog · Tags: , , , , , , ,

While there are many compelling benefits to Software-as-a-Service solutions like Salesforce, SuccessFactors, and Gmail, there are also privacy, security and compliance inhibitors which arise from the fact that SaaS application data is stored in clear text.

For many organizations, encrypting the communication between users and SaaS applications is simply not enough. Some large organizations have resorted to installing SaaS applications in their datacenters to meet privacy, security and compliance requirements. This way they get some of the SaaS application benefits but still must endure the real estate, power, hardware, communications, and associated administrative expenses themselves.

Some organizations have restricted the use of SaaS applications to those where clear-text data does not run afoul of regulatory issues.

The ideal solution would  be to encrypt data on the way into and back out of the SaaS applications. SaaS backup solutions, for example, have been doing this for years. The file metadata stays in clear text but the files themselves are encrypted. However, for data-oriented applications like Salesforce, SuccessFactors, and Gmail, standard data encryption does not work because once the data is encrypted, you cannot search or sort on it.

Finally, a solution has come to market – Navajo Systems – which allows you to meet regulatory compliance requirements for storing, for example, Personally Identifiable Information (PII) and Protected Health Information (PHI) in SaaS applications. Navajo’s breakthrough is an encryption algorithm which allows searching and sorting. In other words, data is encrypted before it leaves your organization and is stored in the SaaS application in that same encrypted form, yet can be searched and sorted in a way that is both transparent to the SaaS application and to the users!!

Only you have the encryption keys. No one at the SaaS vendor can read your data. Full disclosure, Cymbel is partnering with Navajo. We would be glad to show you exactly how this works.

Here are links to more information about SaaS Compliance and Navajo Systems.

06. November 2010 · Comments Off on Microsoft responds to Firesheep cookie-jacking tool – The H Security: News and Features · Categories: blog · Tags: , , , ,

Microsoft responds to Firesheep cookie-jacking tool – The H Security: News and Features.

It’s hard to believe that Firesheep is only two weeks old. In response to Firesheep,¬† Microsoft said it will convert its Hotmail / Windows Live email service to SSL. Google did this for Gmail some time ago, well before Firesheep.

Facebook says it will also address the issue in the coming months.

So there is no doubt that more and more web traffic will be SSL encrypted and hidden from corporate control. I wrote about this last week, Easy fix for Firesheep creates a problem for enterprises.

10. October 2010 · Comments Off on New Password Not Enough to Secure Hacked E-mail Account | threatpost · Categories: Security-Compliance · Tags:

New Password Not Enough to Secure Hacked E-mail Account | threatpost.

Good set of recommendations for Gmail users. If you Gmail account is hacked and you change your password, you could still have problems. Make sure you do the following:

  • Check your filters
  • Check the Password Recovery settings
  • Check for Authorized applications