Biscom Delivery Server Blog

File sharing sites have never been known for their security but now physicians are starting to put their patients’ data up on these peer to peer sites, potentially exposing private and confidential information, and clearly violating HIPAA requirements.

Healthcare IT News is reporting on this study and it’s really quite scary: http://www.healthcareitnews.com/news/docs-file-sharing-risky-business-patient-data

The International Legal Technology Association (ILTA) just published its March issue of Peer to Peer magazine. You’ll find an article I authored on data breaches, privacy laws, and how secure file transfer can help companies distribute their confidential information while complying with various legal requirements. You can also use this link to download the specific article as a PDF.

Just got back from the RSA conference in San Francisco last week. It was quite a show — some heavy hitters were in attendance, including Secretary of the Department of Homeland Security Janet Napolitano, FBI director Robert Mueller, and a very cryptic NSA spokesperson. For you geeks out there, Whifield Diffie, Martin Hellman, Ron Rivest, Adi Shamir, and David Chaum played big parts in the keynotes and panels. It was interesting to see both the public and private sectors well represented here compared to previous RSA conferences, and there was definitely more openness between the two. The paranoia level was high, with many keynotes commenting on organized cybercrime, cyberwarfare, cloud security. Janet Napolitano actually tried to recruit hackers and other security talent for DHS in Hollywood-esque fashion!

The sessions were actually quite good, with tracks in application development, law, hackers and threats, data security, policy and government, and governance, risk and compliance. One session I attended on data breaches was interesting; the speaker asked the audience to raise their hands if they had experienced a data breach, and three quarters of the room raised their hands. Data breaches are occurring, and to their credit, companies seem to be aggressively pursuing a strategy of prevention over cure.

Our Legal Practice Manager Charlie Magliato is going to be hosting a webinar on managing large email attachments, with special guest Bruce Bial, IT Director at Riemer & Braunstein. You’ll see how Bruce and his team implemented BDS to handle their secure file transfer needs and eliminated large file attachments from going through their Exchange server.

The webinar is scheduled for Thursday, February 25, 2010 from 2-3pm EST.

Click here to register!

The Ponemon Institute released a new study on the Federal government accessing your electronic health records. The study showed that people actually care about their privacy, at least when it comes to government workers.

See the article in Forbes.

Up to $204 per compromised record. That’s the latest data the Ponemon Institute has collected based on their annual study. Ellen Messmer’s PC World article on the cost of data breaches again supports the notion that, just like your doctor keeps telling you, preventive strategies will save you in the long run, in more ways than one.

The article also contains a link to the 2009 Data Breach Hall of Shame, which is interesting reading. Heartland Payment Systems topped the list with 130 million records breached through SQL injection! Ouch.

Google is not infallible? That’s crazy talk. Well, this apparent leak just goes to show that no company or organization is truly safe from data breaches. This was not an intentional or malicious data breach, and most data breaches are not — it was  simple human error, which is never going to be extinguished as a potential chink in a company’s data protection armor.

If Google were using Biscom Delivery Server for its secure communication however, this could have been avoided. Even if it was sent out in error (which even the best DLP solutions may not catch), the recall feature of BDS could have prevented the leak.

Read about the leak here: http://www.pcworld.com/article/186719/google_blames_human_error_for_data_leak.html

Biscom was interviewed by the Boston Business Journal a few weeks ago, and the story just came out. At a time when many high tech businesses in Boston are hurting, Biscom stands out as a profitable, growing company, and it’s nice that we’re being recognized for that.

Biscom’s roots do go back to computer fax technology (Biscom invented the category of a computer-based fax server back in 1986), but Biscom has expanded its scope to include all kinds of document delivery, including secure file transfer, workflow, imaging solutions, cloud-based offerings, VM appliances, and Fax over IP.

You can read an excerpt here, but you’ll need to register to read the full story.

Sean Doherty at Law.com wrote a great review of BDS. I’m impressed with the level detail he included in his review — he really dug down deeply into the configuration and setup, but he also goes over usage scenarios in just as much detail. Sean’s audience is probably on the more technical side, and he gives that audience the necessary technical specifics they’ll want to hear about, but he also does a fine job of describing the business case for secure file transfer at a high level. I’d say this is a good primer for people in IT who would be responsible for deploying our solution.

I talked to Kelly Jackson Higgins from Dark Reading for an article she was working on. She’s been covering IT for a number of years, and her latest article discusses one aspect of a growing threat — the dangers of malicious software capturing FTP credentials and using them to hack into legitimate web sites. Because FTP is prevalent for updating web sites, having the credentials gives hackers the opportunity to inject their own code into web pages unbeknownst to the site owner. These infected pages may redirect a visitor in a phishing scam, collect user credentials on login pages, or spread the malware or bot to increase the scope of infection. There are a number of other vulnerabilities in FTP that makes it hard to justify as a viable file transfer solution, and this is just one more nail in the FTP coffin.

We’re pleased to announce that Traveling Coaches just completed our Reseller Certification program, and we’re excited to have a partner that is focused on secure file transfer for law firms. In addition to selling BDS, Traveling Coaches provides consulting, application integration, and IT support for over 650 law firms in North America.

”Our clients have long struggled with large file transfer and Biscom has the only simple, secure solution on the market.  We are excited about this partnership to provide our clients with the right technology at the right time”, said Gina Buser, CEO and co-founder of Traveling Coaches.

Biscom just launched its cloud offering for BDS - a secure file transfer solution that is now available on a monthly subscription basis. We’re pretty excited about this. We’ve been running a select few customers on our cloud for a while now, and have officially opened it up for all customers.

We’ve partnered with Amazon’s Elastic Compute Cloud (EC2) to provide a robust, reliable (99.95% uptime) infrastructure to host the BDS application.

For more information, see the web page on BDS in the Cloud.

Microsoft’s biggest SharePoint show of the year in Las Vegas was a pretty big success. They were sold out (7400 attendees) completely, and the Microsoft fanboys were out in force. Luckily, Microsoft was there feeding them some good information on SharePoint with a plethora of classes, sessions, and discussions.

We had a booth out there showing off our SharePoint integration with our SFT and fax products. Some good interest. Didn’t notice any other MFT/SFT vendor there however. We got quite a few SharePoint system integrators and developers who were interested in our Web services APIs to add secure file transfer and inbound/outbound fax to their solutions.

I attended several of the sessions while I was out there. One of the most lively was an analyst panel which was probably the most intense and argumentative events I’ve seen. Most analysts either seem to agree for the most part, or politely disagree. At this session, phrases like “you’re wrong” were flying back and forth. That was fun.

Otherwise, the big news is SharePoint 2010 and various announcements surrounding the next release. The analysts suggested waiting for the first service pack before moving it into production, which is of course the wise, conservative approach.

SharePoint 2010 sounds like a pretty big step up from 2007. A lot more functionality, flexibility, search power (adding FAST searching), and focus on personalization, a la FaceBook, and community. One of the cooler demos shown was the ability to directly pull data from SQL databases and show that data in a list. Users can also make CRUD changes from within SharePoint and have it automatically update the back end database.

Of course, Steve Ballmer was there at the keynote. I was hoping to see some crazy dancing, or at least some hopping around, but no, he was pretty calm. Of course, he’s so loud he really didn’t need a microphone to reach the entire auditorium.

We’ve been a VMware partner for a bit now, but I’m happy to announce our inclusion in the VMware Virtual Appliance Marketplace. Although customers have been running BDS in virtualized environments since 2005 (it was one of our founding tenets to be VM-compatible), we’re extremely pleased with our stronger ties to VMware and support for the VM platform. It’s truly a great platform on which to develop, test, and deploy applications.

Some of the advantages of running a secure file transfer application in a VM:

• Extremely fast deployment (and re-deployment if necessary).
• Increased security when splitting out the presentation, application, and data tiers using separate VMs.
• Bundled VM appliance is a complete package and pre-configured for you.
• Small footprint, effective and efficient use of CPU/memory and other computing resources.
• Centralized management.
• Of course, all the other VM advantages, including reduced power consumption, better rack space utilization, easier administration, etc.

Also, visit our site’s VM page: http://www.biscomdeliveryserver.com/solutions/vm.html, for more information on BDS running as a VM appliance.

We’ve just launched a brand new web site — it’s cleaner, more intuitive, has better content, and it’s just generally easier to navigate and find the information you’re looking for. Hopefully the site does a good job of explaining what secure file transfer is, and why it’s important to have a secure file transfer strategy.

A few pages I’d point you to just to start:

http://www.biscomdeliveryserver.com (of course)

http://www.biscomdeliveryserver.com/company/why-biscom.html

http://www.biscomdeliveryserver.com/support/faq.html

Happy surfing!

Just had a conversation with Mark Gilbert at Gartner a few days ago. That guy knows his stuff! We updated him on Biscom’s SharePoint development and that we’ll be exhibiting at the Microsoft SharePoint conference this Fall (October 19-22, 2009 in Mandalay Bay, Las Vegas). If you’re a Gartner client and have SharePoint questions, want to know who the players are, and where Microsoft is going with this technology, Mark is the guy to talk to!

A whopping 90% of business leaders surveyed had concerns that SharePoint might enable data theft because they did not have the tools in place to monitor and protect data as it’s being shared. That’s a significant percentage!

BDS is adding a layer of protection that doesn’t come out of the box with SharePoint to provide secure collaboration with external users. Not only does BDS lock down the delivery through a secure file transfer interface, but it also tracks everything so you always know exactly who sent out documents and who accessed them.

VMWare Technology Alliance Partner

We’ve just been certified by VMware as a Technology Alliance Partner at the Select Level which means we have VMware certified engineers on staff, and have basically jumped through a bunch of hoops to demonstrate our expertise.

We’ve actually been running BDS inside virtualized environments since 2005 and we have a fair number of our customers running BDS in a VM today. There are some great benefits to virtualizing, not all of them directly related to our product, but advantages that you should consider.

The advantages of running BDS in a VM are: more efficient use of processing power (which translates into lower power requirements and less rack space), easy separation of tiers for increased security without requiring multiple physical servers, fast re-deployment of the application if a VM goes down, and for the administrator, a centralized management console.

Whether you are already an experienced VM shop, or starting your journey to VM land, know that Biscom is there to support you!

TJX finally settles suits in 41 states for $9.75 million for the huge data breach that exposed up to 94 million accounts. Makes Ben Franklin’s saying “an ounce of prevention is worth a pound of cure” really resonate.

“This settlement ensures that companies cannot write off risk of a data breach as a cost of doing business,” Massachusetts Attorney General Martha Coakley. If you look at the risk reward ratio, it’s pretty skewed. It’s good emprical evidence that investing in security policies and tools is definitely worthwhile.

I just had a talk with Carol Baroudi, Security Research Director at Aberdeen, today. She wrote an excellent, data-driven whitepaper on Secure File Transfer which you can download for free here. Some of you may know Carol from her Internet for Dummies book. She’s updating her SFT whitepaper and wanted to find out what’s new in the secure file transfer space. Well, lots actually!

It made me think about what we’ve been up to in the last 6-12 months here at Biscom. We released version 3.1 of Biscom Delivery Server just last month, added a new compliance role, introduced a Chinese language version of BDS, set up a real-time monitoring tool for watching system activity and user transactions, added support for user quotas and user expiration, and have built new modules for automating many of the manual tasks of sending and receiving files.

One topic we covered quite a bit is the cloud. We’ve been secretly offering a cloud version of BDS for a while now, and will be coming out with an official offering soon. We see a big market for cloud computing, and secure file transfer really fits in nicely as a cloud solution — no CAPEX, reduced management of physical servers, robust performance, scalable performance as demand increases, and often it’s faster because of better availability of bandwidth. We’ve also designed our cloud solution with our premise solution in mind, so customers can start off with our cloud offering, and easily migrate to a premise solution as their needs change. Moving from cloud to premise, end users will not see any change in the user interface or have to change their existing behavior, and all their files and deliveries will still be available. Companies can also go the other way — from a premise to cloud solution just as easily! The hybrid approach that we’re taking offers a lot of flexibility to our customers. Many want to explore the cloud, but would like an easy alternative if they need it brought in-house, or vice versa. Carol calls it “security as you like it,” and I think that’s a perfect description of our hybrid model.