Biscom Delivery Server is now “in process” for FIPS 140-2 certification. FIPS 140-2 (Federal Information Processing Standard) certification is a US Government security standard for accrediting cryptographic modules. The National Institute of Standards and Technology (NIST) defines the cryptography requirements in its FIPS 140-2 publication, and software like BDS must pass the Cryptographic Module Validation Program (CMVP) in order to receive certification. Level 1 is geared towards software solutions, whereas level 2 is required for hardware solutions that have physical security mechanisms.
On the heels of my last blog post about dumpster diving online storage and file sharing services, Wired posted a story on the validity of Dropbox’s claims about their data security.
I guess the bottom line is you have to really understand how applications and services handle your information, and how it may affect your own security policies and requirements, especially SaaS services.
Just got back from the RSA conference in San Francisco last week. It was quite a show — some heavy hitters were in attendance, including Secretary of the Department of Homeland Security Janet Napolitano, FBI director Robert Mueller, and a very cryptic NSA spokesperson. For you geeks out there, Whifield Diffie, Martin Hellman, Ron Rivest, Adi Shamir, and David Chaum played big parts in the keynotes and panels. It was interesting to see both the public and private sectors well represented here compared to previous RSA conferences, and there was definitely more openness between the two. The paranoia level was high, with many keynotes commenting on organized cybercrime, cyberwarfare, cloud security. Janet Napolitano actually tried to recruit hackers and other security talent for DHS in Hollywood-esque fashion!
The sessions were actually quite good, with tracks in application development, law, hackers and threats, data security, policy and government, and governance, risk and compliance. One session I attended on data breaches was interesting; the speaker asked the audience to raise their hands if they had experienced a data breach, and three quarters of the room raised their hands. Data breaches are occurring, and to their credit, companies seem to be aggressively pursuing a strategy of prevention over cure.
We’re hosting a webinar with Derek Brink, VP and Research Director of IT Security at Aberdeen Group. Before joining Aberdeen, Derek was VP of Strategy at RSA, and has deep knowledge of security, encryption, and file transfer technologies. Derek will be discussing the growing threat of internal data breaches and what best in class companies are doing to prevent these problems.
So, mark you calendars for March 11th, 2009 from 1-2pm ET and register for this webinar. You’ll have the opportunity to talk to Derek and also have access to one of Aberdeen’s whitepapers on Secure File Transfer at the end of the webinar.
