WHITE PAPER. How Encrypting Content in Transit and at Rest Reduces Liabilities and Costs for any Organization SPON. Published August 2011 SPONSORED BY

Size: px
Start display at page:

Download "WHITE PAPER. How Encrypting Content in Transit and at Rest Reduces Liabilities and Costs for any Organization SPON. Published August 2011 SPONSORED BY"

Transcription

1 WHITE PAPER Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr any Organizatin An Osterman Research White Paper Published August 2011 SPONSORED BY!! SPON spnsred by spnsred Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn USA Tel: Fax: twitter.cm/msterman

2 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Executive Summary Crprate cntent is everywhere: in server-based databases; lcal databases; file servers; client devices like desktps, laptps, netbks, smartphnes and tablets; clud-based file transprt and strage systems; instant messaging and Web cnferencing databases; crprate and public scial media databases; prtable media like flash drives, CDs and DVDs; backup tapes; archiving systems; persnal Webmail systems; and hme cmputers amng ther places. The grwing number f emplyees wh wrk remtely, the increasing cnsumerizatin f IT, and the diversity f clud-based cmmunicatin and strage services mean that the places in which crprate data can be stred and frm which it can be sent are grwing in number. And therein lies a critical prblem fr virtually every rganizatin: data is everywhere and mst f it is nt encrypted. That means that sensitive r therwise cnfidential data is pen t intentinal r accidental interceptin, resulting in breaches f data that can have serius cnsequences, including vilatin f statutry requirements t prtect this data, lss f crprate reputatin, expensive remediatin effrts, lss f gdwill amng custmers, lss f revenue and ther fairly nasty results. KEY TAKEAWAYS This white paper discusses fur imprtant pints that shuld be tp-f-mind fr any IT r linef-business crprate decisin maker: Encrypt cntent Sensitive r cnfidential cntent must be encrypted bth in transit, such as when sent via ; and at rest, such as when it is stred n flash drives, FTP servers r in clud-based strage systems. Nt encrypting has serius cnsequences The cnsequences f nt encrypting cntent and subsequently lsing r misplacing it can be very damaging. Encryptin pays fr itself and creates new pprtunities Encryptin can be nt nly a defense against inadvertent r malicius lss f data, but can actually generate a significant return-n-investment. It can als create new business pprtunities, help businesses t retain r gain new custmers, and prvide cmpetitive differentiatin. Encryptin reduces crprate risk Encryptin can reduce crprate risk and the csts assciated with any srt f data breach. ABOUT THIS WHITE PAPER This white paper discusses the many reasns fr encrypting data, bth when it is in transit and at rest. It als prvides a brief verview f DataMtin, the spnsr f this paper Osterman Research, Inc. 1

3 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Cmmunicatins and Cntent Management is Critical THE NUMBER OF VENUES FOR COMMUNICATIONS AND STORAGE IS GROWING The number f tls with which emplyees and thers cmmunicate is grwing, as are the number f places in which crprate cntent can be stred. Fr example, in the typical rganizatin f infrmatin wrkers there are a large number f tls in use: Traditinal cmputing platfrms like desktp cmputers, laptps and netbks. Crprate systems using lcal clients, such as Outlk; crprate systems using Web-based access, such as Outlk Web Access; and persnal Webmail systems. Unified cmmunicatins systems. Crprate instant messaging and Web cnferencing systems, such as IBM Sametime; and cnsumer instant messaging systems, such as Yah! Messenger. Dedicated scial media tls, such as IBM Cnnectins and Jive; and public systems, such as Facebk, Twitter and LinkedIn. File transfer systems in the clud, such as YuSendIt r Bx.net. Remvable cntent strage and transfer devices like flash drives, CDs/DVDs and external hard drives. Mbile devices like smartphnes and tablets. Cntent synchrnizatin services, such as Drpbx. Cntent backup services like Backblaze and Mzy. Cntent archiving services. Vice-ver-IP services, such as Skype. CONSIDER THE TYPICAL ENVIRONMENT During a nrmal wrkday, the typical user will generate, send and stre a significant amunt f cntent: Abut 50 s, including many s replied t r frwarded frm thers Several instant messaging cnversatins via Skype r an instant messaging client Several wrd prcessing dcuments and spreadsheets A presentatin r tw Backed up cpies, ptentially n systems managed by the cmpany and the individual Cntent stred in archiving systems Cntent stred in varius clud-based data centers, ptentially in lcatins arund the wrld 2011 Osterman Research, Inc. 2

4 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Mrever, users will send files via , they might cpy files t a flash drive t take hme t wrk n after dinner, check their wrk frm a hme cmputer, uplad files t a filesharing r desktp synchrnizatin service, back them up fr safekeeping t an external drive, etc. The bttm line is that data resides and is being sent everywhere n multiple devices, in multiple lcatins and n multiple crprate and persnal systems. Mst Cntent is Nt Encrypted CONTENT IS EASY TO INTERCEPT BY UNAUTHORIZED PARTIES Because the vast majrity f s, files and ther cntent are nt sent r stred with any srt f encryptin, they can be easily intercepted and accessed by unauthrized parties, r they can be accidentally leaked in any number f ways. The result is that data breaches are quite cmmn and ccur in a variety f ways. Fr example: In August 2011, it was revealed that sme gvernment fficials in Gld Cast, Queensland, Australia were intercepting s frm blacklisted individuals and sending them t anther fficial fr review i. In July 2011, Estée Lauder ntified its emplyees that a cmpany-issued laptp had been stlen, resulting in the lss f names and Scial Security numbers fr current emplyees, frmer emplyees and cntractrs. ii In June 2011, a survey hsted by Psychiatric Times expsed the names and addresses f survey respndents fr rughly 16 hurs iii. In Nvember 2010, cnfidential medical infrmatin fr a number f patients was ed by a physician at Geisinger Health System t his persnal accunt iv. In late 2010, s sent t a BT Cnnect custmer using the dmain btcnnect.cm wuld be delivered t an entirely different recipient if the dmain was mistakenly typed as btcnnect.c v. BT has since addressed this issue and acquired the latter dmain name. In 2009, a frmer emplyee f Frd Mtr Cmpany cpied 4,000 sensitive crprate dcuments and gave them t Beijing Autmtive Cmpany, his new emplyer vi. Mrever, hundreds f thusands f devices including smartphnes, tablet cmputers, laptps and flash drives are left behind at TSA checkpints, in cabs, in restaurants, and in ther lcatins each year. Fr example, a study by Credant fund that 11,000 mbile devices were left behind at majr US airprts during the preceding 12 mnths vii. All f these errrs and in a small number f cases intentinal thefts f unencrypted data mean that sensitive and cnfidential cntent is quite easy t intercept by unauthrized parties. Add t this the prblems inherent in many crprate FTP systems fr which users share lgin credentials and that stre sensitive infrmatin fr lng perids withut encryptin r any srt f versight. Clud-based services that d nt encrypt data als suffer frm the same prblem Osterman Research, Inc. 3

5 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin USER ARE PRONE TO ERRORS In the curse f ding their wrk, peple make mistakes, smetimes revealing sensitive infrmatin that can be accessed freely in a number f venues. Fr example: The Scial Security numbers fr 20,000 emplyees f Swedish Medical Center in Washingtn State were made accessible n the Internet fr nine weeks during April 2011 viii. It was revealed in May 2011 that an emplyee f San Juan Unified Schl District in central Califrnia stred cnfidential emplyee infrmatin n a flash drive. When the emplyee used that drive fr vlunteer wrk at her church, the cnfidential infrmatin was upladed t a Web site where it was freely available fr abut six mnths ix. In 2009, an emplyee f Rcky Muntain Bank mistakenly sent sensitive infrmatin t the wrng Gmail address and included a cnfidential attachment that never shuld have been sent x. Because the unintended recipient never respnded t the sender, the bank sued Ggle t determine the identity f the recipient. VENDORS AND PROVIDERS ARE ALSO PRONE TO ERRORS Vendrs and prviders f varius services are als prne t errrs that can reveal sensitive r cnfidential infrmatin: On June 19, 2011, Drpbx updated its cde and inadvertently allwed access t every Drpbx accunt fr abut fur hurs befre reslving the prblem xi. During that time, a hacker was able t dwnlad Drpbx custmer data frm a number f accunts xii. In late 2010, a cnfiguratin errr allwed Micrsft BPOS custmers t dwnlad address bk infrmatin fr ther BPOS custmers fr abut tw hurs xiii. ENCRYPTION IS NOT MORE WIDELY USED FOR SEVERAL REASONS All f the examples nted abve revealed sensitive r cnfidential infrmatin that was nt encrypted fr ne reasn r anther. While the risk frm all f these expsures culd have been made mt thrugh the use f encryptin, mst rganizatins and users d nt use encryptin t prtect data fr a variety f reasns: There is a perceptin that many encryptin slutins are simply t difficult t use r they require t much user invlvement. By nature, many peple (and rganizatins) tend t be reactive and nt practive they will react t the lss f a laptp cmputer r accidental psting f sensitive infrmatin by implementing encryptin r prcedures t prtect data, but they will nt take these steps befre a breach ccurs. Sme slutins have a lack f transparency, autmatin and pr key management schemes that inhibit their deplyment and use. Many users believe that passwrd prtectin fr a file r a laptp is sufficient t prevent unauthrized access t this cntent and s view encryptin as unnecessary Osterman Research, Inc. 4

6 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Many lder encryptin schemes were nt scalable and required a significant amunt f effrt t maintain. While that is n lnger the case with the bulk f encryptin slutins ffered tday, many still hld t this utdated perceptin f the difficulties assciated with encryptin. What Happens if Cntent is Nt Encrypted? DATA BREACH LAWS CAN BE VIOLATED Frty-six f the 50 US states, as well as the US Virgin Islands, Puert Ric and the District f Clumbia, nw have laws n the bks that require individuals t be ntified if a data breach has ccurred. Alberta als passed a similar prvisin in 2010 that was incrprated int its Persnal Infrmatin Prtectin Act xiv. Status f US Data Breach Ntificatin Laws In July 2011, tw bills were intrduced t the US Senate the Data Security Act f 2011 and the Data Breach Ntificatin Act f 2011 xv that wuld require ntificatin when cnsumer data was breached r might have been cmprmised in sme way. These jin ther US federal bills, including the Secure and Frtify Electrnic Data Act, the Best Practices Act, and the Cnsumer 2011 Osterman Research, Inc. 5

7 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Privacy Prtectin Act. Mst cuntries arund the wrld have passed data breach ntificatin laws in ne frm r anther. Mrever, there are many regulatry bligatins that culd als be vilated by a breach f unencrypted data, including: Gramm-Leach-Bliley Act (GLBA) GLBA requires that financial institutins prtect infrmatin cllected abut individuals, including names, addresses and phne numbers; bank and credit card accunt numbers; incme and credit histries; and Scial Security numbers. The Act gives authrity t eight federal agencies and the states t administer and enfrce the Financial Privacy Rule (16 CFR Part 313) and the Safeguards Rule (16 C.F.R. Part 314). GLBA als addresses steps that cmpanies shuld take in the event f a security breach, such as ntifying cnsumers, ntifying law enfrcement if the breach has resulted in identity theft r related harm, and ntifying credit bureaus and ther businesses that may be affected by the breach. Payment Card Industry Data Security Standard (PCI DSS) PCI DSS encmpasses a set f requirements fr prtecting the security f cnsumers and thers payment accunt infrmatin. It includes prvisins fr building and maintaining a secure netwrk, encrypting cardhlder data when it is sent ver public netwrks and assigning unique IDs t each individual that has access t cardhlder infrmatin. Financial Industry Regulatry Authrity (FINRA) In late December 2010, FINRA amended Rule 8210 t include a requirement fr the encryptin f all electrnic media that is sent frm member rganizatins t FINRA. Encryptin must be 256-bit r higher and FINRA staff members must receive the keys r decryptin prcess independently frm the sent files. This requirement, set frth in Regulatry Ntice xvi, applies even if the files that are sent d nt cntain persnal infrmatin. Health Insurance Prtability and Accuntability Act (HIPAA) HIPAA addresses the use and disclsure f an individual's health infrmatin. It defines and limits the circumstances in which an individual's prtected health infrmatin (PHI) may be used r disclsed by cvered entities, and states that cvered entities must establish and implement plicies and prcedures t prtect PHI. Penalties fr vilatins are up t $25,000 and $1.5 millin, depending n when the vilatins ccurred. Further, an individual wh knwingly btains r disclses individually identifiable health infrmatin may face a criminal penalty f up t $50,000 and up t ne-year imprisnment. There is a specificatin fr encryptin f health infrmatin cmmunicated ver any netwrk fr which the transmitter cannt cntrl access (45 CFR Part [d][1][ii]. It is als imprtant t nte that if an unencrypted that cntains PHI is sent acrss the Internet, a vilatin f HIPAA may have ccurred even if the was nt intercepted. The mere fact that this cntent is available fr review by an Internet service prvider r anther third party can expse an rganizatin t penalties under HIPAA. Cnversely, hwever, if encrypted infrmatin is expsed (e.g., the intentinal r unintentinal inapprpriate release f an encrypted file cntaining HIPAA-regulated data) this des nt cnstitute a breach under HIPAA rules. In ther wrds, data can be lst r therwise 2011 Osterman Research, Inc. 6

8 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin expsed withut cnsequence but nly if it is encrypted. As part f American Recvery and Reinvestment Act f 2009 (ARRA), the prvisins f HIPAA have been significantly expanded. A key cmpnent f ARRA is the Health Infrmatin Technlgy fr Ecnmic and Clinical Health Act (HITECH) that includes expansin f HIPAA business partners f entities already cvered by HIPAA like pharmacies, healthcare prviders and thers. The new HIPAA will nw include attrneys, accunting firms, external billing cmpanies and thers that d business with cvered entities. UK Data Prtectin Act (DPA) The DPA impses requirements n businesses perating in the United Kingdm t prtect the security f persnal infrmatin and t preserve infrmatin nly as lng as it necessary t d s. The Act requires, at least by implicatin, requirements fr encrypted transmissin f persnal infrmatin and its secure retentin. Persnal Infrmatin Prtectin and Electrnic Dcuments Act (PIPEDA) PIPEDA is a Canadian privacy law that applies t all private cmpanies perating in Canada. Like many ther privacy laws, it requires that persnal infrmatin be stred and transmitted securely. Canada s Privacy Act, in place since 1983, prtects the persnal infrmatin cllected by gvernment institutins. US STATE ENCRYPTION LAWS CAN BE VIOLATED In Oct. 1, 2008, a Nevada law (Nev. Rev. Stat [2005]) went int effect stating that: A business in this State shall nt transfer any persnal infrmatin f a custmer thrugh an electrnic transmissin ther than a facsimile t a persn utside f the secure system f the business unless the business uses encryptin t ensure the security f electrnic transmissin. Such persnal infrmatin includes an individual s first name r first initial and last name, alng with details like a Scial Security number, driver s license number r credit card number with security cde. Law experts say that since the Nevada law desn't define a custmer, the rules culd be interpreted as applying t custmers regardless f where they reside. A mre stringent law, Standards fr the Prtectin f Persnal Infrmatin f Residents f the Cmmnwealth (201 CMR 17.00), tk effect in Massachusetts in March The law mandates that persnal infrmatin a cmbinatin f a name alng with a Scial Security number, bank accunt number r credit card number be encrypted when stred n prtable devices, when transmitted wirelessly r when transmitted n public netwrks. The law affects persns wh wn, license, stre r maintain persnal infrmatin abut Massachusetts residents. OTHER CONSEQUENCES In additin t vilating statutry requirements t prtect data, rganizatins that experience a breach f unencrypted data can experience a number f ther cnsequences, including: Damage t crprate reputatin One f the mst significant csts f breaching unencrypted data can be lss f crprate reputatin. While this may nt necessarily impact the gdwill cmpnent f an affected rganizatin s balance sheet, it can have a very serius impact n a cmpany s reputatin in the cntext f its stck price. Fr example, Heartland Payment Systems annunced a majr 2011 Osterman Research, Inc. 7

9 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin data breach in January 2009, after which its stck price fell by mre than 50% in a very shrt perid. Lss f custmers Sme custmers may be reluctant t d business with a firm that has lst its cnfidential infrmatin, simply because f the lss f trust that fllws any such breach. Fr example, the Pnemn Institute estimates that a US-based financial services firm culd lse 5.2% f the custmers it infrms f a data breach xvii. CyberFactrs estimates that Epsiln culd lse up t $45 millin in business as a result f its data breach in April 2011 xviii. Expensive remediatin csts The direct cst t infrm custmers f a data breach via pstal mail can be several dllars per custmer, ptentially resulting in an immediate cst f several tens r hundreds f thusands dllars in cmmunicatin expenses depending n the size f the data breach. Mrever, sme cmpanies may be cmpelled t prvide free credit reprting services t affected custmers fr example, a US senatr is calling fr Sny t prvide such services t its PlayStatin custmers fr tw years as a result f the cmpany s data breach in April 2011 xix. ENCRYPTION CAN MITIGATE CORPORATE RISK By using encryptin, an rganizatin can mitigate its risk frm a data breach in tw imprtant ways: Minimize the risk f data lss after a breach While the lss f a laptp, smartphne, backup tape, data frm hacked servers, etc. is never a fun experience fr any rganizatin r the individual wh misplaced it r had it stlen, the lss f encrypted data typically carries with it few ramificatins beynd the lss f the device r media itself. Minimize the required respnse Mre imprtantly, hwever, an rganizatin that lses encrypted data nrmally des nt have t reprt the lss t the individuals whse data was breached. Fr example: Califrnia s Civil Cde Sectin reads, in part, Any persn r business that cnducts business in Califrnia, and that wns r licenses cmputerized data that includes persnal infrmatin, shall disclse any breach f the security f the system fllwing discvery r ntificatin f the breach in the security f the data t any resident f Califrnia whse unencrypted persnal infrmatin was, r is reasnably believed t have been, acquired by an unauthrized persn. [Emphasis added] If Prtected Health Infrmatin (PHI) is breached, the HIPAA Security Rule requires ntificatin f the breach be sent t patients, the US Department f Health and Human Services and lcal media (if mre than 500 recrds are breached). Hwever, if the breached data was encrypted, patients d nt have t be ntified Osterman Research, Inc. 8

10 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin What t d Next Osterman Research recmmends that any rganizatin undertake a fur-step prcess in evaluating their need fr encryptin: Cnsider the cnsequences f nt encrypting data First and fremst, decisin makers need t understand just hw serius a data breach can be in a variety f cntexts. Fr example, lsing internal data like trade secrets can have majr implicatins n new prduct develpment effrts and verall cmpetitiveness. Wrse, if cnfidential data is stlen and psted t a public Web site, there are scenaris in which a cmpany can actually lse its wnership f thse trade secrets. Lsing custmer infrmatin can als have damaging impacts as nted earlier in this reprt, including direct csts that can be in the millins f dllars, as well as indirect and lng-term csts that can be much higher. Althugh the csts f a data breach can be difficult t quantify, even a back-f-the-envelpe calculatin can be useful in quantifying what culd happen in the event unencrypted data is lst. Fr example, lsing 50,000 custmer recrds culd cst: $5 per custmer t create and send a ntificatin letter, r $250,000 in ttal. $10 per custmer fr credit reprting services fr ne year, r $500,000 in ttal. $500 in lst future business fr 5% f custmers affected, r $1,250,000 in ttal. Develp a return-n-investment (ROI) case fr cntent encryptin Next, it s imprtant t develp an ROI case fr cntent encryptin instead f viewing encryptin as just anther cst f ding business. Fr example, let s assume the fllwing fr a 500-persn cmpany: Encryptin capabilities will cst $25 per user per year. A majr data breach wuld cst $2 millin, as in the example abve. There is nly a 10% chance f a data breach ccurring within the next three years. Using these assumptins, we can determine that: Encryptin capabilities will cst $37,500 ver three years ($25 x 500 x 3). Using a quantitative business analysis apprach, the cst f a data breach will be $200,000 ($2 millin x 10% prbability f its ccurrence). As a result, the three-year ROI fr an encryptin slutin will be 333% based n the fllwing frmula fr ROI (where the return is the avidance f the csts assciated with a data breach): Return Investment Investment = ROI $200,000 $37,500 $37,500 = 333% 2011 Osterman Research, Inc. 9

11 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin It is als imprtant t nte, hwever, that encryptin is nt simply abut the avidance f prblems encryptin can als be used t retain custmers, generate new business pprtunities, prvide better custmer service, imprving custmer cnfidence, etc. Fr example, if we assume that an encryptin system used by a brkerage huse will enable it t retain and win a net f 1,000 new custmers ver a three-year perid, and that each new r retained custmer will generate $150 in brkerage fees during a three-year perid, the additinal revenue f $250,000 will generate ROI f 300%: $150,000 $37,500 $37,500 = 300% Develp plicies fcused n prtecting cntent Next, develp plicies fr prtecting cntent. These shuld include emplyee-fcused plicies that spell ut the need t use encryptin n any cmpany-wned r persnal smartphne, laptp, flash drive, tablet, desktp cmputer, CD, DVD, etc.; and the requirement t send cnfidential infrmatin in a secure manner when it is transmitted via , file transfer systems, instant messaging systems, via scial media r physically. Mrever, plicies shuld be implemented that will discuss hw sensitive and cnfidential infrmatin needs t be encrypted when stred n file servers, FTP systems, cllabratin databases, dcument management systems, r when sent frm -generating applicatins. These plicies shuld clearly lay ut the cnsequences f vilating crprate encryptin plicies and the use f persnal devices fr wrk-related applicatins, particularly when used t send, receive r stre sensitive infrmatin. Deply the right technlgies and services that will prtect yur rganizatin Finally, the apprpriate technlgies need t be implemented that will prtect all sensitive and cnfidential infrmatin bth at rest and in transit we fcus n this in the next sectin f the white paper. It is als imprtant t nte that mnitring and plicy-based encryptin technlgies can be a useful tl in training emplyees abut hw t handle sensitive infrmatin and why encryptin is necessary. An Osterman Research study cnducted during February 2011 asked IT decisin makers in mid-sized and large rganizatins in Nrth America hw they wuld want t handle varius situatins invlving vilatins f crprate plicy. Fr example, in utbund cntent scanning systems, 48% f decisin makers wuld like t see a pp-up reminder appear if sensitive cntent were being sent unencrypted thrugh r in sme ther utbund system. Such a pp-up can be useful in sensitizing users t the need fr encryptin and t be mre careful abut hw sensitive data is handled. Steps t Creating an Encryptin Strategy Once decisin makers decide that they need an encryptin strategy (and every ne f them shuld cme t this cnclusin), there are several steps in develping the strategy: 2011 Osterman Research, Inc. 10

12 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin View encryptin as part f the verall crprate cmpliance strategy First and fremst, encryptin must be viewed hlistically as part f an rganizatin s verall cmpliance strategy. N cmpany can claim t be cmpliant with HIPAA, Gramm- Leach-Bliley, state data breach ntificatin laws, PIPEDA, the Data Prtectin Act, ther laws fcused n data prtectin, r industry best practice if it des nt have the ability t encrypt cntent bth in transit and at rest. As a result, every initiative fcused n cmpliance must als include a full discussin abut hw data will be encrypted. Understand all f yur bligatins t prtect data As nted abve, rganizatins must understand all f their data prtectin bligatins. This includes all f the statutes in the US states, Canadian prvinces r cuntries in which they d business tday r plan t d business in the future. It als includes understanding legal precedents that have been established when privacy rights were vilated. The key here is t get advice frm internal and external legal cunsel and develp a crss-functinal understanding f needs acrss the rganizatin in ther wrds, making sure that legal cunsel, the CIO, IT management, line-f-business decisin makers and ther relevant rles in an rganizatin knw each ther and penly talk abut what they must d t prtect cntent. Understand what sensitive data yu have, wh accesses it, where it is lcated, and the ptential risks frm nt encrypting it Organizatins need t cnduct an inventry f their data acrss the entire rganizatin, lking fr data wherever it may be fund and evaluating its sensitivity and the need t encrypt it. Frankly, this may be a difficult undertaking withut the right tls in place, since the venues in which data is lcated can be enrmus, including desktp cmputers, laptp cmputers, smartphnes, tablets, file servers, applicatin databases, flash drives, emplyees hme cmputers, backup tapes, disk-based backup systems, archives, Web servers, etc., etc., etc. Lk fr pprtunities t imprve prcesses with encryptin It is imprtant t nte that encryptin shuld nt be viewed as a purely defensive strategy. On the cntrary, the use f encryptin can enable an rganizatin t create new business pprtunities, gain cmpetitive advantage, r enable custmer stickiness. Fr example, a bank that ffers the ability t cmmunicate with custmers via encrypted r chat fr activities like accunt dispute reslutin r lan applicatins will have a clear advantage ver their cmpetitrs that d nt ffer these capabilities. Similarly, internal prcesses can als be imprved by using encryptin such as, enabling remte emplyees t cmmunicate securely using their persnal devices, r by allwing greater sharing f sensitive infrmatin with internal parties because f the assurance that nly authrized individuals will have access t it. Mrever, existing cmmunicatin prcesses might be replaced with mre efficient nes, such as replacing fax with secure . Fcus n the key issues Organizatins must als cnsider and evaluate the myriad tpics related t encryptin, including: 2011 Osterman Research, Inc. 11

13 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Key management Central auditing and tracking f encrypted devices Digital rights management and persistent cntrls ver encrypted data Hw encryptin can create issues with finding and discvering data fr e-discvery r cmpliance purpses Hw t implement slutins that prtect data and make it discverable Hw encryptin can interfere with malware scanning and hw t slve this prblem The technlgies and services that are available that can insulate internal decisin makers frm sme r all f these decisins. Anther imprtant issue that rganizatins might want t cnsider in the cntext f their encryptin evaluatin is that f authenticatin and the rle that risk-based authenticatin might play. Risk-based authenticatin is useful in the verall discussin abut encryptin, since it matches the authenticatin scheme used t access a particular type f data r repsitry, the cnsequences f a breach f this data, and the risk assciated with hw this data is accessed. While authenticatin and encryptin are different tpics, it makes sense t cnsider them as part f the risk mitigatin discussin. Ensure that systems are easy t use It is imperative that any encryptin system is easy t use fr bth the sender and recipient r it simply will nt be used. This is particularly imprtant fr data in transit, since tw parties are invlved instead f just a single party wh is trying t access stred cntent. If an encryptin scheme is t difficult t use, r if recipients are cnfused abut hw t pen an encrypted message, this cnfusin will be felt by the custmer in the frm f slwer message delivery and increased supprt requirements. As part f the ease f use discussin, decisin makers shuld cnsider any encryptin system s interface intuitiveness, hw the system handles files, the number f clicks required t access cntent, and the prvisin f self-service access fr passwrd resets. Evaluate yur deplyment ptins There are a number f deplyment ptins fr encryptin capabilities designed fr data in transit, including slutins that are n-premise, in the clud r are a hybrid f these appraches. Mrever, there are many encryptin slutins fr static cntent f varius types, such as data n file servers, n desktps r laptps, n flash drives, r when burned t media like CDs r DVDs. Measure results befre and after Finally, it is imprtant t measure the befre and after pictures f the rganizatin in the cntext f hw encryptin has enabled risk t be reduced, business prcesses t be imprved, and new business pprtunities t be realized. This will help decisin makers nt nly t determine the ROI they are realizing frm the use f encryptin, but als hw encryptin can be imprved and additinal benefits realized Osterman Research, Inc. 12

14 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin Summary Mst rganizatins d nt encrypt their sensitive and cnfidential data either in transit r at rest. Cnsequently, they incur greater risks because the grwing amunt f data and the increasing number f places in which it is stred makes access t this data by unauthrized parties mre likely. When data is breached, either accidentally r with malicius intent, rganizatins face expensive remediatin csts, lss f crprate reputatin, lss f future business and ther prblems. In rder t cmply with regulatry, legal and best practice bligatins as well as simple cmmn sense rganizatins shuld encrypt sensitive and cnfidential data anywhere it might be fund. Encryptin can nt nly prvide a slid defense against inadvertent lss r malicius theft f data, but it can generate a psitive ROI and generate new business pprtunities that wuld nt therwise be pssible. Spnsr f This Reprt DataMtin is a leader in encryptin slutins that enable businesses t safely and easily transact with partners and custmers in the clud. Organizatins in diverse industries such as healthcare, financial services and gvernment lk t us every day fr easy t use, affrdable, secure and file transfer slutins. DataMtin, Inc. 35 Airprt Rad Suite 120 Mrristwn, NJ USA The DataMtin Secur slutin applies military grade encryptin t yur s and attachments, including thse sent via smartphne, allwing them t travel acrss the Internet untuched and safe. Our simple, easy t use slutin ffers exceptinal benefits: Fr ur clients in regulated industries such as financial services and healthcare, reducing regulatry risk expsure is critical. Secur ensures cmpliance with regulatins including HIPAA/HITECH, and PCI, and GLBA. Fr ur clients cncerned abut the privacy f their custmer data, emplyee data, and intellectual prperty, Secur ffers rck slid prtectin fr their data, image and market reputatin. Fr ur clients wh want t streamline and imprve business prcesses, Secur is an utstanding tl. Our clients regularly reprt reduced peratinal csts, and better custmer service metrics when they use Secur fr sending and receiving files and cmmunicatins. Best f all, Secur addresses the biggest cncerns assciated with encryptin slutins: 2011 Osterman Research, Inc. 13

15 Hw Encrypting Cntent in Transit and at Rest Reduces Liabilities and Csts fr Any Organizatin! Secur is exceptinally easy t use fr the senders and recipients.! Secur integrates with existing infrastructure and wrkflws, s there s nthing t rip and replace.! And the ROI fr Secur starts n Day 1. Our slutins are clud-based s there is n IT verhead, and custmers are up and running quickly with little t n training. Organizatins start securing messages and cutting pstage and curier csts right away. Slutins are available as hsted services r n-premise sftware Osterman Research, Inc. All rights reserved. N part f this dcument may be reprduced in any frm by any means, nr may it be distributed withut the permissin f Osterman Research, Inc., nr may it be resld r distributed by any entity ther than Osterman Research, Inc., withut prir written authrizatin f Osterman Research, Inc. Osterman Research, Inc. des nt prvide legal advice. Nthing in this dcument cnstitutes legal advice, nr shall this dcument r any sftware prduct r ther ffering referenced herein serve as a substitute fr the reader s cmpliance with any laws (including but nt limited t any act, statue, regulatin, rule, directive, administrative rder, executive rder, etc. (cllectively, Laws )) referenced in this dcument. If necessary, the reader shuld cnsult with cmpetent legal cunsel regarding any Laws referenced herein. Osterman Research, Inc. makes n representatin r warranty regarding the cmpleteness r accuracy f the infrmatin cntained in this dcument. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. i ii iii iv v vi vii viii ix x xi xii xiii xiv xv xvi xvii xviii xix Surce: PrivacyRights.rg Surce: PrivacyRights.rg Surce: PrivacyRights.rg Osterman Research, Inc. 14

The Cost Benefits of the Cloud are More About Real Estate Than IT

The Cost Benefits of the Cloud are More About Real Estate Than IT y The Cst Benefits f the Clud are Mre Abut Real Estate Than IT #$#%&'()*( An Osterman Research Executive Brief Published December 2010 "#$#%&'()*( Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

WHITE PAPER SPON. The Need for Enterprise-Grade File Sharing and Synchronization. Published August 2012 SPONSORED BY. An Osterman Research White Paper

WHITE PAPER SPON. The Need for Enterprise-Grade File Sharing and Synchronization. Published August 2012 SPONSORED BY. An Osterman Research White Paper WHITE PAPER N The Need fr Enterprise-Grade Synchrnizatin An Osterman Research White Paper Published August 2012 spnsred by spnsred by SPONSORED BY SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

WHITE PAPER SPON. The Need for Enterprise-Grade File Sharing and Synchronization. Published August 2012 SPONSORED BY. An Osterman Research White Paper

WHITE PAPER SPON. The Need for Enterprise-Grade File Sharing and Synchronization. Published August 2012 SPONSORED BY. An Osterman Research White Paper WHITE PAPER N The Need fr Enterprise-Grade Synchrnizatin An Osterman Research White Paper Published August 2012 spnsred by spnsred by SPONSORED BY SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black

More information

WHITE PAPER SPON. Archiving 2.0: What Can You Do Next? Published February 2015 SPONSORED BY. An Osterman Research White Paper.

WHITE PAPER SPON. Archiving 2.0: What Can You Do Next? Published February 2015 SPONSORED BY. An Osterman Research White Paper. WHITE PAPER N Archiving 2.0: What Can Yu D An Osterman Research White Paper Published February 2015 SPONSORED BY SPON spnsred by spnsred by Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information

New York Institute of Technology Faculty and Staff Email Retention Policy

New York Institute of Technology Faculty and Staff Email Retention Policy New Yrk Institute f Technlgy Faculty and Staff Email Retentin Plicy Nvember 2013 I. PURPOSE As electrnic mail (email) has becme the primary frm f cmmunicatin at NYIT and thrughut the wrld, the vlume f

More information

WHITE PAPER SPON. Important Issues to Consider Before Migrating to a New Version of Exchange. Published August 2011 SPONSORED BY

WHITE PAPER SPON. Important Issues to Consider Before Migrating to a New Version of Exchange. Published August 2011 SPONSORED BY WHITE PAPER N Imprtant Issues t Cnsider Befre Migrating t a New Versin f Exchange An Osterman Research White Paper Published August 2011 SPONSORED BY SPON spnsred by spnsred by Osterman Research, Inc.

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

WHITE PAPER SPON. The Need for Enterprise-Grade File Sharing and Synchronization. Published July 2012 SPONSORED BY. An Osterman Research White Paper

WHITE PAPER SPON. The Need for Enterprise-Grade File Sharing and Synchronization. Published July 2012 SPONSORED BY. An Osterman Research White Paper WHITE PAPER N The Need fr Enterprise-Grade Synchrnizatin An Osterman Research White Paper Published July 2012 spnsred by spnsred by SPONSORED BY spnsred by SPON spnsred by spnsred by Osterman Research,

More information

PRIVACY POLICY Last revised: April 2015

PRIVACY POLICY Last revised: April 2015 PRIVACY POLICY Last revised: April 2015 ACD, LLC, and its affiliates (cllectively, we, us, ur ) understand that privacy is imprtant t ur cnsumers and want yu t make knwledgeable decisins abut the infrmatin

More information

Mobile Workforce. Improving Productivity, Improving Profitability

Mobile Workforce. Improving Productivity, Improving Profitability Mbile Wrkfrce Imprving Prductivity, Imprving Prfitability White Paper The Business Challenge Between increasing peratinal cst, staff turnver, budget cnstraints and pressure t deliver prducts and services

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop. Web Develpment Offshre Develpment Outsurcing SEO ACTIVITY MONITOR This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it

More information

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013 Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library

More information

WHITE PAPER SPON. The Need for Enterprise-Grade File Sync and Share. Published February 2015 SPONSORED BY. An Osterman Research White Paper

WHITE PAPER SPON. The Need for Enterprise-Grade File Sync and Share. Published February 2015 SPONSORED BY. An Osterman Research White Paper WHITE PAPER N The Need fr Enterprise-Grade An Osterman Research White Paper Published February 2015 SPONSORED BY spnsred by SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

What Information Is Collected and How Is It Collected?

What Information Is Collected and How Is It Collected? RCI PRIVACY NOTICE RCI Pacific Pty Ltd is cncerned abut privacy issues and wants yu t be familiar with hw we cllect, use and disclse infrmatin. This Privacy Ntice describes ur practices in cnnectin with

More information

Creating an Ethical Culture and Protecting Your Bottom Line:

Creating an Ethical Culture and Protecting Your Bottom Line: Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

Online Banking Agreement

Online Banking Agreement Online Banking Agreement 1. General This Online Banking Agreement, which may be amended frm time t time by us (this "Agreement"), fr accessing yur Clrad Federal Savings Bank accunt(s) via the Internet

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Employees - recruitment, records and monitoring

Employees - recruitment, records and monitoring Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

We will record and prepare documents based off the information presented

We will record and prepare documents based off the information presented Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we

More information

Texas Woman's University University Policy Manual

Texas Woman's University University Policy Manual Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September

More information

A. Early Case Assessment

A. Early Case Assessment Electrnic Discvery Reference Mdel Standards fr the identificatin f electrnically stred infrmatin in discvery http://www.edrm.net/resurces/standards/identificatin A. Early Case Assessment Once a triggering

More information

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy AHLA C. Big Data, Clud Cmputing and the New Wrld Order fr Health Care Privacy Marti Arvin Chief Cmpliance Officer UCLA David Geffen Schl f Medicine Ls Angeles, CA Kirk J. Nahra Wiley Rein LLP Washingtn,

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Better Practice Guide Financial Considerations for Government use of Cloud Computing Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.

More information

Data Protection: Regulating Cyber Security. Jonathan Bamford Head of Strategic Liaison

Data Protection: Regulating Cyber Security. Jonathan Bamford Head of Strategic Liaison Data Prtectin: Regulating Cyber Security Jnathan Bamfrd Head f Strategic Liaisn Hw des DP regulatin affect cyber security? Data Prtectin Act 1998: apprpriate security Privacy and Electrnic Cmmunicatin

More information

Network Security Trends in the Era of Cloud and Mobile Computing

Network Security Trends in the Era of Cloud and Mobile Computing Research Reprt Abstract: Netwrk Security Trends in the Era f Clud and Mbile Cmputing By Jn Oltsik, Senir Principal Analyst and Bill Lundell, Senir Research Analyst With Jennifer Gahm, Senir Prject Manager

More information

Internet and E-Mail Policy User s Guide

Internet and E-Mail Policy User s Guide Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin

More information

7 October 2011. Re: Themed Inspection into Third Party Personal Injury Claims. Dear

7 October 2011. Re: Themed Inspection into Third Party Personal Injury Claims. Dear 7 Octber 2011 Re: Themed Inspectin int Third Party Persnal Injury Claims Dear During 2011 the Central Bank f Ireland ( Central Bank ) undertk a themed inspectin prject in relatin t the prcessing f third

More information

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm 2

More information

Virtual Meetings and Virtual Teams Using Technology to Work Smarter

Virtual Meetings and Virtual Teams Using Technology to Work Smarter http://www.psu.edu/president/pia/innvatin/ INNOVATION INSIGHT SERIES NUMBER 9 Virtual Meetings and Virtual Teams Using Technlgy t Wrk Smarter Yu need t have a meeting. Sme f the peple yu d like t include

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

WHITE PAPER SPON. The Critical Importance of Archiving in the Financial Services Industry. Published November 2011 SPONSORED BY

WHITE PAPER SPON. The Critical Importance of Archiving in the Financial Services Industry. Published November 2011 SPONSORED BY WHITE PAPER N The Critical Imprtance f Archiving in the Financial Services Industry An Osterman Research White Paper Published Nvember 2011 spnsred by SPONSORED BY SPON spnsred by Osterman Research, Inc.

More information

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future In-Huse Cunsel Day Pririties fr 2012 Clud Cmputing the benefits, ptential risks and security fr the future Presented by David Richardsn Thursday 1 March 2012 WIN: What in-huse lawyers need Knwledge, supprt

More information

Internet Banking Agreement and Disclosure Statement

Internet Banking Agreement and Disclosure Statement Internet Banking Agreement and Disclsure Statement This agreement cntains the terms and cnditins that gvern accessing r using Internet Banking (NetTeller), Bill Payment Services, Mbile Banking and On Demand

More information

Disk Redundancy (RAID)

Disk Redundancy (RAID) A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.

More information

WHITE PAPER SPON. Best Practices for File Sharing. Published September 2014 SPONSORED BY. An Osterman Research White Paper. sponsored by.

WHITE PAPER SPON. Best Practices for File Sharing. Published September 2014 SPONSORED BY. An Osterman Research White Paper. sponsored by. WHITE PAPER N Best Practices fr File Sharing An Osterman Research White Paper Published September 2014 spnsred by SPONSORED BY π spnsred by SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black Diamnd,

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

Small Business Fraud Custom Study among Small Business Owners Conducted for SunTrust Banks/National Small Business Association/Edelman

Small Business Fraud Custom Study among Small Business Owners Conducted for SunTrust Banks/National Small Business Association/Edelman Small Business Fraud Custm Study amng Small Business Owners Cnducted fr SunTrust Banks/Natinal Small Business Assciatin/Edelman Octber 17, 2007 Objective & Methdlgy Objective In cllabratin with SunTrust

More information

WHITE PAPER SPON. The Critical Need for Enterprise-Grade File Sync and Share Solutions. Published August 2015. An Osterman Research White Paper

WHITE PAPER SPON. The Critical Need for Enterprise-Grade File Sync and Share Solutions. Published August 2015. An Osterman Research White Paper WHITE PAPER Grade File Sync and Share An Osterman Research White Paper Published August 2015 spnsred by spnsred by SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn 98010-1058

More information

Corporations Q&A. Shareholders. 2006 Edward R. Alexander, Jr.

Corporations Q&A. Shareholders. 2006 Edward R. Alexander, Jr. Crpratins Q&A. What is a crpratin and why frm ne? A crpratin is a business entity that is separate and distinct frm its wners. It can enter cntracts, sue and be sued withut invlving its wners (the sharehlders).

More information

BYOD and Cloud Computing

BYOD and Cloud Computing BYOD and Clud Cmputing AIIM First Canadian Chapter May 22, 2014 Susan Nickle, Lndn Health Sciences Centre Chuck Rthman, Wrtzmans Sheila Taylr, Erg Infrmatin Management Cnsulting Clud cmputing Agenda What

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Osterman Research User Guides

Osterman Research User Guides Osterman Research User Guides Hw t Evaluate and Chse a Messaging Archival Slutin 2006 Editin Osterman Research, Cntural and RITE Chice have published a user guide that will help rganizatins f all sizes

More information

WHITE PAPER SPON. Protecting Mobile Devices from Malware Attack. Published March 2015. An Osterman Research White Paper. sponsored by.

WHITE PAPER SPON. Protecting Mobile Devices from Malware Attack. Published March 2015. An Osterman Research White Paper. sponsored by. WHITE PAPER N Prtecting Mbile Devices frm An Osterman Research White Paper Published March 2015 spnsred by SPON spnsred by Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn 98010-1058 USA Tel:

More information

MigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200

MigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200 MigratinWiz HIPAA Cmpliant Migratin Fcus n data migratin, nt regulatin. BitTitan Glbal Headquarters: 3933 Lake Washingtn Blvd NE Suite 200 Table f Cntents Kirkland, WA 98033 www.bittitan.cm sales@bittitan.cm

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

WHITE PAPER SPON. Understanding the Benefits of Online Backup and Data Synchronization. Published September 2011 SPONSORED BY

WHITE PAPER SPON. Understanding the Benefits of Online Backup and Data Synchronization. Published September 2011 SPONSORED BY WHITE PAPER Understanding the Benefits f Online Backup and Data Synchrnizatin An Osterman Research White Paper Published September 2011 SPONSORED BY by SPON spnsred by Osterman Research, Inc. P.O. Bx 1058

More information

Columbine Federal Credit Union ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE

Columbine Federal Credit Union ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE Clumbine Federal Credit Unin ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE 1. Online Banking/Bill Payment 2. Online Banking/ Bill Payment Limitatins 3. Online Bill Payment

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Agency Operations Plan 2015-17

Agency Operations Plan 2015-17 Agency Operatins Plan 2015-17 Agency: Nrth Dakta Public Emplyees Retirement System (NDPERS) Line f Business: (ptinal) The Public Emplyees Retirement System is the administratr f several emplyee benefit

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

Ensuring end-to-end protection of video integrity

Ensuring end-to-end protection of video integrity White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring

More information

Getting Followers to Follow After a Sale

Getting Followers to Follow After a Sale Getting Fllwers t Fllw After a Sale 12 December 2014 Overview Scial media is a phenmenn that is gaining mmentum in ppularity by the day. Scial media prviders (SMPs) prvide services that allw users t interact

More information

UNIVERSITY OF WINCHESTER

UNIVERSITY OF WINCHESTER UNIVERSITY OF WINCHESTER INTRODUCTION DEBT MANAGEMENT POLICY: STUDENTS ACADEMIC YEAR 15/16 This dcument sets ut the plicy f the University in relatin t student debt, alng with the debt management prcedures

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

Introduction to Mindjet MindManager Server

Introduction to Mindjet MindManager Server Intrductin t Mindjet MindManager Server Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 mindjet.cm 2013 Mindjet. All Rights

More information

Bill Payment Agreement & Disclosures

Bill Payment Agreement & Disclosures Bill Payment Agreement & Disclsures Welcme t Online Banking Bill Payment Service. Use f the Bill Payment Service indicates acceptance f terms and cnditins set frth in the Online Banking Agreement & Disclsures

More information

WHITE PAPER SPON. Evaluating Managed File Transfer in the Cloud: What You Need to Know. Published October 2012 SPONSORED BY

WHITE PAPER SPON. Evaluating Managed File Transfer in the Cloud: What You Need to Know. Published October 2012 SPONSORED BY WHITE PAPER N Transfer in the Clud: What Yu Need t Knw An Osterman Research White Paper Published Octber 2012 SPONSORED BY SPON spnsred by spnsred by! Osterman Research, Inc. P.O. Bx 1058 Black Diamnd,

More information