nuBLOG

Gary Palgon
Vice President, Product Management
nuBridges

While the trend for businesses to connect electronically with trading partners has grown steadily over the past two decades – first via point-to-point connections followed by a single B2B Gateway or central hub, little or no effort was focused on creating similar exchanges within enterprises.  Yes, application integration was taking place, but control or centralization of file transfers wasn’t even close to being on the radar screen.

But that’s definitely been changing over the last eighteen months, much in part to security as a driver.

Companies of all sizes are revisiting their B2B file transfers to make sure that their external connections are secure, and centralizing them into a single gateway to allow for control and visibility.  This helps with compliance to security mandates as well.  Gartner recently released their Magic Quadrant for B2B Gateway Providers (link to: http://mediaproducts.gartner.com/reprints/microsoft/vol3/article3/article3.html) outlining key requirements and vendors to consider when addressing this.

And on the internal front, the same is taking place to secure file transfers within the four walls of the enterprise, often to lock-down credit card information, other personally identifiable information (PII) and sensitive business data.  Gartner also recently released their Magic Quadrant for Managed File Transfer (link to: http://www.gartner.com/DisplayDocument?id=703819) outlining the same for the internal view. 

And while there are definitely differences between the two, there are many areas of overlap as well. 

Let’s start talking about this – is a centralized managed file transfer gateway on the radar screen at your company?  Is the primary focus internal or external?  Is security the main driver behind the initiative?

I didn't hear about a single data security breach the week of June 16, but then I spent the week volunteering at Camp Sunshine (http://www.mycampsunshine.com), a camp for kids with cancer. Perhaps it’s because I didn't read, watch or listen to the news!  But instead, focused on a different security issue – that of children with special needs enjoying a week at summer camp with other kids just like them, and  here they felt secure and safe enough to act like ‘normal’ children. 

In reality, according to the Privacy Rights Clearinghouse (link http://www.privacyrights.org) and Attrition.org (link http://attrition.org/) there were numerous breaches in the headlines that week -- Domino's Pizza, Citibank, Petroleum Wholesale and Colt Express Outsourcing Services. 

As a matter of fact, there were only three areas at Camp Sunshine that were even remotely related to technology -- outside of the infirmary equipment, of course.  The first was a room of computers loaded with games for kids who couldn't be exposed to physical activity outside.  The second was limited access to the Internet, which enabled us to contact Chick-Fil-A, who donated more than 400 chicken biscuits after the children called for an 'Eat More Chicken' campaign at camp (you can read about it in the camp's newspaper, the Daily Sunshine (http://www.dailysunshine.org)!  And finally, a high-tech (40 feet+) climbing wall, which was donated by Tom Noonan, former CEO of (now IBM) Internet Security Systems (ISS).

This climbing wall was one of the highlights of the weeks where a girl that had leg braces as a result of cancer was persuaded to try climbing the wall.  After scaling about 25 feet, she came down in tears of joy having reached far beyond the limits she thought she was capable. 

Now back at work, it's images from that week that should enable me and others around me to challenge ourselves to solve critical business problems while at the same time making a difference in this world.

Until next time,

Gary

Gary Palgon
Vice President, Product Management
nuBridges

Another week, another Gartner conference.  Last week I attended Gartner’s Application Architecture, Development & Integration Summit 2008 and it can be summed up as ‘buzz words a plenty!’   Some of the favorites included cloud (variously referred to as ‘the cloud,’  ‘cloud services,’  ‘cloud computing’ and ‘in the cloud’), Software as a Service (SaaS) and Service Oriented Architecture (SOA) -- among others.   Gone from this year’s presentation titles were EAI, middleware and WOA.

Thomas Friedman, author of The World is Flat, recognized that boundaries of businesses are global.  This trend was a clear challenge to IT as “virtual” companies are being composed (largely enabled by technology) of multiple entities each specializing in some unique function, yet they present themselves to the marketplace as an integrated business, aggregating everything from manufacturing to sales.   For example, Threadless.com, a t-shirt manufacturer, relies on consumers (via a social networking community) for t-shirt design, marketing and sales.  eBay provides a technology platform, virtual community, marketing and business facilitation, while consumers provide the goods.

This leads to the need for IT to also begin bridging systems beyond the four walls of their enterprise, linking in ‘services’ from business partners.   For instance, companies like Amazon Web Services (part of Amazon.com) or Force.com (part of SalesForce.com – see http://www.salesforce.com/platform) can provide a hardware grid, system infrastructure and data services, all part of an Application Platform as a Service (APaaS) construct.   Business applications are exposed above that layer ‘in the cloud’ in a multi-tenant environment as part of the Business Platform as a Service construct (BPaaS).   The core business can then focus on the key elements that make up the business and execute as an efficient business ecosystem. In the end, not only is content being aggregated or ‘mashed-up,’ but actually the businesses themselves are mashed up.   Information technologists must understand the underlying business drivers and support these electronic bridges.

And lest we forget security.   With these composite businesses and the composite applications supporting them, the security threats internally and externally also grow.  The Web 2.0 (another buzz word) world, one of openness and collaboration, makes it that much more important to ensure that SaaS and other providers ‘in the cloud’ embed security as part of the applications and services they provide.

Be back next week,
Gary

Jason Chambers
Principal Architect, nuBridges

I thought that would get your attention. Data security can hold the key to your company’s reputation and to its future. Data breaches from outside and inside your enterprise can result in customer loss, fines and devastating press that can impact your bottom line now and in the future. A wait-and-see attitude to data security is not a good business practice. And given the availability of solutions that protect data in all its forms, it’s just not defensible!

Businesses large and small in every corner of the world are losing billions of dollars each year, risking their customers’ loyalty and opening themselves up to litigation. Unnecessarily.  The U.S. Department of Commerce estimates that data theft costs businesses more than US$250 billion and results in the loss of 750,000 jobs in the U.S. each year. Now that’s a big deal.

You notice I’m talking about data security, not network or perimeter security.  Given the “boundary-less” nature of our world, businesses must look beyond traditional perimeter defenses such as network firewalls. They’re not effective enough to fully protect data in all the forms it takes, in all the devices in which it travels or rests. Of course I’m not suggesting that you totally forget to protect the perimeter; but you need to also follow the data and protect it, whether it’s in transit, in use or at rest. Protecting the perimeter won’t stop a disgruntled employee from removing important data from their laptop via a USB device.  And what’s to stop a contractor from downloading your corporate IP for use in subsequent engagements? Engagements with your competitors perhaps?

At nuBridges we call this “moat mentality,” harkening back to medieval times when perimeter moats were the best practice in protecting one’s castle and its precious contents. Even with draw bridges, armor, boiling oil and the like, we all know that moats are not always impenetrable – and Trojan horses may lurk inside. And so today companies stuck in this moat mentality are increasingly and unnecessarily leaving the jewels in the castle at great risk. They need to secure their greatest asset – data – at its source.

What’s most interesting (frankly, it’s perplexing) is that companies have immediate and affordable access to the technology that virtually neutralizes data breaches.  At nuBridges we’ve built software solutions that are affordable, easy to use and provide end-to-end security for sensitive data at rest and in transit. More than 3,000 customers rely on us to encrypt millions of credit card numbers, exchange billions of dollars in B2B transactions and enable countless business-critical file transfers. I encourage you to read our free whitepaper: “Best Practices in Encryption Key Management and Data Security.” http://www.nubridges.com/keymanagement1/

Does your company have a “moat mentality?”

Until my next blog,
Jason

Gary Palgon
VP, Product Management
nuBridges

Here I sit on the runway at Reagan International Airport.  There’s a storm brewing and the plane’s engines are off, so I have plenty of time to reflect on the past three days at Gartner’s IT Security Summit.  Here are a few thoughts for those of us who worry about protecting business data for a living. . .

The conference was held at the two-month-old Gaylord National Hotel, located just outside of Washington, D.C. in National Harbor, Maryland.  Mark Burnette, Executive Director of IT Operations & Security at the hotel chain gave a great presentation at the conference – “Case Study: Security Information System at Gaylord Entertainment”.  He covered the fact that they log more than 78 million digital events each day, which maps to more than 14 million correlated review items, alerting them to several high-profile security issues each day.  Issues that are carefully inspected and quickly resolved. The centralized log management was required for PCI DSS compliance, but it’s also key to their overall security initiatives. Because of the Gaylord’s proactive approach to logging and auditing all electronic functions throughout the hotel, they are able to lower their level of risk, and provide a safer environment for their patrons to book reservations (online, by phone, etc.) and enjoy their visits to this beautiful property.

Being in D.C., there were lots of government representatives interested in security for their respective agencies along with the usual attendees from mid- and large-size enterprises.  Given the continued proliferation of breaches since last year’s Summit, it’s no wonder there was plenty of information-packed sessions including many corporate case studies of company security successes.

Gone was last year’s focus on spam and phishing emails, replaced this year with topics like log management, thwarting bot attacks, identity and access management and end-to-end security.  From thumb drives and full-disk encryption on laptops to locking down back-office applications, databases and servers.  There was lots of talk of a more organic approach to security – building it in at the data and workflow levels.   

Looks like the clouds are starting to clear – there’s hope we’ll take off soon.

Be back next week,

Gary

Kim Addington
Chief Marketing Officer
nuBridges

For improved decision making, risk management and governance
Reflections on 2008 Gartner IT Security Summit

We all know that business data is multiplying at an unprecedented rate (along with its value to the enterprise). IDC estimates growth at between 50% and 80% annually, while the META Group says it’s closer to 100%. That means the challenges around protecting business data are growing exponentially too.

One of the themes I heard at the conference was that over the next five to eight years we’ll see security stovepipes start to get broken down – security will get integrated into the fabric of our business systems both organizationally and technically. Security products and services will become more unified. One of the metaphors Gartner used to illustrate this is the human body’s immune system and how elegantly it operates – it was an interesting vision that they admitted is years away, but they predict that the leading vendors will be the ones that start to consolidate security stovepipes into more unified products and services.

Another security trend that’s directly relevant to the things I think about every day at nuBridges is that IT needs to move in the direction of protecting workloads and information, not individual devices and endpoints.  We need to bring boundaries closer to what needs to be protected – the data, allowing businesses to break artificial boundaries that constrain business processes and the extended enterprise.

At nuBridges, we really believe in data-centric security – whether at rest or in transit. In fact, I had just finished writing some new Web site content:  “It’s time to change the way we think about data protection – the boundary isn’t the network, it’s the data itself.” when I boarded the plane for the Gartner Summit. It was good to hear that perspective echoed by hundreds of security experts in Washington (not just the analysts, but also the attendees who have to do the real work).

One term they used that I liked a lot was moving in the direction of “self-protecting resources.” My perspective is that this can only happen if the security industry gives customers better policy definition and management tools.

I’d like to hear about your company’s stance on protecting data at its source versus focusing primarily on the perimeter.  One area “self-protecting resources” can really address is concerns about internal data leakage. Is your organization looking at this today?

Talk soon,
Kim

Kim Addington
Chief Marketing Officer
nuBridges

It really seems appropriate that I’m writing my first blog and nuBridges’ entrance into the blogosphere as I’m on a Boeing 757 headed to Gartner’s IT Security Summit.  Lots of firsts.  My first Delta flight without a bag of peanuts.  My first Gartner summit as CMO of nuBridges (joined end of 2007); nuBridges’ first inclusion in the new Integration Service Provider Magic Quadrant; and the first time I’ll meet P.J. O’Rourke (wonder if he’s as witty in person?).

Enough about firsts.  Let me tell you what you can expect from this blog.  Conversations.  I’ll start them and I hope lots of you will join in.  At the beginning, I’ll be sharing insights and resources about the ecosystem where nuBridges lives.  We’re all about eBusiness, specifically secure eBusiness.  We know how to move data using a wide variety of industry standard protocols.  We know how to protect the payload, the transport pipe and the endpoints of every transaction.  We know how to guarantee delivery so that customers get eBusiness results.  We know how to make it much easier for IT and end users to transfer authorized information, and hard for unauthorized data leaks to happen.

So, we’ll be talking managed file transfer, data protection, encryption and key management and lots of technology acronyms and key words that we all use to Google or Twitter our way to IT excellence for our organizations.

We’re about to land, so I’m signing off.  My next blog will come from the Gartner IT Security Summit.
Talk soon,
Kim