Blog Banner

Category Archives: Security

How to Control Non-Employee Access to SharePoint

Decorative image of peopleChanges to SharePoint 2013 licensing have made it affordable for companies to build non-employee access portals in SharePoint. The expectation was that companies would rapidly deploy non-employee portals to collaborate with clients and suppliers. The reality is that very few SharePoint customers have deployed these portals.

HiSoftware and the BASH Exploits

Decorative ImageBourne again! It seems scarcely a week goes by that we don’t see another data breach or exploit running wild. Following on the Heartbleed code defect earlier this year, this week has seen the rise of a new round of exploits. The defect covers the BASH command line utilities used on Unix-derived operating systems, such as Linux and Mac OS X. Windows systems are immune to this flaw.

We are pleased to report that all of HiSoftware’s solutions are Windows-based, and thus have no known exposure to this defect. Similarly, there are no known exposures in any of the Cryptzone portfolio of products (see Cryptzone’s statement).

As always, failures of any peripheral controls could lead to indirect exposure for other systems. We encourage all customers to be careful about any potential use of Linux or Macintosh systems until the defects are patched. We will continue to monitor the situation and share relevant information as it becomes available.

Incidents such as this highlight the importance of proper security, audit, compliance and governance solutions.  If you have any additional questions or concerns, please contact us at info@hisoftware.com.

Almost Half of Organizations Have Suffered a Data Breach

Breach Infographic tearoffPonemon Institute and Experian Data Breach Resolution released findings yesterday from the second annual study “Is Your Company Ready for a Data Breach” that showed almost half of organizations surveyed have suffered at least one security incident involving the loss or theft of more than a 1,000 records, up 10% from 2013. As a result, an increasing number of organizations are putting data breach response plans in place up 12% from 2013 and 48% of organizations increased investments in security technologies in the past 12 months.

Message In a Bottle – Identity and Access Management in the SharePoint World

Decorative image of ship in bottle

Source: http://en.wikicollecting.org/antique-ships-in-bottles

For a long time, identity and access management (IAM) has been something outside the world of most implementations. Who you are, and what you can do, have stayed almost entirely within the walled garden of SharePoint farms.

Over the past few years, however, SharePoint’s been spilling out of its bottle – into the cloud and into engagement with users and systems outside the realm of on-premises data centers, networks, and Active Directory. IAM is no longer something done for “other” enterprise systems, but important to consider as new usage comes into SharePoint, and as SharePoint apps and content are extended outside the traditional farm.

Data Breaches: Is Confidential Data Lurking on Your Website?

Decorative image of the word privacyIf the most powerful part of your business is your customers and therefore the data you have on them, how are you protecting it? Most companies can tell you what measures they have in place to protect data in their networks and applications, but what about websites?

Customer data is your ‘secret sauce’ as Dave Lewis, Forbes contributor puts it. In a recent Forbes article, Dave does a bit of an experiment using a search engine to find information he shouldn’t be able to find. He was on the lookout for SQL (structured query language) databases. So just how many websites did Dave find with exposed databases dated 2014?

HiSoftware Site Sheriff Version 2.0 Now Available

Logo of HiSoftwareCompanies continue to leverage SharePoint for internal and external collaboration. As a result, site administrators face many challenges including how to control content access, foster user adoption, manage large lists and build non-employee portals. Today we’ve released Site Sheriff 2.0 to solve these challenges.

Interesting Times and Innovation at HiSoftware and Cryptzone

Decorative image of the better together milk and cookiesTo follow-up Kurt’s recent blog post on the merger between HiSoftware and Cryptzone, I can’t tell you how excited I am to be able to share this news with you. As you can imagine, there’s been a lot of work behind the scenes to bring our companies together, and it’s fantastic to be able to finally tell you all about it.

WEBINAR: HIPAA & Secure Information Governance – Myths, Realities & Practical Solutions

Decorative image of computer chip with healthcare symbolInformation security is top of mind in light of recent high profile breaches impacting millions of consumers. If you’re a healthcare organization the need to protect patient data is paramount. The laws are getting more stringent and oversight from agencies other than HHS is around the corner. To further complicate matters, technology including the cloud and mobile, are rapidly expand the ways providers and payers share, store and access information. Keeping data safe and in compliance with not just HIPAA, but other mandates that govern personal and payment data, has become even more challenging.

GRC20/20 on Information Governance & Collaboration in Financial Services

Image of Wall Street“Collaboration and use of information has revolutionized how technology creates value for financial services firms. However, a challenge for financial services organizations is to govern information and collaboration across a distributed and dynamic environment. How does the financial services organization take advantage of the wealth of benefits that online collaboration platforms and pervasive access to information promises, while avoiding the compromise of confidentiality, integrity, and availability of critical business information, increased risk exposure, legal and regulatory actions?”

Excerpt from GRC20/20’s“Information Governance & Collaboration in Financial Services

New PCI DSS Requirements to Reduce Third Party Risk

Decorative image of credit cardsThis month, the PCI Security Standards Council published supplemental guidance to help organizations and their third-party service providers (TPSPs) reduce risk around payment data storage, processing and transmittal. By better understanding their respective roles, entities can more effectively meet PCI DSS compliance and secure the cardholder data environment.

Powered by WordPress