HIPAA’s Revamped Auditing Program: Will You Be Ready in 2014?

Now that we’re well past the compliance date for the HIPAA Omnibus Final Rule, it’s time to start looking ahead at the next milestone—enforcing those rules.  One aspect of enforcement that’s expected to increase next year is more auditing visits from the regulators. The Department of Health and Human Services (HHS) has announced it will…

Continue Reading

Introducing DatAnywhere 1.5

We’re happy to announce today that DatAnywhere 1.5 is generally available.  DatAnywhere has gained strong adoption in its first year of existence, helping organizations deliver the cloud file sync experience using corporate file servers and NAS devices. One of the key benefits of DatAnywhere over other private cloud solutions is how simple it is to…

Continue Reading

we own4

Lessons from the Government’s Cyber Crime Cases: Don’t Let Hackers ‘Own the Site’

As part of another project I’m working on, I’ve been reviewing real-world investigations of hackers—at least the ones who were caught and  facing trials in the Federal criminal court system. You can learn much about the hacker mindset and also by extension what organizations are missing in their data security by reading the indictments filed…

Continue Reading

Live TechTalk: More Fuel For Your SIEM

Security Information and Event Management (SIEM) offers an excellent way to combine and analyze multiple data streams and generate alerts that help protect your organization. But a SIEM is only as powerful as the data it consumes. Does your SIEM currently receive file and folder access events? How about SharePoint and Exchange activity?  There is a…

Continue Reading


Back to Basics: Payment Card Industry’s DSS 3.0

The long awaited revision to the credit card industry’s security standards was published last month. As expected, the latest version of Data Security Standard (or DSS) has clarified and strengthened existing requirements and has added a major new section for penetration testing. Among the improvements are stronger rules for passwords, authentication, and audit trails. If…

Continue Reading


How Did Snowden (Really) Do It?

I recently stumbled across an article in Dark Reading entitled “How Did Snowden Do It?”  The piece does a great job pointing out how failures in authentication allowed Snowden to gain access to sensitive data repositories, acting both as himself and impersonating other privileged users. The author states that Snowden a.) used social-engineering to convince…

Continue Reading

VIDEO: Applying Big Data Analytics to Human-Generated Content

Last week, Varonis and GigaOm held a panel discussion on the value of applying big data analytics to human-generated data.  It was a really thought-provoking discussion about an emerging technology that is helping early-adopting enterprises reduce risk, lower data management costs, and get insights about how people within the organization work and collaborate with data….

Continue Reading


2013 State of the Breach: More of the same (but keep an eye on unstructured data)

As 2013 comes to a close, it’s not too early to peek at current breach stats and see what this past year has brought. For this type of research, I rely on the Identity Theft Resource Center for an up to date tally of data exposures. So what are the major trends for 2013? With over…

Continue Reading