“The ‘boogey man’ of the U.S.A. Patriot Act has just become an easy excuse to say no …Canadian authorities can get information in the U.S. without a warrant and American authorities can get information in Canada without a warrant” and this happens on a daily basis” David Fraser
Canadians are quick to use the U.S.A. Patriot Act as an excuse to avoid cloud computing, but they might not know many of the same laws already exist in Canada. Privacy lawyer David Fraser highlights the similarities in this interview with ComputerWorld Canada.
Dear Facebook,
I appreciate your service. I really do. I’m sure that many of your 400 million active users appreciate it as well. But now that you have a market value estimated at billions of dollars, it is time for you to start acting like a grown-up company.
That means you have to provide basic security for your customers. And it means responding when your customers try to contact you, as I did recently to talk about an important security issue. Do you think you will be able to hold on to 400 million users if you treat them that way, and if you put their computers at risk? I don’t.
“you are leaving your users open to a major security risk.… I know malware when I see it, and I don’t allow scripts to run on my computer”
Read the rest of this open letter on IT Business.ca from Ira Winkler – the president of the Internet Security Advisors Group.
Although I was hoping to post daily updates, it just didn’t happen given my schedule and all of the sessions. So here’s a quick recap of RSA 2010.
The weather was great.. warm with a few drizzly moments. Although I didn’t stay there, the W Hotel Lobby seemed to be the hub for conference go-ers post event.
I connected with a lot of industry colleagues… mostly familiar faces and some new. Both on the show floor and off site. Tons of business cards were exchanged - one of the good barometers of the success of the event for me ! Having said that, the attendance seemed to lower than last year’s, but on the flip side, there seemed to more qualified/interested attendees as opposed to ‘tire kickers’ and ‘tchoki collectors’.
Here are my top highlights of the conference… in no particular order:
1. Celebrating Canada’s gold medal victory with my fellow Canadian at Websense, our CTO Dan Hubbard – as our US counterparts marvel at the deep meaning this win had for us.
2. General Session Panel Discussion on “Pandora’s Box: Youth on the Internet”. Given the high profile focus, the security industry is starting to see the importance age plays in our online world; and the need to provide better ways to protect children.
3. Panel on Top Cloud Threats and and presentation on Linking Malicious Web Through Statistical Modelling
The one disappointment I did have was seeing vendors on the show floor still treating the exposition like the old days… carnival-esque – ie gimmicky attractions that gather all of the ‘tire-kickers’ and none of the relevant potential customers. Oh well, different strokes I suppose.
All in all it was a good conference with informative content and great chance to reconnect or simply connect with peers and colleagues in the industry.
See you all there next year !!
Web 2.0 — the emerging social media world populated by entities like Facebook, Twitter and MySpace — represents the greatest danger in a sea of threats for 2010 … Read the rest of the security trends for 2010 on eChannelline.
Ontario’s privacy commissioner Ann Cavoukian says that banning employees from visiting social media sites, such as Facebook and Twitter at work isn’t a good idea.
“I think it’s a mistake,”Cavoukian said. She completely understands why in today’s environment some businesses may favour an outright ban, but says such prohibitions are almost always counterproductive.
What the commissioner has neglected to mention, is the fact that although a ‘blanket ban’ is not the solution, neither is unsecured open policy.
To leverage the advantages that twitter, facebook and other social networking/user generated content sites bring to your business, you have to allow access and mitigate the security risks associated with them.
I am a whole hearted advocate of saying ’yes’ to these Web 2.0 sites - as long as you have both a usage policy to educate your ‘users’ AND a security solution in place that can categorize pages on these sites in real time - thus giving you the ability to maximize the advantages, without compromising your security posture.
Read the story as reported on itbusiness.ca
Recently got back from the XChange’09 Conference hosted by Everything Channel. This year it was held in National Harbor , MD …what a beautiful venue for the conference.
I landed at Reagan Airport and took what turned out to be a great ‘tour guide cab’. We drove by the church that Geroge Washington attended… among other things, and was, as I usually am, taken a back by the history.
The area around the hotel was very quaint, and included shops, restaurants and a marina /harbour – unfortunately(or fortunately), I spent the majority of my time indoors soaking up all of the latest and greatest in the various sessions, and mingling with resellers and fellow technology manufacturers – including the Canadian contingency that was present there. I stayed at the Gaylord National, and if you’ve ever stayed at a Gaylord property, this was no different in scale or level of service.
Three take aways from this conference:
It is still a great venue to connect with resellers and solution providers, if for nothing else, to get a pulse of what is going on in the trrenches
The industry is a very tight knit group and connections made here will remain, and it was good to see old colleagues and friends alike
The key to good boardroom presentations is knowing your audience and delivering the message with high energy and passion
Whether you are a solution provider or a manufacturer, I would suggest attending this event next year. It is one of my annual favourites.
Here is an excerpt from a post on Gartner’s Blog Network by Andrea DiMaio. Although he claims not be a security expert, Andrea provides some good insight on Web 2.0 risks in light of the affect of the Twitter outage.
He touches on three key risks:
- Malicious software that may be downloaded through sites
- Unavailability of those sites when they are needed
- Data posted on sites that may unwillingly reveal information that may negatively affect government operations
Click here to read his suggestions on how to address these risks.
I recently attended a customer event where I presented a short overview of the Web 2.0 at Work study released by Websense.
Just to ensure everyone was on the same page with respect to what Web 2.0 was… I started by asking the audience for their definition of Web 2.0.
Although only a few were brave enough to respond, just as when I ask about DLP, each one had a different definition… ranging from the generic ‘social networks’ to technical references such as ’Ajax’. We finally agreed upon the common denominator of ‘user generated content’.
Even though I felt like that kid in Jerry Maguire having the ‘did you know?’ conversation, it was interesting to see the reactions of each attendee once presented with some of the facts and stats on the prevelance of Web 2.0 and the security misconceptions.
Needless to say, the dialogue following my breakfast presentation was dominated by…’ I didn’t realize that !” or ‘if I could do that, that would solve …’
Most if not all of the attendees knew that they needed an update in their security posture, but were unaware of how to address this shift from a technology perspective.
If are trying to figure out how to provide safe and secure access to sites like Facebook, Linkedin and others social media / web 2.0 sites, I recommend the following Best Practices document.
Web 2.0 is here to stay – we just need to adapt our security infrastructure and policies to better address it.
