This past week, C/Net wrote a post on how compliance, rather than protection, is the focus of most corporations when it comes to security. The report (PDF), commissioned by RSA and Microsoft, found that corporate IP is 62 percent of a company's assets, but most security programs focus on compliance rather than data protection.

But, if you take a step back, it makes sense. Corporations are in business to make money. Security purchasing is one of those things that does not affect the bottom line ... until compliance (and those pesky fines) come into play. It's like healthcare - very few of us do preventative medicine (the yearly check-ups and all that fun stuff). Nope, we wait until we're sick ... or are forced to go to the doctor. Or taxes - none of us want to pay taxes, but come April 15, we feel compelled to pay them. We comply with the government regulations; for corporations, they comply with government regulations as well, and spend on security reactively (to the 

That's us - we're the compliance folks. We help small- and medium-sized enterprise companies make sure they are compliant with a wide variety of regulations, ranging from HIPAA, HITECH, FERPA, PCI and others. We are in the data loss prevention business to help make sure companies stay on the up and up with compliance issues. 

No, I'm not discounting that corporations need to invest in security beyond compliance - companies need to have full, robust security to protect their intellectual property and data. Data loss prevention is part of that mix; besides making sure that information is not mistakenly sent out, there is that protection that information is not purposely sent out as well. 

So Palisade Systems is your compliance cop that helps you stay secure. 

Recently, our internal customer advocate wrote about El Paso Independent School District using Palisade Systems PacketSure for their data loss prevention needs. Today, the press release was sent out over the Wire to various educational and security reporters, touting the relationship between Palisade and EPISD.

It is a testament to our internal staff that we have long-standing customers like EPISD using our products, and having the confidence in our products to continue to use us as we grow with their security needs. With the Family Educational Rights and Privacy Act (FERPA), school districts around the nation had to begin thinking beyond the basic IT structure of security but beyond: how to keep data secure and make sure that information was not accidentally (or, in the case of student-athletes, purposely) leaked or lost to the vapor. 

When EPISD set up a security assessment from Palisade, they got to see first hand the information being sent out, data that was being captured in their test of the PacketSure application. It is this data that FERPA is concerned with, a pillar in our compliance to help school districts stay on the right side of the Act and protect students, administrators, teachers and staff.

 We are happy to be working with EPISD and help keep them secure. We look forward to continuing to work with school districts, and helping new districts be DLP safe.

Palisade Systems has a very distinct place in the data loss prevention (DLP) market: we concentrate on the small and medium sized enterprise. We focus on that market segment because they need DLP just as much as the big guys, and likely even moreso. For the small and medium businesses - especially in healthcare, education, financial markets - you aren't looking at massive organizations that can snap their fingers and implement a DLP solution, but businesses that look at each detail and know they need to be compliant with PCI, FERPA, HIPAA/HITECH and other regulations.

Today, we announced the first of many reseller announcements with Secure Content Technologies. Based in Ohio, the company focuses on the business and education segments that are key drivers for Palisade, and in markets that we target. Working with Secure Content Technologies - and the about 20 other resellers we have signed on the past quarter - we are able to work with resellers across the country and provide them with the best DLP solution for the small and medium market, as well as help them continue to position themselves as IT leaders in their regions with various programs that we provide our resellers.

As noted, this is one of many reseller releases in the queue right now, and something that we continue to pursue. Our reseller program brings many opportunities to IT firms, including participating in our company’s marketing initiatives, PSI Registration and Secure Assessment Programs, Extended Terms Programs and sales, training and other support that brings resellers into the Palisade family. 

Continue to watch the reseller space, and let us know if you are interested!

A few weeks ago, the attorney general of the state of Connecticut sued HealthNet for a "massive security breach" releasing patient records. According to published reports, this is actually the first time a company has been sued over the HITECH Act, and quite possibly is the first of what could be many suits filed by attorney generals across the nation.

In a way, it's a test case for the large healthcare providers, insurance companies and others that touch patient records (which, in some cases, includes call centers). With the first suit filed, other states will take note on how the case proceeds, and whether or not to pursue their own HITECH lawsuits due to patient data loss or leakage. While the obvious place for the attorney generals to start is the large organizations - hence HealthNet being the test case - the trickle down affect will eventually reach the doctor's offices, the corner pharmacy, and call centers. While it may start at the top, it will reach the bottom, smaller offices.

That's the key here: with the HITECH Act being enforced, how soon before the smaller doctor's office, who accidentally leaked or shared patient information via email or other electronic means, gets a knock on the door from the attorney general's office? The key is encryption, data loss prevention, trained and educated employees, but that takes hours of IT training and implementation.

And, realistically, the smaller offices do not have the time, manpower or budget for the large-enterprise DLP solutions. Nor, well, do they need a large-scale solution. That's where Palisade Systems comes in. One of our four cornerstones of business is the SME healthcare market. Go on, read the case study and I'll wait.

That's our business: helping the small and medium size enterprise healthcare organizations stay HITECH compliant. We do the worrying so healthcare organizations can be worry-free. We are easily implemented - either hosted or managed services - so they don't need a dedicated IT staff. We automatically update to keep on top of the security, encryption and compliance issues so doctors, pharmacists, health insurance brokers and their staff can do what they do best: take care of the patients and help them get healthy.

And, with our PacketSure product line, we do the same for healthcare organizations: we make sure they stay "healthy" and do not run afoul of HITECH. It's what we do, we do it for the small and medium enterprise, and we do it so other's don't need to worry.  

Today was a big day for Apple computers - or not so big, if you fell for the hype of the product - but the introduction of the iPad brings in a new level of computing to the industry. Not a netbook, but not an iPhone, the iPad is an inexpensively priced device that is "revolutionary" according to today's event.

Now, how revolutionary is up for debate, but it is interesting to note that the company is making inroads to the corporate world. According to the recent earnings call, COO Tim Cook noted that "some 70 percent of the Fortune 100 companies are actively piloting or deploying iPhones, and 50 percent of the FTSE 100." 

Further, this interest has been driven by "recent features adds (aka support for Microsoft Exchange) and the 3GS launch." (Quotes and article from GigaOm's Om Malik).

If large corporations are beginning to adopt smartphones - beyond RIM's BlackBerry and Windows Mobile - but extended to Google Droid and iPhones, this brings in a new level of security and concerns about data loss prevention. While the SME market tends to be more desktop oriented, people do do basic tasks, especially email, on the fly. The iPhone and BlackBerry have shown this to be true. And with email comes the potential for accidental data leakage. 

With the SME, this becomes a greater concern as there is more to lose with an employee mistake. With compliance issues at the forefront of any company's mind and concern, company's need to ensure that just email is secure and prevent loss. That's where companies, such as Palisade Systems, will be able to help companies as they implement iPhones and iPads: the security on the email system will ensure that nothing bad gets out, that the company is not violating any PCI, HIPAA or FERPA compliance.

And that's the key. As more of these devices come into the forefront, and people who are tied down at desktops want to be able to answer emails on the run, they need to keep in mind that those emails have implications beyond the sale or answers. They need to be compliant for whichever industry they are in, making sure that they are protected, as well as their company. A robust DLP solution - such as PacketSure - helps them have peace of mind late at night, and sleep knowing things are protected.

Confession: I am a social media junkie.

I have been blogging, tweeting, and FaceBooking, not to mention heavily leveraging synchronous social mediums like Virtual Worlds, since forever.  During this time, I've seen all manner of public tweets that were intended to be direct messages. Inadvertent FaceBook postings that caused arguments, breakups, and worse.  Drunken blogposts late at night that were syndicated to the world via RSS before the (now sober) author tried to delete their tracks.

All of these are the small downside for the powerful productivity and social benefit that society has gained as a result of social media tools.  We are connected in ways we wouldn't have considered possible even a decade ago, and are continually in contact with all of our friends and family through vacations, travel delays (often related hashtags), childbirth, weddings, political uprisings, and even bad-boss behavior.

Every useful tool also has, unfortunately, the potential for unintended consequences.  Just as the aforementioned mistaken status updates were damaging to friendships, the 'wrong window' problem can be a potential data-loss point for organizations as well.  Being heavy users of these technologies at Palisade (see our Twitter feed), we recognize that organizations need to ensure that their sensitive information isn't inadvertently being posted or tweeted.  This was the motivation behind today's announcement of the successful conclusion to our internal certification efforts for Data Loss Prevention for social media tools.  We extensively tested both web-based applications as well as popular third-party applications that leverage different network ports and protocols to make sure our customers were protected from data loss over Twitter and Facebook.  Just as email, instant messaging, and web-applications can be unwitting accomplices in accidental data loss, so can these emerging communications platforms.

You're covered.  You can relax.  Get back to focusing on the upside of these powerful tools, and leave the worrying to us.

Christian

When it comes to data loss prevention (or data leakage prevention), people think about the typical industries that deal with compliance issues - healthcare with HIPAA or education with FERPA or insurance and banking with PCI compliance.

The reality is that those are the industries that we see the most activity in for Palisade Systems, but there are many industries out there that have data loss that do not realize it is happening. Now the key issue is that most data loss does not occur out of malicious intent, but unintentional mistakes. People attach documents in email, there is not secure email in a corporation, details accidentally sent out over instant message ... those types of mistakes. Nothing purposely bad, but it happens.

Two recent events bring this to light for both law firms and public relations firms. 

From the law industry, one survey noted that 41 percent of workers who switch jobs take sensitive data. Another noted that redundancy might lead to more data leakage, but ethics are on the rise.

From the FBI, a recent report noted that public relations and law firms are both more susceptible to data leakage due to hacking; the scheme, though, is related to email through phishing attempt.s

What these examples show us is that a comprehensive data loss prevention solution can help corporations protect themselves, their employees and more importantly, their clients. With a system in place, the law firms and PR firms can catch emails that are sent out that should not be going to inappropriate contacts. A lot of secure data is passed back and forth between clients and firms - new hires, mergers & acquisitions, strategic planning - and in the wrong hands, that information can be used for market manipulation or worse. 

What this means is that companies need to be diligent. They need to make sure that they have standards in place, that the computers and servers are fully protected, and that data is not being leaked or lost. 

The past few months, I was able to go see a few Cirque du Soleil events: one in Las Vegas, the new Beatle’s Love, and the other was when all the shows came to Los Angeles to promote the Las Vegas shows with various performances.

Watching them perform – below is a short clip I took in Los Angeles – is amazing. The intricacy of the performances is amazing, with everything being done in exact timing with the other members of the troupe. The minutest details are practiced over and over, to make sure that everything is perfect, and that safety is always top of mind.

In a way, that is what Palisade Systems does for small and medium sized enterprises. We’re your performers, we enable you to sit back and enjoy the show that we help you put on to protect the SME landscape. With many SME institutions, the director of IT has to wear many hats. He or she has to find a data loss prevention solution that is going to fit best with the corporate structure – whether it’s hosted internally or through a managed service provider – is easy-to-use and is easily implemented. The IT director needs to be able to sit back and enjoy the show, not worrying about whether or not the job is getting done.

Palisade is that show. We take care of the minutest details – as well as the big ones – to make it look simple. We provide a full data loss prevention system that integrates into other aspects of the server (Web filtering, email monitoring, data monitoring during down time, full compliance for our SME customers), and provides a beautiful routine. We are our client’s Cirque du Soleil – we make it look easy, we do it well, and let our customers sit back and enjoy the knowledge that its data is protected.

Today is another exciting day at Palisade. 

What we really enjoy is solving customer needs in new and better ways each day, and today we added PacketSure Managed DLP to the Palisade product family.  This new solution is targeted at Managed Service Providers (MSPs), allowing them to add Palisade’s award-winning PacketSure DLP technology to their list of security product offerings for their customers.  

We are pleased to be the first data loss prevention vendor in the security market to recognize this market trend, and release a DLP offering specifically for MSPs and their SMB/SME customers.

This solution has been a long time in the making, as we have been gradually hearing of greater and greater interest in managed security services by small and medium enterprises as they seek to contain costs and outsource common security functions such as hosted Exchange, anti-spam and anti-virus, firewalls, and other services.  Recent developments in virtualization technology have enabled us to deploy our easy-to-install PacketSure DLP for multiple customers on a single, cost-effective, MSP-hosted platform.

We were doubly pleased to be working with our good friends at LightEdge Solutions, a full-service Managed Service Provider, in offering Data Loss Prevention to their customers.  You’ll see additional announcements following this one as we continue to add functionality, partners and customers.

Now customers have multiple choices of how they protect their sensitive and confidential data, either on-premise using our PacketSure DLP appliance, or via an MSP as a managed DLP service.  Either way, your information is protected, which is what we are all about.

Christian

Today, Robert Half Technology – a provider of IT professionals for project or full-time engagements – came out with a survey on how Chief Information Officers are looking at social networks, and how much time they are allowing their employees to spend on Facebook, Twitter and other social networks.
From the survey,

CIOs were asked, “Which of the following most closely describes your company’s policy on visiting social networking sites, such as Facebook, MySpace and Twitter, while at work?”

Their responses:
•    Prohibited completely: 54%
•    Permitted for business purposes only: 19%
•    Permitted for limited personal use: 16%
•    Permitted for any type of personal use: 10%
•    Don't know/no answer: 1%

It is an interesting take on social networks, and one that corporations need to think about as they institute policies and implement DLP solutions; as many corporations are at a cross roads in social networking and social media – do we monitor, do we allow our employees to become spokespeople for the company, how much leeway do we give – it is interesting that more than 50 percent of CIO’s are already prohibiting employees from using social networks at the office.

This is an interesting juxtaposition with the recent comments made by President Obama regarding being careful on Facebook. As noted in the Gartner blog, Obama became part of the data leakage worriers.

But, it IS a valid concern. Corporations – from the small and medium sized enterprise, to the multinational conglomerate – need to think about and prepare for data loss and data leakage, and where that might come from. Companies such as Palisade are the professional worriers: we think about how and where data loss might happen, and make sure that our PacketSure products can catch the bad data before it gets out there, and help protect the company.

While DLP solutions are just one aspect of social networks – the other key part is knowledge, education and sense – it is a good protection on the Web with IM and social networks.