Save That Data

1000-year-old-recipeA writer friend posted a blog about Ancient Remedies Resurrected. He blogs mostly to help other writers use medicine correctly in their fictional murders. This particular post discusses the surprising success of a medieval recipe in killing specific troubling antibiotic resistant bacteria.

  • Who would suspect that a thousand-year-old Anglo-Saxon recipe to vanquish an infected eyelash follicle could do that?
  • Who even tried the recipe on something different than its original documented purpose?
  • Why was the recipe still around?
  • Who could read it?

Babylon-recipeThe first two questions are relatively easy. Some ancient remedies actually work. They were created over hundreds or even thousands of years of experimentation in the real world. Many experiments failed, with the expected unpleasantotherresults. Some worked and were passed down orally from “doctor” to “doctor,” often from parent to child. Often the “doctor” was closely associated with the local religion. One recipe for curing fever occurring in the brain is on an eight century BC tablet. The particular poultice is attributed to oral medical lore dating back to around 1860 BC. The tablet itself cites “mythological sages from before the Flood.” It is hard to argue with such authority. Enough of these old recipes work that it is well worth the effort to test them. Government agencies, pharmaceutical companies and universities all spend some effort searching ancient texts and experimenting. Looking at what the recipe does from a scientific viewpoint may point out some other possible uses of the drug.

The last two questions are the really important ones.

The survival of any particular ancient text is more due to luck than good data management. There is so much that can go wrong. The document first of all has to avoid being broken into a thousand pieces, sunk in the middle of the ocean, cleaned and reused, or being damaged by the ravages of nature with floods, fire, mold, or rot. But perhaps the most danger to old documents is man. Opened in the third century BC, the Library of Alexandria was one of the largest and most significant libraries in the world of its time. The library was destroyed, first by Julius Caesar when he conquered Egypt in 30 AD, and finally by Coptic Pope Theophilus in 391. Pope Theophilus was very thorough. Not only did he complete the destruction of the main library, but also a smaller version, the Serapeum, located elsewhere in Alexandria. Perhaps the first recorded case of a backup failure.

Maya-CodexMaybe as significant for the preservation of possible ancient medicinal cures was the destruction of all but four of the thousands of Maya codices by Spanish conquistadors and Catholic priests. Why were they destroyed? According to Bishop Diego de Landa in July 1562, because “they contained nothing but … superstition and lies of the devil.”

Unfortunately, this organized destruction of the past continues to this day as the result of conquest and religious fanaticism.

We recently visited one such ancient document, and it was only 800 years old. If was both surprisingly readable and very hard to read, and it was a language we had some rusty familiarity with. Image the difficulty of even deciphering an ancient text and then determining its meaning. We do not have a Rosetta Stone for most ancient languages. I am referring to the multi-language stone found in Egypt during Napoleon’s conquest, not the language instruction company – although the statement applies to both. Often even the structure of the language as well as the meaning of individual characters or symbols had to be coaxed out of many documents by many people over many years. Only after that can other researchers begin to search for specific snippets of interest, like medical recipes.

In trying to recreate the recipe that began this post, researchers had to figure out what the ingredients really were, and hope that modern garlic is similar enough to 1,000 year old garlic to actually work. In most cases an ancient text will not describe exactly how hot or long to cook something, or even how much of each component was to be used.

As a discussed earlier, it is perhaps as difficult to keep data for the long term in today’s electronic age as it was in ancient times.

The last word:

Save the data, especially if you have no idea what value it might have in the future. Pictures, movies, personal history stories whether written or currently only oral could be important. Talk to older relatives and friends and get their stories saved. Do it now while you still can.

If you save oral recordings, go back and make transcripts that can also be saved. A hundred years from now there may be no one who can understand what was said.

If your family knows a language that is little used, work to preserve it so its oral and written legacy can be saved.

Even mundane business records can have historical value in a distant future. Kyle Harper used ancient purchase records to reinterpret the end of Roman slavery by determining what slaves were eating in Rome around 300 AD. This kind of information can help fill in the gaps about a civilization and the well-being of its people, whether wealthy citizens or slaves.

As I have said before, keeping data on paper only is not the best idea.

Comments solicited.

Keep your sense of humor.


No matter what you think about Hilary Rodham Clinton’s past accomplishments and future potential, she has provided us an example of bad behavior that can be a learning experience for all of us.

To remove the positive or negative association of Madam Secretary Clinton, I will use “Anne Chamberlain” as the name of a potential employee of your company. Anne held a very high position in your company for many years, with intimate access to your most sensitive proprietary and confidential information including product plans, marketing strategies, competitive analysis, and your internal decision making processes. After she resigned from your company, you find out that the entire time she held this high position she was using her personal email account for most of her business emails, both within your company and with customers, partners, and even competitors. She used her own personal servers under her own physical control to manage and handle that email account. The result is that you have no access to any of those emails she sent or received.

When your CSO (Chief Security Officer) approached Anne, she said it was more convenient for her to use her own smart phone and her own email account. Her final response was “What difference at this point does it make?”

It makes a big difference.

While your company does permit BYOD (Bring Your Own Devices) to be used for both personal and business purposes, you do have strict security and data life cycle management policies. Your Life Cycle Management policy covers the rules about the creation, update, storage and destruction of all corporate records, including emails. These policies protect your company by enabling it to quickly and accurately find information to meet compliance, tax and other governmental requirements, efficiently run your business, manage contractual obligations, and respond to court discovery orders. Since you have no record of Anne’s emails, either sent or received, you will not be able to include them in support any such activity. Since Anne has refused to allow your IT department access to her personal servers, if a court ever found out that she was storing required documents on those servers relevant to some court or government request, the court could confiscate and search the servers. Since Anne’s servers are probably not following your data life cycle management policies, there are likely emails on that server which should have been deleted that may now be publically exposed as a result of the court action.

You also have a concern about the security of Anne’s emails. You have seen some reports that surmise that her server was hacked, perhaps by a foreign cybercriminal group, and that some of her emails may have been sold to your competitors. Again because you have no access to her servers, you have no way to determine if they were hacked and what, if any, damage it may have caused. You do know that her servers were not maintained to the same security levels as your own email servers.

Anne has promised to give you all of her business-oriented emails. Since there are thousands of these emails, you are concerned about how long it will take her to complete what is to her a low priority task. Worse, she is deciding what is a business-oriented email. While she may get 95% of it right, she will likely miss some emails that may be critical to your company later. A court may decide that you failed to disclose some emails and your company, not Anne, will face the consequences of that.

What do you do?

You really can’t outlaw personal devices for business use. It won’t happen; your employees and contractors, and probably you too, are really dependent on smart phones and tablets. Providing a corporate device is expensive and, like Anne, most people do not want to carry two devices that perform the same functions. But you can require some fairly simple procedures:

  1. Require all business-related emails to be done on your corporate email account. It is really easy to set up a second email account on a smart phone or tablet. On my iPhone and iPad I have a personal email account, my own company’s account, and separate accounts for each company I am working with at any time.
  2. Require that your company’s email account have your approved email signature block on each outgoing email. Again, it is easy to set up a separate signature for each email account on a device, including logos and the “fine print.” If you have a very complex corporate signature block, your IT department can set up a single image for the majority of the signature area and provide simple instructions for the common smart phone environments. If nothing else, this provides a clear signal to the person writing the email that they have the correct email account.
  3. Require that all outgoing emails on your corporate account are automatically forwarded to the employee’s corporate account. This ensures that you have a copy of all of those sent emails. In general this also makes it easier for the employee; they don’t have some outgoing emails on their tablet, some on their desktop, and some on their smart phone.
  4. Require that all emails be deleted from personal devices after a relatively short period, probably thirty days. They are still available to the employee through your email server, but it is one less place you need to search for necessary documents and it reduces the possible loss if a personal device is lost or stolen.
  5. Update your security and life cycle management policies to include personal devices.
  6. Include a section on the importance of protecting and managing company data and your email policy in your new employee orientation, and as part of your annual training session on security and ethics.
  7. Why did no one notice and report Anne’s behavior? Everybody should be looking for internal emails that come from an employee’s personal account. The easy thing to notice is that the signature block is “Sent from my iPhone” instead of your corporate signature. It is also easy to note that the sending email is from Anne.Chamberlain@me.com.

This stuff is, unfortunately, important. Email is one of the main vectors for cyber attacks. In today’s environment, most corporate communication is done through email. If you lose control of your email traffic you have lost control of your company.

The last word:

The US Federal Records Act at the time Madam Secretary Clinton served as Secretary of State did not categorically prohibit federal government officials from using personal email accounts. The Act applies to all federal agency employees who are not within the White House itself and requires the comprehensive documentation of the conduct of official business by regulating the creation, preservation and disposition of agency records. If an employee used her personal email account, she was required to forward that communication into her agency’s official records system. Secretary Clinton could have done that by having her personal device automatically forward all outgoing emails to her US DOS email account, and having her personal server forward all incoming emails to her US DOS email account. She did neither.

By coincidence, Anne Chamberlain was the name of the wife of Neville Chamberlain, Prime Minister of the United Kingdom from May 1937 to May 1940. Prime Minister Chamberlain’s reputation is largely damaged by negotiating with Adolf Hitler to sign the Munich Agreement, and for failing to prepare his country for war. The Munich Agreement permitted Nazi Germany’s annexation of portions of Czechoslovakia, although, strangely enough, the Czechoslovakia government was not invited to the negotiations. The majority of inhabitants of these areas were German-speakers, so it is clearly logical that Germany should take over their control.

An argument someone else may be using today.

Comments solicited

Keep your sense of humor.


WS2003Windows Server 2003 (WS2003) was first released in, surprise, 2003. It replaced Windows Server 2000. Microsoft has released several derivatives including Windows Compute Cluster Server 2003, Windows Storage Server 2003, Windows Small Business Server 2003, Windows Home Server, and Windows Server 2003 for Embedded Systems.

WS2003 mainstream support ended in July 2010. On July 14, 2015, Microsoft will officially end extended support for WS2003. Microsoft will not release any updates, including security updates or patches, after this date.  At that point you can pay Microsoft for security fixes for WS2003, but it is very expensive and not delivered promptly. Most antivirus solutions will not be supported on WS2003 after 7/14/2015 meaning that there will be no signature updates for new vulnerabilities. Considering the rate at which new malware opportunities are discovered in all flavors of Windows platforms, any WS2003 systems you have in production will quickly become vulnerable. As one data point, there were 37 critical updates for WS2003 in 2013, 10 years after the product’s release. WS2003 will not pass any further security or compliance audits. Expect stiffer fines and other penalties if you experience a data breach where a WS2003 system is part of the application environment.

This should not be a surprise. Microsoft has published its support policy and product end of life chart on its web site for over ten years. There are a lot of servers still running WS2003 out there. A Microsoft survey in January 2014 showed about 22 million WS2003 systems in use. A large number of those are in small and medium sized businesses. Many of these SMB companies do not have large IT staffs or budget to make any kind of a migration.   There are probably at least 10 million WS2003 systems still in use today. Even many Fortune 500 companies are still dependent on WS2003, and most will not have migrated by the deadline, especially as it seems to take about six months to make the migration off WS2003.

Microsoft introduced Windows Server 2008 in 2008 as the successor product to WS2003. However, Windows Server 2008 is not the best destination for your WS2003 systems. Microsoft will end mainstream support for Windows Server 2008 on the same day that it ends all support for Windows Server 2003, July 14, 2015, while extended support ends in January 2020. If you need to move off Windows Server 2003 in any of its flavors, you are better served to jump to Windows Server 12. Windows Server 12 was generally available in September 2012 and released R2 in October 2013. Mainstream support for Windows Server 12 is scheduled to run until January 2018.

Microsoft provides assistance. Perhaps as an indication of their sense of urgency, the first thing you see on that Microsoft page is a count down clock telling you, down to the second, how long you have. Microsoft is, not surprisingly, pushing migration of your WS2003 servers to the cloud powered by Microsoft Azure. In some cases, that may make sense, but only if you want to make a significant change in your operations and procedures. Moving to the Cloud should be a business decision, not a technology decision. Like a lot of things involving cloud computing, the end point is often a better place to be, but getting there under a deadline can be risky. You should at least look at the material Microsoft provides to help in discovering which of your applications and workloads are running on WS2003, assess those applications and workloads by type, importance, and complexity, and choose a migration destination for each. For some of those workloads and applications, moving them to the Cloud may be the easier and less risky solution.

Your IT department probably has some good reasons for not migrating:

  • Your current server hardware may not support Windows Server 12.
  • Some of your mission-critical applications may not be supported on Windows Server 12.
  • You do not have sufficient financial or IT resources to make the migration while simultaneously keeping your IT environment running.
  • Unfamiliarity with Windows Server 2012.

The second may be the most serious, and may take the longest to fix. In the worst case, you may need to migrate to a different application.

In the meantime you may be able to mitigate some of the risk by restricting access to your WS2003 servers. Products like the Unisys Stealth Solution may help. It can completely isolate your WS2003 systems from the outside world, allowing communication only from the specific systems and users you permit. Since the protection is based on user identity, not specific network location or device identity, the rights of an individual change automatically when their role changes. As Unisys says, “You can’t hack what you can’t see.”

If you do not have the resources, get help. There are many companies out there with experience in migrating off WS2003. You do not have to go it alone.

The last word:

Windows Server 2003 is potentially as serious a security problem as Windows XP. Hopefully you are well past getting rid of that OS from your entire IT environment as have all of your business partners who share any proprietary, financial or customer protected data.

If you are running Windows Server 2008 you should start planning to move them to Windows server 12.

The keys to a successful operating system migration are planning and testing. These exercises can feel like a huge drain on your resources, and each migration can itself cause new problems. But you have to do it; you cannot afford to be vulnerable.

Comments solicited.

Keep your sense of humor.


New Shoes

(This is another special posting by Suzy. I hope you enjoy it.)

Today Mother was taking her to get a new pair of shoes. She was a petite, fine boned girl who looked younger than her seven years. Mother kept her hair in a short bob with deep bangs framing her ocean blue eyes that today were sparkling with excitement.   A new pair of shoes was a very important event. Her feet were very narrow so that her shoes had to be specially ordered, making them expensive, and her family didn’t have much money.   Her father had a job, but was often sick so there were many payless weeks. Today Mother and Lois would take the trolley to 69th Street to get her shoes, then the subway and el to visit with Aunt Louise so she was wearing her good navy blue dress and a fluffy sweater MomKate had knit.   She slipped on the coat her mother had made and put the muff string under her collar. She liked her muff on these very cold days. It looked like a drum made of bunny fur, open on both ends so that when she put her hands in the muff, the cuffs of her coat sealed the ends from all the cold. She twirled around to show how pretty she looked. Well, except for the very worn shoes, but she would have her new ones soon.

They walked a block down to the Pike then several blocks to the trolley station. She kept dancing around on the platform, which annoyed Mother who thought she should stand still, but the cold was coming up through the cement and into her shoes. Her feet were too cold to stand still. When the trolley arrived Mother gave her little help up to the first step. They moved to the middle of the car. Most of the seats were still empty because this was only the second stop. They chose a bench and sat facing the direction they were going. Mother didn’t like to ride backwards. She got to sit next to the window where she could brace her feet on a small ledge while watching the houses go by. The closer they got to 69th Street the fuller the car became until there was only one seat left. Mother made Lois take her hand when they got to the Station because there were so many people, some going to other trains or trolleys or out to the shops like they were. They crossed the street and walked half way up the hill to Mother’s favorite store, Lit Brothers, where they had ordered her shoes. As soon as they got inside, Mother almost dragged Lois through the first floor to the shoe department. Mother was in a hurry so that they could catch the next subway train and have as much time as possible with Aunt Louise. The clerk brought out the box and carefully unwrapped the shoes. Nestled inside the tissue paper was a dark brown pair of maryjanes. Lois hopped up on the chair and the clerk sat on the special stool in front of her. After removing her worn, right shoe he gently slid the new shoe onto her foot and asked how it felt. It was so pretty with a bit of room for her toes to grow, but the side of the shoe hugged her foot around the arch and heel. He repeated with the left shoe and helped her off the chair to walk a short way to confirm the shoes fit well. Both Mother and the clerk pushed down on the tip of the toe to be sure that there was some grow room. Lois was all smiles as she looked at her feet in the mirror to see how pretty the new shoes were. Mother pronounced herself satisfied, paid the clerk, and they left. Lois carefully watched where she put her feet. There would be no scuffmarks on these shoes or dark spots from stepping into something on the sidewalk.

They just made it to the subway and seated themselves when it began to move. They were looking forward to seeing Aunt Louise, who wasn’t really her aunt, but her godmother. Her mother and Aunt Louise had lived on 2 Street and gone to school together. They and their husbands had dated as a foursome before both men had gone to the Great War. When the men came home Aunt Louise had married Uncle Ed, moved northward in the city. Mother, Katherine, had married Ted, and they found a house in a southwestern suburb. The foursome still enjoyed each others company and got together whenever they could, which was less often than Mother and Aunt Louise would have liked. Lois always liked to be with Aunt Louise with her constant smile and jolly laugh. Everything at Aunt Louise’s house seem to be fun while her own home was more serious, especially when her father was sick, which he was more and more often. The only problem at Aunt Louise’s house was Jimmy, her son. He was three months older than she and believed that meant he could decide what they would do when they played together. He was always teasing her about something, often until she wanted to cry. But she would never give him that satisfaction.

The warmth of Aunt Louise’s kitchen was welcoming after the walk from the bus stop in the cold wind. The aroma of the hot lunch Aunt Louise had made drew them in as well. First thing Lois did was to pirouette before Aunt Louise to show off her new shoes. Aunt Louise liked them a lot, which pleased Lois. As soon as the tea was ready they all sat at the kitchen table. Aunt Louise always made her fell so grown up. Today she had made a cup of half hot tea and half warm milk and sugar. Lois sat up straight and tall the way Mother liked and tried not to make any crumbs. Jimmy seemed to be eating as fast as he could and urged her to hurry. He had made plans to go ice-skating and didn’t want to make his friends wait.   Aunt Louise said how Jimmy should take Lois with him, to which he made a face.   Lois tried to beg off. After all, she hadn’t brought skates nor was she dressed for skating. Actually, she had didn’t own any skates and she was dressed for visiting not playing.   Aunt Louise would have none of it. She insisted that Jimmy take her with him and even had a spare pair of clamp on ice skates Lois could use. It would also give the two mothers a chance to visit without the noise of the children. Aunt Louise found an old pair of Jimmy’s trousers for Lois to slip on under dress. The mothers made sure that the children were all bundled up and shooed them out the door.

Jimmy took off at a run to get to the corner where he told the other kids he would meet them. Lois had to run to keep up. It was an up hill walk to the pond. They all put their skates on and Jimmy took the time to be sure that Lois had hers on properly. The others had skated before and raced all around the edge. Lois gingerly skated in little circles as she learned to balance and turn, speed up and slow down to a stop. Soon she began to feel comfortable and began skating in larger and larger circles. By then the others were just about back to where they had started and began yelling at her. She couldn’t make out what they were saying, but she knew she was getting better and skating more surely. Then she felt as much as heard a cracking sound and there was nothing under her feet. Everything was dark and murky. Next thing she could see was a hand, then an arm, and Jimmy’s face. He was urging her to grab his hand. The other kids had his feet. All the clothes had trapped enough air that she had a little buoyancy. That would soon disappear as her clothes absorbed the cold water. She stretched as hard as she could and managed to reach Jimmy’s hand.

Soon she was free of the water and on the ground next to the pond. Two sets of hands were removing the ice skates. Then they were pushing her up and telling her to run. She didn’t want to run. All she wanted was to get rid of the wet clothes and get warm. They were all shouting at her so she began to edge away. Jimmy began pushing her. Turning she tried to get away from all the shouting and pushing. She couldn’t run fast enough to escape. Jimmy kept pushing. She tripped and fell, so he began to roll her down the hill. The snow stuck to her wet clothes till she began to look like a snowman. When they needed to cross the street several sets of hands pulled her up and shoved her across. Then they began to chase and shove her again. Jimmy was shouting for Aunt Louise before he even opened the back gate. As they reached the porch Aunt Louise and Mother had appeared at the kitchen door.

They grabbed her. Mother began pulling off her wet clothes while Aunt Louise ran for towels. As the big warm fluffy towels were wrapped around her she saw her pretty new shoes were now all wet, stained, and wrinkled. All she could do was cry because she knew they would never be pretty again. Jimmy kept telling her to stop bawling while he stuffed her shoes with newspaper. She seemed to be the only one upset about the once pretty pair of maryjanes. Both mothers were busy praising Jimmy for getting her back so quickly and it was all his fault. He was the reason they had been ice-skating, that she fallen through to the cold water that soaked her beautiful new shoes. He was the one who had pushed, shoved, and rolled her all the way back to Aunt Louise’s house. And here she was crying in front of Jimmy. What had begun as a joyfully entertaining day was now in ruins as were her lovely new shoes.

The last word:

Moma-1929Dad-S-1930This story is part of Suzy’s family lore. The girl Lois is Suzy’s mother, and Lois and Jim married in 1942, literally the night before he left to fly off US Navy aircraft carriers in the Pacific Theater.  These pictures are from approximately the time of the story.

Comments solicited.

Keep your sense of humor.


BMC-QualysThe world is fair; it just is not centered on you or your company. My last blog discussed yet another company who failed to protect their customers’ data and who faces a serious loss of reputation and expensive fines. The Identity Theft Resource Center reported 783 data breaches in 2014, up 27.5% over 2013. These are just the major breaches that get reported in the media or required notification to government agencies. In most cases these breaches involved exposure of information that increased the risk of identify theft to the company’s customers. The Ponemon Institute estimates the cost to a company of such a breach averages over $200 per lost record, plus any government or compliance fines. In January, Experion reported that almost half of the companies they surveyed reported at least one security incident in 2014. Cybercriminals and cyber-terrorists stole slightly over one billion records in 2014. I expect the 2015 number to be substantially higher.

As I have reported before, most of these attacks target known vulnerabilities. As anti-malware software keeps getting better, almost 80% of vulnerabilities have patches available on the day of disclosure. The obvious question is, “Why are so many companies still getting successfully attacked?” The answer varies from “We do not really care” to “It is hard.” Customer abandonment will eventually fix the first group of companies. For the rest, it is hard. It is hard to keep up with all of the patches and sometimes even harder to keep track of where everything is in your IT environment, especially as you move to the Cloud. It is hard to schedule the time to do the updates without impacting your customers or your internal operations. Sometimes the internal IT structure interferes with different organizations having seemingly contradictory priorities: “keep us up” vs. “keep us secure” vs. “reduce IT costs.” Target fell into this bind, and is still paying for that mistake.

The primarily reason the attacks that make the news are so large, impacting millions of people, is that companies are very slow to actually detect that they are being attacked, and then doing something about it. On average, it is taking companies six to nine months from the time malware is introduced into their IT environment until they have resolved the problem.

I had the privilege of talking to a couple of BMC executives in advance of their February 25, 2015, announcement of a new joint platform called the Intelligent Compliance Solution. Intelligent Compliance merges the security capabilities of Qualys into the remediation and operations management software provided by BMC. The result makes staying secure much easier and provides timely warnings of vulnerabilities and policy violations.

BMC is an American company incorporated in 1980. It’s name is not an acronym, but simply the first letter of the three founders last names: Scott Boulette, John Moores and Dan Cloer. Today it is a $2 billion company with about 6,000 employees specializing in transforming the IT digital enterprise. BMC products and services support about 20,000 companies and address six principles of digital transformation: an intuitive user experience, actionable intelligence, adaptive automation, optimized infrastructure and cost, agile applications, and compliance and risk mitigation.

Qualys is an American company founded in 1999 that provides cloud security, compliance and related services to about 7,700 companies. Qualys tag line is “Continuous Security in a Unified Cloud Solution.” Gartner Group has given Qualys a “Strong Positive” rating for these services for the past five years.

At the high level, what this partnership provides is the security scanning of Qualys feeding vulnerability information to BMC, where the vulnerabilities are matched with the appropriate software patches for automated remediation.

The bottom line:

  • Reduce the window of vulnerability by reducing time from detection to resolution.
  • Improve IT operations performance by correctly applying the appropriate patches automatically with minimal or no impact to customers.

Morningstar Inc. was an early user of the result. Michael Allen, Morningstar Information Security Officer, said, “With Intelligent Compliance we now have an integrated solution to automate our information security processes, greatly reducing time and cost.” Intelligent Compliance benefits reported by Morningstar include:

  • Reduced audit risk by decreasing configuration compliance audit cycle time from two months to five days.
  • Reduced audit and patch time by 97%.
  • Reduced compliance audit time from five days to twelve minutes per system.
  • Provided 100% SOX compliance.

Intelligent Compliance moves towards a concept of continuous audit. Instead of doing an audit every year or every quarter, Intelligent Compliance is auditing constantly, reporting vulnerabilities and security policy violations. It leaves audit trails so you know who did what where, and you can prove it when the actual auditors arrive for a formal audit or you need to do forensics.

The last word:

Both BMC and Qualys have historically used partnerships to expand their market and capabilities, so it seems, at least in retrospect, obvious that they would consider bringing the security scanning and monitoring capabilities of Qualys to the business service management of BMC products and services.

This solution will not protect you from every cyber attack, but it should significantly reduce your risk and free up some of your IT staff to work on additional security issues plus work on enhancing IT to better support your business.

Comments solicited.

Keep your sense of humor.


Anthem Mayhem

AnthemOnce again a company that we trust with our health and personal information has betrayed that trust. Cybercriminals were able to hack into an Anthem database that contained up to 80 million records of current and former customers and company employees. The information now in the hands of criminals includes names, Social Security numbers, birthdays, postal and email addresses, and employment information including income data.

Anthem stated that no credit card or medical information was compromised, but the information that was stolen is sufficient to launch successful identify theft attacks against every one of the tens of millions of compromised individuals.

Anthem noted the intrusion on January 29, but based on analysis of the cybercriminal infrastructure likely used suggests that the attackers first gained a foothold into Anthem’s servers in April 2014, nine months before Anthem noticed the attack. One link in the chain of establishing the Malware at Anthem went through China. Whether that is a significant fact is unknown at this time. Anthem immediately notified the FBI.

Since admitting the attack, Anthem has been sharing information about the attack including IOCs (indicators of compromise) with HITRUST, the Health Information Trust Alliance, and NH-ISAC, the National Health Information Sharing and Analysis Center. These groups disseminate information about cyber threats to the healthcare industry. So far, these IOCs have not been discovered by other health care organizations. It appears that this attack was focused against Anthem.

Clearly, Anthem is not paying attention to the security of their customers’ data. None of this data was encrypted. Anthem has contracted with Mandiant, a cybersecurity firm, to evaluate their security systems and identify solutions. Seems to me they are a year late with this kind of analysis.

The brands impacted by this breach: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, and Healthlink. It can also impact anyone holding a BlueCard. A BlueCard enables members of one Blue Cross / Blue Shield plan to obtain healthcare sevices while traveling or living in another service area. Blue Cross / Blue Shield Federal Employee Programs are also impacted. This information is linked through a single electronic network throughout the US and 200 other countries and territories.

What should you as an individual do if you think you were impacted?

  • You may receive an email apparently from Anthem. These emails are not from Anthem and are scams attempting to get your personal information. Do not click on any link in such an email.
  • You may also receive a phone call apparently from Anthem about the attack. These calls are also not from Anthem. As always, do not give out credit card or Social Security numbers over the phone on any call you did not initiate. Hang up.
  • According to Anthem you should receive a letter in the mail “in the coming weeks.” That letter will advise you of the protection(s) being offered.
  • Take whatever identity theft services they offer.
  • Continue to monitor all of your financial accounts, including mortgage, investment, and loan accounts.
  • Consider putting a security freeze on your credit reports at each of the three reporting companies, Equifax, Experian, and TransUnion. Since most businesses will not open a new account without first checking your credit history, if they can’t access your credit history they are quite likely to deny someone getting credit in your name. It may cost you a few dollars, but it really does stop most identity theft. Availability and cost vary by state. If you want to request credit, you can lift the freeze enough to let a specific request be accepted.

If you are responsible for the personal information of your customers, employees or contractors, how vulnerable are you? You should not guess the answer. Find out, before you become the next Anthem.

Anthem will have some very stiff fines as a result of this breach. Between 2009 and 2013, HIPAA has levied fines of more than $25 million for data breaches. But this attack impacts more than twice as many people as all of the 2009-2013 breaches involving fines combined.

In 2014, Columbia Medical Center was fined $4.8 million for a data reach involving less than 10,000 people.

The last word:

Sometimes personal data is “released” on paper. Hundreds of documents from the Philadelphia Adult Probation and Parole Department were found in early February strewn across several streets in part of Philadelphia. These documents contained names, addresses, birthdates, Social Security numbers and signatures. The best guess as of this writing is that one or more boxes of information fell of a truck on the way to a nearby recycling center. The documents were not shredded.

Comments solicited.

Keep your sense of humor.


In December, SingleHop asked nearly 200 bloggers for their predictions for Cloud Computing in 2015. They published their favorite predictions in their blog and asked that the contributors share their picks with our readers.


My prediction did not make their favorite list, possibly in part because it was a prediction of a serious cloud-based problem in 2015. The Cloud has so far been a fairly safe place to play. For the past four years I have reviewed the Verizon Risk Team annual security report and various Ponemon Institute reports. While the Cloud has been involved in some serious security breaches, the Cloud was not a contributing factor: the breaches were due to companies’ failure to properly protect their networks and data. I believe that for many organizations, the additional security expertise provided by Cloud Service Providers and existing cloud management software actually makes the Cloud safer than their own data centers.

I recently reported on Websense Security Labs 2015 Security Predictions. One of their predictions nicely supports my submission to SingleHop: Sometime in 2015 one of the Cloud-based collaboration tools will be hacked and a company’s confidential and proprietary information will be stolen. Two factors are driving this prediction:

  1. Hackers are becoming much more targeted, going after specific companies for a specific purpose. That purpose could be financial, such as selling your information to a competitor or holding your data hostage. It could an act of hacktivism, someone who does not like what or how you do business. It could also be part of a government attack at your country’s economy.
  2. These collaboration sites provide a place for hackers to hide their command and control infrastructure. Your company is probably watching the places you visit in the Cloud, but will not flag traffic to and from places like Google Drive, Microsoft Office 365 or the like, especially if your company supports using those collaboration tools. The hackers do not have to deliver malware to your desktop in order to capture your information.

The last word:

Unfortunately, neither Microsoft nor Google have stellar security reputations. If your company uses collaboration services, make sure your security team is monitoring for news of successful hacks through these services. The best thing to do is to encrypt any confidential or proprietary data that your employees and contractors store in these collaboration spaces, and periodically review the cloud-based documents for violation of your encryption policy.

Comments solicited.

Keep your sense of humor.



Get every new post delivered to your Inbox.

Join 120 other followers