Google claims an Autonomy white paper contains "significant inaccuracies" about the larger company's security, comprehensiveness, relevancy, and user experience.
For the second time in six months, Google (NSDQ: GOOG) has publicly challenged a white paper from enterprise search rival Autonomy, claiming the latest document contains "significant inaccuracies."
In its Enterprise Search blog, Google said the smaller vendor was being less than truthful about the security, comprehensiveness, relevancy in search results and user experience of the bigger company's search appliance. Autonomy on Wednesday, however, stood its ground.
"For customers with demanding needs, the Google appliance lacks the necessary security and connectivity models," Mike Lynch, chief executive of Autonomy, said in an emailed statement.
"It is not possible to make successful high-end enterprise search solutions without mapped security and productized connectors to repositories."
The latest spat reflects how the market for technology that operates behind an organization's firewall and searches content in a variety of data stores is heating up. Microsoft (NSDQ: MSFT), for example, agreed this month to pay $1.2 billion -- a 42% premium -- for Fast Search & Transfer, a software maker that lost $130 million last year. IBM (NYSE: IBM) is another tech giant that's slugging it out in the market.
Google claimed the white paper said Google's appliance "does not index all your critical content." In his rebuttal, Nitin Mangtani, lead product manager for Google Enterprise Search, said in the company blog that the appliance searches file shares, intranets, databases and real-time business data. In addition, there are connectors to third-party content management systems, such as Documentum and Microsoft SharePoint.
On security, Autonomy claimed the security features in Google's appliance "are not sufficient for enterprise use," according to Mangtani, who responded that the device has two levels of security. The first provides support for multiple security access control systems, and the second supports document-level security with all content sources.
As to claims that the appliance failed to produce a high enough level of relevant search results, Mangtani countered that more than 50% of Google customers switched to the product because it had a higher relevancy rate than rivals.
Finally, on user experience, Autonomy's paper said the Google appliance "does not offer the advanced retrieval or automatic information operations required by the enterprise," Mangtani said. In response, he claimed the product does offer advanced operations while leveraging a fast and easy-to-use interface comparable to Google's Web portal.
"Although the above list is by no means thorough, we feel it's important to clarify misinformation about enterprise search," Mangtani wrote. "Ultimately, it might be better to let our products and our customers from all industries do the talking."
Despite Google's complaints, at least some of Autonomy's claims were confirmed in a separate report by analyst firm CMS Watch. The firm found that the latest version 5 of Google Search Appliance trailed most competitors in security and in connectors to data sources.
To Continue Reading: Click Here
---------------------------------------
Source: Informationweek
By: Antone Gonsalves
Thursday, January 31, 2008
2008: The Year of the Storage Vendor
Chinese astrology tells us that 2008 is the year of the rat, but I’m going to take it one step further and say it’s the year of the “pack rat,” which is a more appropriate term for the storage industry these days.
All of the compliance talk – SOX, COBIT, COSO, HIPAA, Section 404 – has overwhelmed organizations of all sizes and has made them more accountable for the data they collect and store. As a result, enterprise data will continue to grow exponentially, upwards of 50 percent a year on average.
If this doesn’t make storage administrators shake in their boots, the exorbitant number of documents that must find a home on cramped disks due to these regulations will. While it may sound extreme, some companies have been required to gather and retain every single fax sent to them over the course of 25 years.
Enterprises throughout the world are trying to control costs and maximize resources. One strategy they’ve deployed is the centralization of IT management, specifically storage management. Additionally, as multiple data centers condense and become more sophisticated, fewer employees are challenged to do more tasks and take on even more responsibilities on a daily basis. Intel is looking to consolidate 133 of its data centers globally into eight high-density facilities in order to reduce costs – and this is just the tip of the iceberg. As more organizations consolidate, the burden is then placed on storage administrators to maximize existing storage resources while accurately planning for future growth.
And, just when you thought underutilized, over-provisioned storage wasn’t an issue, think again.
A recent poll discovered that most storage companies believe that 70 percent of storage capacity is wasted – perpetuating the problem of insufficient storage resources. This leaves storage administrators with the delicate balancing act of ensuring their organizations have enough storage resources while keeping costs at a minimum.
With this environment in mind, here are some of the trends that you’ll be seeing within the storage industry this year:
Increased Use of Managed Services and Software as a Service (SaaS)
These types of services will play a more prominent role when it comes to the storage industry, making it easy for companies to offer their own branded service and easily integrate additional products into their existing arsenal of service offerings. This effectively takes some of the pressure off the companies themselves, which are tapped for resources, and into the hands of the service providers. It also delivers tools and solutions to customers needing to create an annuity-based revenue stream and a customized user experience when it comes to challenges such as branch office data protection or remote backup and disaster recovery. One example of this can be seen in the rapid growth of online backup services.
Mission-critical … File-level Reporting
Due to SOX, companies are required to produce both electronic and paper documents during trial. Given our litigious environment in the United States, longer file retention periods and the need to quickly materialize specific documents can become a nightmare for storage and IT administrators. Not to mention the soaring legal costs involved in cases in which documents can’t be located in a timely fashion. In 2008, we’ll start seeing more storage software vendors marketing solutions that have file-level reporting capabilities. This ability to drill down into the data will be advantageous to companies needing to locate specific files for backup or recovery quickly and effectively. (This is commonly referred to as e-discovery, but is its own application or service.)
To Continue Reading: Click Here
-------------------------------------
Source: Computer Technology Review
By: Richard Clark
All of the compliance talk – SOX, COBIT, COSO, HIPAA, Section 404 – has overwhelmed organizations of all sizes and has made them more accountable for the data they collect and store. As a result, enterprise data will continue to grow exponentially, upwards of 50 percent a year on average.
If this doesn’t make storage administrators shake in their boots, the exorbitant number of documents that must find a home on cramped disks due to these regulations will. While it may sound extreme, some companies have been required to gather and retain every single fax sent to them over the course of 25 years.
Enterprises throughout the world are trying to control costs and maximize resources. One strategy they’ve deployed is the centralization of IT management, specifically storage management. Additionally, as multiple data centers condense and become more sophisticated, fewer employees are challenged to do more tasks and take on even more responsibilities on a daily basis. Intel is looking to consolidate 133 of its data centers globally into eight high-density facilities in order to reduce costs – and this is just the tip of the iceberg. As more organizations consolidate, the burden is then placed on storage administrators to maximize existing storage resources while accurately planning for future growth.
And, just when you thought underutilized, over-provisioned storage wasn’t an issue, think again.
A recent poll discovered that most storage companies believe that 70 percent of storage capacity is wasted – perpetuating the problem of insufficient storage resources. This leaves storage administrators with the delicate balancing act of ensuring their organizations have enough storage resources while keeping costs at a minimum.
With this environment in mind, here are some of the trends that you’ll be seeing within the storage industry this year:
Increased Use of Managed Services and Software as a Service (SaaS)
These types of services will play a more prominent role when it comes to the storage industry, making it easy for companies to offer their own branded service and easily integrate additional products into their existing arsenal of service offerings. This effectively takes some of the pressure off the companies themselves, which are tapped for resources, and into the hands of the service providers. It also delivers tools and solutions to customers needing to create an annuity-based revenue stream and a customized user experience when it comes to challenges such as branch office data protection or remote backup and disaster recovery. One example of this can be seen in the rapid growth of online backup services.
Mission-critical … File-level Reporting
Due to SOX, companies are required to produce both electronic and paper documents during trial. Given our litigious environment in the United States, longer file retention periods and the need to quickly materialize specific documents can become a nightmare for storage and IT administrators. Not to mention the soaring legal costs involved in cases in which documents can’t be located in a timely fashion. In 2008, we’ll start seeing more storage software vendors marketing solutions that have file-level reporting capabilities. This ability to drill down into the data will be advantageous to companies needing to locate specific files for backup or recovery quickly and effectively. (This is commonly referred to as e-discovery, but is its own application or service.)
To Continue Reading: Click Here
-------------------------------------
Source: Computer Technology Review
By: Richard Clark
Qualcomm Case Sends Tremors Nationwide
The San Francisco earthquake measured 8.25 on the Richter scale, claimed 3,000 lives and caused half a billion of damage in 1906 dollars. The 1989 Loma Prieta earthquake registered 6.9 on the scale, left 63 dead, 3,700 injured and delayed the World Series for 10 days. The 1994 Northridge quake, a mere 6.7, resulted in 57 deaths, 9,000 injuries, and $40 billion of damage. The 2008 Qualcomm case has not been assigned a Richter number; it caused no deaths. But it should send shock waves far outside of California. On Jan. 8, Magistrate Judge Barbara Major issued a sanction order and referred six attorneys to the State Bar of California for investigation of possible ethical lapses. All because e-discovery had not been properly conducted.
AN UNNATURAL DISASTER IN THE QUALCOMM CASE
Let us be clear. This decision was issued but a few weeks ago; it may be reversed or modified. There no doubt is a way to tell the tale that is less damning to Qualcomm and its lawyers than Major's recitation. But she is the judge and she has judged and, oh boy, has she damned.
We will use pseudonyms in this article because we take no joy in reporting that lawyers have been sanctioned. These six lawyers, judging from their bios, are fine lawyers at the top of the profession. If this happened to them, it could happen to us. It could happen to you.
In Qualcomm Inc. v. Broadcom Corp., 2008 U.S. Dist. Lexis 911 (S.D. Calif. 2008), Broadcom asserted that Qualcomm's patent infringement action was waived by Qualcomm's participation in an industrywide collaboration known as the Joint Video Team (JVT) that led to the adoption of a video coding standard in 2003. JVT participants were required to disclose relevant patents and license them to anyone who followed the 2003 standard -- if Qualcomm had been a participant prior to adoption of the standard, its action against Broadcom was waived. Qualcomm asserted, however, that it was not a participant prior to 2003.
We have to fill in a few gaps here with speculation. We're guessing that the JVT was a confab of a very large number of entities, some of which came to meetings to participate, some of which participated by mail, some of which participated passively by merely monitoring events. We're guessing that the JVT didn't keep complete records of who was or was not a participant. But we are not guessing, because Major tells us that Broadcom sought discovery about Qualcomm's pre-2003 participation. And therein lies the tale. Qualcomm responded in interrogatories that its first JVT involvement was in December 2003, after adoption of the standard. Qualcomm produced Rule 30(b)(6) witnesses who stated that Qualcomm had not participated in the JVT until late 2003.
At the Rule 30(b)(6) deposition, Broadcom used the only document it had that suggested participation: a December 2002 e-mail that included the e-mail address of a Qualcomm employee, Viji Raveendran, in what looked like a list of members of a JVT subcommittee called AVC. The e-mail was not sent to nor received by Raveendran; it simply listed her e-mail address. Qualcomm remained resolute -- indeed, Major said "aggressive" -- in its assertion that it had not participated in the JVT in 2002. It filed declarations and pleadings asserting that there had been no pre-2003 involvement.
And then the wheels started to come off. While preparing Raveendran for testimony, Junior A. Soseat (remember, we're using stage names here), stumbled upon an August 2002 e-mail welcoming Raveendran to the AVC. Soseat then asked Raveendran to search her laptop with the term "AVC" -- and turned up 21 separate e-mail chains, none of which had ever been produced, which were addressed to Raveendran in 2002 about the work of the JVT. Soseat reported his discovery to his elders, Wiley Vetren and C. Nora Pardner. Collectively, they decided that the 21 e-mails were not responsive to Broadcom's discovery requests. They said nothing about the 21 e-mails to Broadcom. And maybe not to their own co-counsel, either.
Soseat, Vetren and Pardner were all part of a boutique IP firm, Patents & Progeny. P&P had brought in Big & Bigger, a 650-lawyer international firm, after discovery had been completed, to help try the case. In an argument four days after the P&P lawyers had decided not to produce the 21 e-mails, B&B's Dan D. Fellow argued to the judge that there was no evidence of any pre-2003 involvement by Qualcomm in the JVT. Fellow later would maintain that P&P never told him about the 21 e-mails; P&P asserted otherwise. In any event, Vetren and Pardner stood by silently as Fellow made his inaccurate assertions to the court.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
AN UNNATURAL DISASTER IN THE QUALCOMM CASE
Let us be clear. This decision was issued but a few weeks ago; it may be reversed or modified. There no doubt is a way to tell the tale that is less damning to Qualcomm and its lawyers than Major's recitation. But she is the judge and she has judged and, oh boy, has she damned.
We will use pseudonyms in this article because we take no joy in reporting that lawyers have been sanctioned. These six lawyers, judging from their bios, are fine lawyers at the top of the profession. If this happened to them, it could happen to us. It could happen to you.
In Qualcomm Inc. v. Broadcom Corp., 2008 U.S. Dist. Lexis 911 (S.D. Calif. 2008), Broadcom asserted that Qualcomm's patent infringement action was waived by Qualcomm's participation in an industrywide collaboration known as the Joint Video Team (JVT) that led to the adoption of a video coding standard in 2003. JVT participants were required to disclose relevant patents and license them to anyone who followed the 2003 standard -- if Qualcomm had been a participant prior to adoption of the standard, its action against Broadcom was waived. Qualcomm asserted, however, that it was not a participant prior to 2003.
We have to fill in a few gaps here with speculation. We're guessing that the JVT was a confab of a very large number of entities, some of which came to meetings to participate, some of which participated by mail, some of which participated passively by merely monitoring events. We're guessing that the JVT didn't keep complete records of who was or was not a participant. But we are not guessing, because Major tells us that Broadcom sought discovery about Qualcomm's pre-2003 participation. And therein lies the tale. Qualcomm responded in interrogatories that its first JVT involvement was in December 2003, after adoption of the standard. Qualcomm produced Rule 30(b)(6) witnesses who stated that Qualcomm had not participated in the JVT until late 2003.
At the Rule 30(b)(6) deposition, Broadcom used the only document it had that suggested participation: a December 2002 e-mail that included the e-mail address of a Qualcomm employee, Viji Raveendran, in what looked like a list of members of a JVT subcommittee called AVC. The e-mail was not sent to nor received by Raveendran; it simply listed her e-mail address. Qualcomm remained resolute -- indeed, Major said "aggressive" -- in its assertion that it had not participated in the JVT in 2002. It filed declarations and pleadings asserting that there had been no pre-2003 involvement.
And then the wheels started to come off. While preparing Raveendran for testimony, Junior A. Soseat (remember, we're using stage names here), stumbled upon an August 2002 e-mail welcoming Raveendran to the AVC. Soseat then asked Raveendran to search her laptop with the term "AVC" -- and turned up 21 separate e-mail chains, none of which had ever been produced, which were addressed to Raveendran in 2002 about the work of the JVT. Soseat reported his discovery to his elders, Wiley Vetren and C. Nora Pardner. Collectively, they decided that the 21 e-mails were not responsive to Broadcom's discovery requests. They said nothing about the 21 e-mails to Broadcom. And maybe not to their own co-counsel, either.
Soseat, Vetren and Pardner were all part of a boutique IP firm, Patents & Progeny. P&P had brought in Big & Bigger, a 650-lawyer international firm, after discovery had been completed, to help try the case. In an argument four days after the P&P lawyers had decided not to produce the 21 e-mails, B&B's Dan D. Fellow argued to the judge that there was no evidence of any pre-2003 involvement by Qualcomm in the JVT. Fellow later would maintain that P&P never told him about the 21 e-mails; P&P asserted otherwise. In any event, Vetren and Pardner stood by silently as Fellow made his inaccurate assertions to the court.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
Wednesday, January 30, 2008
Congress, like the White House, has e-mail archiving problems
Congressional investigators have been highly critical of the Bush White House for failing to archive e-mail records that are the subject of a variety of oversight probes. But as Roll Call's Emily Yehle notes, Congress's own record on e-mail archiving may not itself be squeaky clean.
"[I]f the House or Senate were pressed to produce those e-mails, it probably would come up with even fewer than the White House," the reporter notes. "Neither the House nor the Senate have a centralized system that preserves e-mails. And they’re not held to public-records laws such as the Freedom of Information Act."
Yehle warns that given the prominence of e-mail communications in recent controversies with criminal implications, the problem with preserving Congressional e-mail records is more relevant than ever.
"Former Rep. Mark Foley (R-Fla.) used e-mails and instant messages to send lewd comments to underage pages, and Rep. William Jefferson (D-La.) is in the middle of a battle over whether his computer files were legally taken by FBI agents investigating whether the lawmaker took bribes from officials in Nigeria and other African countries," she writes.
But the legislative branch still lacks a single policy for preserving e-mails. Each Congressional office and committee sets its own policy.
To Continue Reading: Click Here
------------------------------------------
Source: rawstory.com
"[I]f the House or Senate were pressed to produce those e-mails, it probably would come up with even fewer than the White House," the reporter notes. "Neither the House nor the Senate have a centralized system that preserves e-mails. And they’re not held to public-records laws such as the Freedom of Information Act."
Yehle warns that given the prominence of e-mail communications in recent controversies with criminal implications, the problem with preserving Congressional e-mail records is more relevant than ever.
"Former Rep. Mark Foley (R-Fla.) used e-mails and instant messages to send lewd comments to underage pages, and Rep. William Jefferson (D-La.) is in the middle of a battle over whether his computer files were legally taken by FBI agents investigating whether the lawmaker took bribes from officials in Nigeria and other African countries," she writes.
But the legislative branch still lacks a single policy for preserving e-mails. Each Congressional office and committee sets its own policy.
To Continue Reading: Click Here
------------------------------------------
Source: rawstory.com
The Law of Contracting Electronically
Is your agreement through e-mail legally binding? Find out what kind of online communication constitutes a legal contract.
The Uniform Act applies to transactions involving business, commercial and government affairs. Each transaction must culminate in an electronic record and an electronic signature.
I Meant to Do That!The Uniform law states that to create an electronic contract both parties must provide some form of intent to conduct transactions electronically. Without this intent, the Uniform Act has no applicability. However, there doesn't have to be a formal agreement to conduct a transaction electronically--only circumstances indicating the parties' intention to do so.
In the scenario above, the fact that both you and the seller conducted all your negotiations by e-mail is evidence of intent to conduct the transaction electronically.
Other evidence of intent to conduct transactions electronically include:
An automaker and a supplier enter into a formal written agreement setting forth the terms, conditions and methods for conducting business electronically.
Joe gives out his business card with his business e-mail address. In this case, the recipient of the card can legally infer that Joe has agreed to communicate electronically for business purposes. But it's not reasonable to assume that Joe has agreed to communicate electronically for matters outside the scope of the business indicated on his business card.
Sally has three e-mail addresses: one at work, one at home and another related to a nonprofit board upon which she sits. It's legally supportable to infer that Sally is willing to communicate electronically regarding business related to the purpose associated with each e-mail account. But it's not reasonable to communicate with Sally electronically for purposes outside of the reason each e-mail account is maintained.
An automaker issuing a recall of automobiles on its website would be an example of a situation where there's no intent to conduct a transaction electronically. Even if a paper contract states that the buyer agrees to receive such notices electronically, the Uniform Act wouldn't apply if the buyer never logged onto the website, had never communicated with the automaker electronically, and provided no further information in the contract to suggest a willingness to deal electronically.
After a party has agreed to conduct a transaction electronically, the Uniform Act states that the party can refuse to conduct any future transactions electronically. The Uniform Act also states that the right to refuse to conduct a second transaction or future transactions by electronic means can't be waived.
Defining MomentsWhat exactly constitutes "electronic"? The term is defined as "relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities." Clearly the Uniform Act encompasses computers and faxes. It also includes optical fiber technology as well as biological and chemical processes for communication and storage of data such as electromagnetic impulses.
The Uniform Act states that an electronic record can't be denied legal effect. This means that a contract created by e-mails can't be said not to be a contract just because the records of that contract are electronic. So what is an electronic record? It's any recording created, used or stored in a medium other than paper, including information stored on a computer hard drive, CD, voice-mail messages, fax, messages on a telephone answering system or voice mail, and audio and videotape recordings. A contract can even be created solely by voice mail as long as the voice mail contains the necessary evidence of a meeting of the minds to form a contract.
To Continue Reading: Click Here
------------------------------------------
Source: Entrepreneur
By: Laura Plimpton
The Uniform Act applies to transactions involving business, commercial and government affairs. Each transaction must culminate in an electronic record and an electronic signature.
I Meant to Do That!The Uniform law states that to create an electronic contract both parties must provide some form of intent to conduct transactions electronically. Without this intent, the Uniform Act has no applicability. However, there doesn't have to be a formal agreement to conduct a transaction electronically--only circumstances indicating the parties' intention to do so.
In the scenario above, the fact that both you and the seller conducted all your negotiations by e-mail is evidence of intent to conduct the transaction electronically.
Other evidence of intent to conduct transactions electronically include:
An automaker and a supplier enter into a formal written agreement setting forth the terms, conditions and methods for conducting business electronically.
Joe gives out his business card with his business e-mail address. In this case, the recipient of the card can legally infer that Joe has agreed to communicate electronically for business purposes. But it's not reasonable to assume that Joe has agreed to communicate electronically for matters outside the scope of the business indicated on his business card.
Sally has three e-mail addresses: one at work, one at home and another related to a nonprofit board upon which she sits. It's legally supportable to infer that Sally is willing to communicate electronically regarding business related to the purpose associated with each e-mail account. But it's not reasonable to communicate with Sally electronically for purposes outside of the reason each e-mail account is maintained.
An automaker issuing a recall of automobiles on its website would be an example of a situation where there's no intent to conduct a transaction electronically. Even if a paper contract states that the buyer agrees to receive such notices electronically, the Uniform Act wouldn't apply if the buyer never logged onto the website, had never communicated with the automaker electronically, and provided no further information in the contract to suggest a willingness to deal electronically.
After a party has agreed to conduct a transaction electronically, the Uniform Act states that the party can refuse to conduct any future transactions electronically. The Uniform Act also states that the right to refuse to conduct a second transaction or future transactions by electronic means can't be waived.
Defining MomentsWhat exactly constitutes "electronic"? The term is defined as "relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities." Clearly the Uniform Act encompasses computers and faxes. It also includes optical fiber technology as well as biological and chemical processes for communication and storage of data such as electromagnetic impulses.
The Uniform Act states that an electronic record can't be denied legal effect. This means that a contract created by e-mails can't be said not to be a contract just because the records of that contract are electronic. So what is an electronic record? It's any recording created, used or stored in a medium other than paper, including information stored on a computer hard drive, CD, voice-mail messages, fax, messages on a telephone answering system or voice mail, and audio and videotape recordings. A contract can even be created solely by voice mail as long as the voice mail contains the necessary evidence of a meeting of the minds to form a contract.
To Continue Reading: Click Here
------------------------------------------
Source: Entrepreneur
By: Laura Plimpton
Tuesday, January 29, 2008
Humans Can Only Think About Four Things At Once, Study Says
Work-obsessed multitaskers who try to defy the limit are probably doing a lousy job.
Many executives see themselves as prodigious multitaskers -- checking e-mail while simultaneously talking on the phone, eyeing stock quotes, and performing all sorts of other busywork. But they're probably doing a lousy job if they're trying to focus on more than four things at once, a recent study maintains.
Researchers at the University of Oregon have concluded that the human brain has a built-in limit on the number of discrete thoughts it can entertain at one time. The limit for most individuals is four, according to the research team led by University of Oregon psychology professors Edward Awh and Edward Vogel.
The multitasking cap is not affected by the complexity of one's thoughts. Surprisingly, as many complex concepts can be retained in short-term memory as simple thoughts, the researchers found.
That makes the human brain dissimilar to an electronic gadget like an iPhone, they said. A 4 GB iPhone can hold about 1,000 four-minute songs. But fewer tunes can be stored if they're longer and consume more memory space.
Awh and Vogel's team also found a strong link between short-term memory capacity and intelligence. "People with high IQs can think about more things at once," according to the study.
But it's no sure bet that such individuals will have an easier time passing tests or succeeding on the job. Their memories may be capacious -- but not necessarily clear. "Even though people with high IQs can think about more things at once, there are no guarantees about how good those memories might be," said Awh, in a statement.
To Continue Reading: Click Here
-----------------------------------------
Source: Informationweek
By: Paul McDougall
Many executives see themselves as prodigious multitaskers -- checking e-mail while simultaneously talking on the phone, eyeing stock quotes, and performing all sorts of other busywork. But they're probably doing a lousy job if they're trying to focus on more than four things at once, a recent study maintains.
Researchers at the University of Oregon have concluded that the human brain has a built-in limit on the number of discrete thoughts it can entertain at one time. The limit for most individuals is four, according to the research team led by University of Oregon psychology professors Edward Awh and Edward Vogel.
The multitasking cap is not affected by the complexity of one's thoughts. Surprisingly, as many complex concepts can be retained in short-term memory as simple thoughts, the researchers found.
That makes the human brain dissimilar to an electronic gadget like an iPhone, they said. A 4 GB iPhone can hold about 1,000 four-minute songs. But fewer tunes can be stored if they're longer and consume more memory space.
Awh and Vogel's team also found a strong link between short-term memory capacity and intelligence. "People with high IQs can think about more things at once," according to the study.
But it's no sure bet that such individuals will have an easier time passing tests or succeeding on the job. Their memories may be capacious -- but not necessarily clear. "Even though people with high IQs can think about more things at once, there are no guarantees about how good those memories might be," said Awh, in a statement.
To Continue Reading: Click Here
-----------------------------------------
Source: Informationweek
By: Paul McDougall
Many Companies Opening Themselves Up To Dire Business Consequences
Kroll Ontrack a leading provider of data recovery products and services, recently announced the results of a global survey* that showed that many companies fail to include data recovery as part of their companies’ compliance policies, potentially opening themselves up to dire business consequences. Despite the fact that 78 percent of respondents believe that data recovery is the most important component of a compliance plan, only 50 percent say it is part of their company’s compliance policy.
Regulations such as SOX, HIPAA, PCI, FACTA, etc., make it clear that companies have a responsibility to protect data and make significant attempts to retrieve data that has become compromised or lost. For a company, the consequences of non-compliance can be severe, potentially resulting in financial penalties, reduced stock value, loss of customer confidence and lost sales revenue. With that said, it is surprising that 46 percent of respondents said they were not sure if their company even had a general policy to comply with the applicable regulations.
Furthermore, given the potential consequences, it is startling that nearly half of respondents, 43 percent, said they don’t believe their companies test their backup systems to ensure data can be produced if needed. Because natural disasters (i.e. the San Diego fires and Hurricane Katrina), human error, and software and hardware malfunctions are unpredictable, this finding reveals that critical electronic data is in jeopardy of being lost and potentially unrecoverable.
“While data recovery is becoming increasingly synonymous with disaster recovery plans, this survey reveals that data recovery has not yet been deemed a critical component of all compliance policies,” said Jim Reinert, vice president of data recovery and software products for Kroll Ontrack. “Given the vast number of information-oriented regulations that have been enacted, companies should ensure a preferred data recovery provider is part of their compliance plan in case a data loss situation ever ensues. The risk of neglecting to do so is too high.”
To help businesses avoid potential non-compliance penalties, Kroll Ontrack recommends not only selecting a preferred data recovery provider, but identifying the name and contact information of the provider in the overall business compliance policy. Furthermore, establishing the vendor in your business’ procurement system will better ensure a smooth, efficient recovery effort if and when a data loss situation arises.
To Continue Reading: Click Here
-----------------------------------------
Source: Sarbanes-Oxley Compliance Journal
Regulations such as SOX, HIPAA, PCI, FACTA, etc., make it clear that companies have a responsibility to protect data and make significant attempts to retrieve data that has become compromised or lost. For a company, the consequences of non-compliance can be severe, potentially resulting in financial penalties, reduced stock value, loss of customer confidence and lost sales revenue. With that said, it is surprising that 46 percent of respondents said they were not sure if their company even had a general policy to comply with the applicable regulations.
Furthermore, given the potential consequences, it is startling that nearly half of respondents, 43 percent, said they don’t believe their companies test their backup systems to ensure data can be produced if needed. Because natural disasters (i.e. the San Diego fires and Hurricane Katrina), human error, and software and hardware malfunctions are unpredictable, this finding reveals that critical electronic data is in jeopardy of being lost and potentially unrecoverable.
“While data recovery is becoming increasingly synonymous with disaster recovery plans, this survey reveals that data recovery has not yet been deemed a critical component of all compliance policies,” said Jim Reinert, vice president of data recovery and software products for Kroll Ontrack. “Given the vast number of information-oriented regulations that have been enacted, companies should ensure a preferred data recovery provider is part of their compliance plan in case a data loss situation ever ensues. The risk of neglecting to do so is too high.”
To help businesses avoid potential non-compliance penalties, Kroll Ontrack recommends not only selecting a preferred data recovery provider, but identifying the name and contact information of the provider in the overall business compliance policy. Furthermore, establishing the vendor in your business’ procurement system will better ensure a smooth, efficient recovery effort if and when a data loss situation arises.
To Continue Reading: Click Here
-----------------------------------------
Source: Sarbanes-Oxley Compliance Journal
Monday, January 28, 2008
Forensic accountants will be more involved
The e-discovery rules are set to change radically, and the new principles could likely get forensic accountants — and their computer forensic departments — more involved in the process in the near future, says one expert.
While e-discovery amendments have been made to the Federal Rules of Civil Procedure in the United States, and a second edition of the Sedona Principles on e-discovery has already been published, the Sedona Principles – Canadian Edition has undergone a consultation phase with the first edition reportedly set to be published in a few weeks.
Contained in the Canadian principles — which address the disclosure and discovery of electronically stored information in Canadian civil litigation — are 12 rules, including one that says parties should ensure that “steps taken in the discovery process are proportionate” and take into account factors such as the nature and scope of the litigation, the relevance of the available electronically stored information, and the costs.
Parties are also expected to be prepared to produce relevant electronically stored information that is reasonably accessible in terms of cost and burden.
The previous rule, still applicable to hard copies, was that everything was discoverable; thus, parties were required to produce everything. Now, for electronic documents, it is a “pick and choose exercise,” says David Debenham, counsel with Lang Michener LLP in Ottawa, who is also an accountant and certified forensic investigator.
“They’re going to need an investigator to sort out what’s worth the cost of asking for and what’s the cost of producing, and it’s all going to be a financial exercise; and so that means lawyers are not really adept at doing cost-benefit analysis, and the accountants are and the accountants have their computer forensic divisions who can do it,” he says.
Forensic accountants have not historically played a role in the process, he says, with lawyers producing everything with a semblance of relevancy.
“Lawyers are up to speed on what the Sedona Principles are going to entail but they’re not up to speed on how to deal with them. Forensic accountants have the tools to deal with them but they’re not up to speed on the change in the rules,” says Debenham.
To Continue Reading: Click Here
-----------------------------------------
Source: lawtimesnews.com
By: Helen Burnett
While e-discovery amendments have been made to the Federal Rules of Civil Procedure in the United States, and a second edition of the Sedona Principles on e-discovery has already been published, the Sedona Principles – Canadian Edition has undergone a consultation phase with the first edition reportedly set to be published in a few weeks.
Contained in the Canadian principles — which address the disclosure and discovery of electronically stored information in Canadian civil litigation — are 12 rules, including one that says parties should ensure that “steps taken in the discovery process are proportionate” and take into account factors such as the nature and scope of the litigation, the relevance of the available electronically stored information, and the costs.
Parties are also expected to be prepared to produce relevant electronically stored information that is reasonably accessible in terms of cost and burden.
The previous rule, still applicable to hard copies, was that everything was discoverable; thus, parties were required to produce everything. Now, for electronic documents, it is a “pick and choose exercise,” says David Debenham, counsel with Lang Michener LLP in Ottawa, who is also an accountant and certified forensic investigator.
“They’re going to need an investigator to sort out what’s worth the cost of asking for and what’s the cost of producing, and it’s all going to be a financial exercise; and so that means lawyers are not really adept at doing cost-benefit analysis, and the accountants are and the accountants have their computer forensic divisions who can do it,” he says.
Forensic accountants have not historically played a role in the process, he says, with lawyers producing everything with a semblance of relevancy.
“Lawyers are up to speed on what the Sedona Principles are going to entail but they’re not up to speed on how to deal with them. Forensic accountants have the tools to deal with them but they’re not up to speed on the change in the rules,” says Debenham.
To Continue Reading: Click Here
-----------------------------------------
Source: lawtimesnews.com
By: Helen Burnett
2008 Represents Year of Configuration and Compliance Challenges
Upcoming Pressures Will Force Organizations to Re-examine Policies on Multiple Fronts
Ecora Software, the market-proven leader for configuration audit and analytics solutions, has outlined a series of market and industry challenges and events that will drive organizations to examine their current IT policies. These market challenges will have a multi-departmental impact on organizations from the executive level to entry-level administrators, with special emphasis on senior IT and financial professionals.
Ecora has outlined the anticipated challenges of 2008 in three select categories:
Emerging and New Compliance Initiatives, Trends in Best Practices and IT Implementations.
Emerging Compliance Issues
• The Impact of Multiple Compliance Initiatives: Organizations have become subject to multiple compliance mandates in recent years. While Sarbanes-Oxley (S-OX) has garnered the majority of headlines in 2008, the average enterprise company will be charged with meeting the standards of between six to 10 federal and state compliance initiatives at any one time. Companies attempting to manage each compliance standard independently will be hampered by escalating audit expenses, a continuing drain on staff resources, and consistent failures to meet deadlines for new IT initiatives. At any one time, the following standards could apply to a typical enterprise company:
• Sarbanes-Oxley (S-OX)
• Health Insurance Portability and Accountability Act (HIPAA)
• Federal Rules of Civil Procedure (FRCP)
• Basel II
• Gramm-Leach-Bliley Act (GLBA)
• Japan’s Internal Controls over Financial Reporting (ICFR) or (J-SOX)
• Payment Card Industry Data Security (PCI DSS)
New Compliance Initiatives
• 2008 will be another watershed year in which companies will be required to comply with federal and state mandates. Some of the recent compliance initiatives companies can expect to deal with in 2008 include:
• S-OX: For public companies under the 75 million cap, non-accelerated filers will be required to provide management's assessment regarding internal control over financial reporting in its annual reports for fiscal years ending on or after Dec. 15, 2007. Government estimates put the number of companies in this category at roughly 13,000.
• FRCP: On Dec. 1, 2006, the rules governing procedure for electronic discovery in federal cases were amended under FRCP. This is significant, as recent studies indicate that 92 percent of corporate legal departments have had to deal with some sort of e-discovery issue in the past 12 months.
• PCI: Level one merchants, those conducting more than six million transactions annually, were required to meet PCI compliance by Sept. 30, 2007; while level two merchants, 150,000 to six million transactions annually, were required to meet that deadline on or before Dec. 31, 2007. The field will expand in 2008 to include level three, 20,000 to 149,999 annual transactions, and level four merchants, under 20,000 annual transactions. Of note, Visa reports that, while level four merchants have far fewer annual transactions than those at levels one, two and three, they account for more than 99 percent of the merchants that accept Visa.
To Continue Reading: Click Here
-----------------------------------------
Source: s-ox.com
Ecora Software, the market-proven leader for configuration audit and analytics solutions, has outlined a series of market and industry challenges and events that will drive organizations to examine their current IT policies. These market challenges will have a multi-departmental impact on organizations from the executive level to entry-level administrators, with special emphasis on senior IT and financial professionals.
Ecora has outlined the anticipated challenges of 2008 in three select categories:
Emerging and New Compliance Initiatives, Trends in Best Practices and IT Implementations.
Emerging Compliance Issues
• The Impact of Multiple Compliance Initiatives: Organizations have become subject to multiple compliance mandates in recent years. While Sarbanes-Oxley (S-OX) has garnered the majority of headlines in 2008, the average enterprise company will be charged with meeting the standards of between six to 10 federal and state compliance initiatives at any one time. Companies attempting to manage each compliance standard independently will be hampered by escalating audit expenses, a continuing drain on staff resources, and consistent failures to meet deadlines for new IT initiatives. At any one time, the following standards could apply to a typical enterprise company:
• Sarbanes-Oxley (S-OX)
• Health Insurance Portability and Accountability Act (HIPAA)
• Federal Rules of Civil Procedure (FRCP)
• Basel II
• Gramm-Leach-Bliley Act (GLBA)
• Japan’s Internal Controls over Financial Reporting (ICFR) or (J-SOX)
• Payment Card Industry Data Security (PCI DSS)
New Compliance Initiatives
• 2008 will be another watershed year in which companies will be required to comply with federal and state mandates. Some of the recent compliance initiatives companies can expect to deal with in 2008 include:
• S-OX: For public companies under the 75 million cap, non-accelerated filers will be required to provide management's assessment regarding internal control over financial reporting in its annual reports for fiscal years ending on or after Dec. 15, 2007. Government estimates put the number of companies in this category at roughly 13,000.
• FRCP: On Dec. 1, 2006, the rules governing procedure for electronic discovery in federal cases were amended under FRCP. This is significant, as recent studies indicate that 92 percent of corporate legal departments have had to deal with some sort of e-discovery issue in the past 12 months.
• PCI: Level one merchants, those conducting more than six million transactions annually, were required to meet PCI compliance by Sept. 30, 2007; while level two merchants, 150,000 to six million transactions annually, were required to meet that deadline on or before Dec. 31, 2007. The field will expand in 2008 to include level three, 20,000 to 149,999 annual transactions, and level four merchants, under 20,000 annual transactions. Of note, Visa reports that, while level four merchants have far fewer annual transactions than those at levels one, two and three, they account for more than 99 percent of the merchants that accept Visa.
To Continue Reading: Click Here
-----------------------------------------
Source: s-ox.com
Sunday, January 27, 2008
Computers keep deleted stuff for a long time
So, you deleted the document containing all your online passwords, cleared your Internet history after researching a medical condition and sent a few sensitive e-mails to the trash bin.
All that information is gone forever, right?
Not even close.
There's a good chance most of it is still on your hard drive, hidden from the casual user but accessible to someone armed with even a little tech-savvy.
That can be a good thing or a bad thing, depending on whether you deleted the data accidentally or on purpose.
If you want those files back, there are companies and software programs that can help, typically for a price.
But if you sold or gave away your computer, that information could end up in the wrong hands.
"Most people are really surprised to learn that when they drag a file into the recycle bin, they're not permanently deleting it," said Nathan Jones, vice president of sales for WhiteCanyon, which sells software for data destruction and recovery. "Unfortunately, that's not the way it works. Everything is still there on the system until your computer needs the space. Anybody who knows anything about computers can access it."
But there's good news. It doesn't take a rocket, er, computer scientist to clean up your hard drive.
The amount of data a computer contains is mind-boggling.
Anything you've viewed on your computer, be it an Adobe attachment or a YouTube clip, is potentially on your hard drive, even if you didn't specifically download and save it. The Internet pages you've viewed, the passwords you've typed in, the documents you've accessed all might still be on your hard drive.
"I think the average user has very little knowledge that lots of information on their systems is even stored there, let alone how to delete it," said Peter Watkins, chief executive officer of Webroot Software in Boulder, Colo. "Many applications that you use create a large number of temporary files that will be snapshots of the information you've accessed. They are not deleted automatically. They are on your hard drive and take up space and present a serious security hole."
To Continue Reading: Click Here
-----------------------------------------
Source: nashuatelegraph.com
By: Chris Walsh
All that information is gone forever, right?
Not even close.
There's a good chance most of it is still on your hard drive, hidden from the casual user but accessible to someone armed with even a little tech-savvy.
That can be a good thing or a bad thing, depending on whether you deleted the data accidentally or on purpose.
If you want those files back, there are companies and software programs that can help, typically for a price.
But if you sold or gave away your computer, that information could end up in the wrong hands.
"Most people are really surprised to learn that when they drag a file into the recycle bin, they're not permanently deleting it," said Nathan Jones, vice president of sales for WhiteCanyon, which sells software for data destruction and recovery. "Unfortunately, that's not the way it works. Everything is still there on the system until your computer needs the space. Anybody who knows anything about computers can access it."
But there's good news. It doesn't take a rocket, er, computer scientist to clean up your hard drive.
The amount of data a computer contains is mind-boggling.
Anything you've viewed on your computer, be it an Adobe attachment or a YouTube clip, is potentially on your hard drive, even if you didn't specifically download and save it. The Internet pages you've viewed, the passwords you've typed in, the documents you've accessed all might still be on your hard drive.
"I think the average user has very little knowledge that lots of information on their systems is even stored there, let alone how to delete it," said Peter Watkins, chief executive officer of Webroot Software in Boulder, Colo. "Many applications that you use create a large number of temporary files that will be snapshots of the information you've accessed. They are not deleted automatically. They are on your hard drive and take up space and present a serious security hole."
To Continue Reading: Click Here
-----------------------------------------
Source: nashuatelegraph.com
By: Chris Walsh
'Private' messages often open secrets
Do text messages disappear? Only sort of
Don't send any text messages or e-mails you don't want to see in the newspaper was a lesson Detroit Mayor Kwame Kilpatrick learned this week, and one repeated by area attorneys and business consultants.
"I advise everyone and practice it absolutely. I don't send anything I don't want public," said Mark Malven, leader of the technology transaction practice in the Bloomfield Hills office of Dykema Gossett P.L.L.C. "I don't put anything sensitive into an e-mail or a text message that I wouldn't want to see in the newspaper. Executives have come crashing to the ground. Companies get ruined."
Service providers say they erase text messages from their servers — AT&T deletes messages after 72 hours, according to spokesperson Howard Riefs, and others do so in times ranging up to two weeks — but you shouldn't rely on that, say industry professionals.
"Though officially deleted by official policy, my suspicion is that they archive them longer than public communication dictates, and legislation on e-discovery is making it easier and easier for these types of communications to be used in civil and criminal proceedings," said Steve Barone, CEO of Creative Breakthroughs in Troy, an IT staffing, consulting and managed-services firm and the No. 1 provider of Symantec services in the Midwest.
"Don't rely on word the messages are gone," said Malven. "Providers want people to keep using it (text messaging) and not be worried. They may delete it on the server, but backups may be out there."
"Service providers back up constantly, as a matter of course. Just assume it will be stored somewhere and accessible either intentionally or by accident," said Jose Nazario, a senior security researcher in the Ann Arbor office of Massachusetts-based Arbor Networks Inc., which provides Internet security by monitoring Web sites for assaults by hackers and helping fight them.
Even if private text messages are deleted, companies and governments may have contracts with communications providers spelling out retention policies that require much longer storage, which was the case with the city of Detroit's contract with Mississippi-based SkyTel, whose BlackBerry-like SkyWriter was the tool of choice for the mayor and his chief of staff, Christine Beatty.
Kilpatrick and Beatty are public figures with fewer rights of privacy than most citizens. But once even private citizens start using company equipment in their communications — whether it's e-mail from the office computer or text messages from the company cell phone or BlackBerry — expectations of privacy disappear.
"There is no right of privacy then. An employer can do anything he wants," said Malven, including monitoring e-mails and Internet use and getting copies of text messages.
In 2005, a survey by the American Management Association showed that three-fourths of employers monitor employees' Web-site visits, and 65 percent use software to block connections to inappropriate sites. About half review and retain e-mail messages, and a third track keystrokes.
To Continue Reading: Click Here
-----------------------------------------
Source: crainsdetroit.com
By: Tom Henderson
Don't send any text messages or e-mails you don't want to see in the newspaper was a lesson Detroit Mayor Kwame Kilpatrick learned this week, and one repeated by area attorneys and business consultants.
"I advise everyone and practice it absolutely. I don't send anything I don't want public," said Mark Malven, leader of the technology transaction practice in the Bloomfield Hills office of Dykema Gossett P.L.L.C. "I don't put anything sensitive into an e-mail or a text message that I wouldn't want to see in the newspaper. Executives have come crashing to the ground. Companies get ruined."
Service providers say they erase text messages from their servers — AT&T deletes messages after 72 hours, according to spokesperson Howard Riefs, and others do so in times ranging up to two weeks — but you shouldn't rely on that, say industry professionals.
"Though officially deleted by official policy, my suspicion is that they archive them longer than public communication dictates, and legislation on e-discovery is making it easier and easier for these types of communications to be used in civil and criminal proceedings," said Steve Barone, CEO of Creative Breakthroughs in Troy, an IT staffing, consulting and managed-services firm and the No. 1 provider of Symantec services in the Midwest.
"Don't rely on word the messages are gone," said Malven. "Providers want people to keep using it (text messaging) and not be worried. They may delete it on the server, but backups may be out there."
"Service providers back up constantly, as a matter of course. Just assume it will be stored somewhere and accessible either intentionally or by accident," said Jose Nazario, a senior security researcher in the Ann Arbor office of Massachusetts-based Arbor Networks Inc., which provides Internet security by monitoring Web sites for assaults by hackers and helping fight them.
Even if private text messages are deleted, companies and governments may have contracts with communications providers spelling out retention policies that require much longer storage, which was the case with the city of Detroit's contract with Mississippi-based SkyTel, whose BlackBerry-like SkyWriter was the tool of choice for the mayor and his chief of staff, Christine Beatty.
Kilpatrick and Beatty are public figures with fewer rights of privacy than most citizens. But once even private citizens start using company equipment in their communications — whether it's e-mail from the office computer or text messages from the company cell phone or BlackBerry — expectations of privacy disappear.
"There is no right of privacy then. An employer can do anything he wants," said Malven, including monitoring e-mails and Internet use and getting copies of text messages.
In 2005, a survey by the American Management Association showed that three-fourths of employers monitor employees' Web-site visits, and 65 percent use software to block connections to inappropriate sites. About half review and retain e-mail messages, and a third track keystrokes.
To Continue Reading: Click Here
-----------------------------------------
Source: crainsdetroit.com
By: Tom Henderson
How law firms are coping in the era of e-discovery
Better technology and outside vendors can help mine and manage gigabytes of data — for a price
With the amendments to the federal rules regarding electronic discovery just over a year old and the amendments to the Maryland rules effective this month, the courts are adjusting to the reality that most business and personal communications — potential evidence in litigation — originate in and travel by computer.
Maryland’s Chief U.S. Magistrate Judge Paul W. Grimm called striking the balance between timely justice and the rising cost of performing e-discovery, where potentially millions of pages of documents are prospective evidence, “a bigger challenge now than the system itself has ever faced.”
Likewise, litigators are doing some of their own adjusting: determining how to access sometimes years-old e-mails, manage gigabytes of text and figure out who actually wrote what, and when — regardless of what a letter’s date or signature might say.
To tackle these high-tech dilemmas, many firms have gone high-tech themselves, from licensing pricey software to paying outside companies tens of thousands of dollars to take “forensic images” of clients’ hard drives. “
That’s why the electronic discovery industry, from a vendor’s standpoint, has exploded,” said Brian L. Moffet, chair of the electronic discovery practice group at Gordon, Feinblatt, Rothman, Hoffberger & Hollander LLC in Baltimore.
Some useful pre-discovery technology is free.
Even before Bowie & Jensen LLC attorney Matthew G. Hjortsberg takes a case, he uses a variety of Internet tools to learn about the prospective opposing party. From the Securities and Exchange Commission’s EDGAR database to a Greek singles Web site, Hjortsberg looks for information wherever it might be found.
To Continue Reading: Click Here
-----------------------------------------
Source: mddailyrecord.com
By: Brendan Kearney
With the amendments to the federal rules regarding electronic discovery just over a year old and the amendments to the Maryland rules effective this month, the courts are adjusting to the reality that most business and personal communications — potential evidence in litigation — originate in and travel by computer.
Maryland’s Chief U.S. Magistrate Judge Paul W. Grimm called striking the balance between timely justice and the rising cost of performing e-discovery, where potentially millions of pages of documents are prospective evidence, “a bigger challenge now than the system itself has ever faced.”
Likewise, litigators are doing some of their own adjusting: determining how to access sometimes years-old e-mails, manage gigabytes of text and figure out who actually wrote what, and when — regardless of what a letter’s date or signature might say.
To tackle these high-tech dilemmas, many firms have gone high-tech themselves, from licensing pricey software to paying outside companies tens of thousands of dollars to take “forensic images” of clients’ hard drives. “
That’s why the electronic discovery industry, from a vendor’s standpoint, has exploded,” said Brian L. Moffet, chair of the electronic discovery practice group at Gordon, Feinblatt, Rothman, Hoffberger & Hollander LLC in Baltimore.
Some useful pre-discovery technology is free.
Even before Bowie & Jensen LLC attorney Matthew G. Hjortsberg takes a case, he uses a variety of Internet tools to learn about the prospective opposing party. From the Securities and Exchange Commission’s EDGAR database to a Greek singles Web site, Hjortsberg looks for information wherever it might be found.
To Continue Reading: Click Here
-----------------------------------------
Source: mddailyrecord.com
By: Brendan Kearney
The Art of Redacting Privileged Data
In the old days, redacting privileged data from a document was simple. I would pull out my black Sharpie, cross out privileged words, and record the redaction on a privilege log. Attorneys produced redacted documents with full confidence that their client's privileged information would remain concealed. In today's age of electronic data discovery, attorneys can no longer retain the same confidence.
In 2005, I first witnessed the severe consequences of failing to understand the mechanics of the EDD production process. Opposing counsel produced hundreds of thousands of e-documents. I loaded these documents into a computer program from Ipro Tech Inc. that helps users view the produced documents as images, and then perform keyword searches.
These keyword searches yielded a surprising phenomenon: They would identify documents where the searched-for keyword was noticeably absent. Upon consulting our computer guru, I learned that the keyword search was performed not on the document image, but rather on the document image's corresponding text file that is not readily accessible within the computer program.
Once I located this corresponding text file, I found my missing keyword in the space where a redaction box appeared on the document's image. Indeed, this phenomenon was consistent throughout the production -- every piece of text redacted from the document's image appeared unredacted in the corresponding text file. We ceased examining the files and informed opposing counsel that it appeared they produced their client's privileged information.
In the two years since this incident, I would have expected those in the EDD industry to correct this glaring mistake -- after all, it is not good litigation strategy to produce your client's privileged information. But law firms and EDD vendors frequently continue to make this mistake. One vendor acknowledged the issue, but required an extra hourly fee to take the appropriate step of deleting redacted text from the accompanying text files, saying that was not part of their standard practice.
To avoid this mistake, here is what you need to know. Under the Federal Rules of Civil Procedure, parties must produce e-documents in a format that preserves the same functionality as the original, native e-document. Although parties can choose to produce their documents in native format, few parties actually do because native e-documents:
To Continue Reading: Click Here
-----------------------------------------
Source: law.com
By: Kenton Hutcherson
In 2005, I first witnessed the severe consequences of failing to understand the mechanics of the EDD production process. Opposing counsel produced hundreds of thousands of e-documents. I loaded these documents into a computer program from Ipro Tech Inc. that helps users view the produced documents as images, and then perform keyword searches.
These keyword searches yielded a surprising phenomenon: They would identify documents where the searched-for keyword was noticeably absent. Upon consulting our computer guru, I learned that the keyword search was performed not on the document image, but rather on the document image's corresponding text file that is not readily accessible within the computer program.
Once I located this corresponding text file, I found my missing keyword in the space where a redaction box appeared on the document's image. Indeed, this phenomenon was consistent throughout the production -- every piece of text redacted from the document's image appeared unredacted in the corresponding text file. We ceased examining the files and informed opposing counsel that it appeared they produced their client's privileged information.
In the two years since this incident, I would have expected those in the EDD industry to correct this glaring mistake -- after all, it is not good litigation strategy to produce your client's privileged information. But law firms and EDD vendors frequently continue to make this mistake. One vendor acknowledged the issue, but required an extra hourly fee to take the appropriate step of deleting redacted text from the accompanying text files, saying that was not part of their standard practice.
To avoid this mistake, here is what you need to know. Under the Federal Rules of Civil Procedure, parties must produce e-documents in a format that preserves the same functionality as the original, native e-document. Although parties can choose to produce their documents in native format, few parties actually do because native e-documents:
To Continue Reading: Click Here
-----------------------------------------
Source: law.com
By: Kenton Hutcherson
Friday, January 25, 2008
Coping With the EDD Drumbeat
Electronic data discovery doesn't have to be such a big deal; take it from someone who's been there
For the past several years, in-house litigators have been bombarded by swarms of consultants, vendors, and outside counsel reciting the potentially catastrophic effects of the 2006 amendments to the Federal Rules of Civil Procedure (FRCP).
The drumbeat grew so loud that many of us began to think we were seeing a repeat of The Great Y2K Scare of 1999. For those who haven't been paying attention, the new rules, among other things, mandate early e-discovery meetings and give judges the power to decide whether providing some electronic data would be too expensive.
The result? The apocalypse hasn't arrived just yet. Despite the warnings, e-discovery is not too different from any other form of discovery.
My solutions for coping with e-discovery aren't that shocking, either. You need a good team to keep track of electronic data, and you have to plan ahead. Doesn't sound too different from succeeding in life in general, does it? By staying calm and applying common sense, seasoned practitioners can cope with e-discovery just as our forebears did when copy machines, databases and fax machines first came into use. We survived them all, too.
Here's my basic approach: Make sure you have an educated IT group that can locate and collect the required electronic data and then testify about its practices under cross-examination if needed; this will greatly ease the legal department's burden. Use outside counsel whom the judge trusts. Your lawyers can use the meet-and-confer aspect of the 2006 amendments to reach an accord on the scope of data collection.
Finally, involve employees in the effort to curb the amount of irrelevant data produced from overusing word searches. This will help you avoid sanctions and nosebleed-territory expenses later on.
The principal challenge in this era of e-discovery is to keep costs down -- which sounds hard, when you consider years of e-mail stored on laptops across the corporation. No matter what you do, your employees will store their e-mail in chronological archives; for most people, that's the easiest way to organize it. However, these messages are, in many cases, subject to discovery. You might wish they would disappear, but there is nothing a judge will consider "inaccessible" about this data. And this stuff is simply expensive to produce for discovery (and worse, costly to review) if you are not careful enough to plan ahead and control the scope of collection.
To Continue Reading: Click Here
-----------------------------------------
Source: law.com
For the past several years, in-house litigators have been bombarded by swarms of consultants, vendors, and outside counsel reciting the potentially catastrophic effects of the 2006 amendments to the Federal Rules of Civil Procedure (FRCP).
The drumbeat grew so loud that many of us began to think we were seeing a repeat of The Great Y2K Scare of 1999. For those who haven't been paying attention, the new rules, among other things, mandate early e-discovery meetings and give judges the power to decide whether providing some electronic data would be too expensive.
The result? The apocalypse hasn't arrived just yet. Despite the warnings, e-discovery is not too different from any other form of discovery.
My solutions for coping with e-discovery aren't that shocking, either. You need a good team to keep track of electronic data, and you have to plan ahead. Doesn't sound too different from succeeding in life in general, does it? By staying calm and applying common sense, seasoned practitioners can cope with e-discovery just as our forebears did when copy machines, databases and fax machines first came into use. We survived them all, too.
Here's my basic approach: Make sure you have an educated IT group that can locate and collect the required electronic data and then testify about its practices under cross-examination if needed; this will greatly ease the legal department's burden. Use outside counsel whom the judge trusts. Your lawyers can use the meet-and-confer aspect of the 2006 amendments to reach an accord on the scope of data collection.
Finally, involve employees in the effort to curb the amount of irrelevant data produced from overusing word searches. This will help you avoid sanctions and nosebleed-territory expenses later on.
The principal challenge in this era of e-discovery is to keep costs down -- which sounds hard, when you consider years of e-mail stored on laptops across the corporation. No matter what you do, your employees will store their e-mail in chronological archives; for most people, that's the easiest way to organize it. However, these messages are, in many cases, subject to discovery. You might wish they would disappear, but there is nothing a judge will consider "inaccessible" about this data. And this stuff is simply expensive to produce for discovery (and worse, costly to review) if you are not careful enough to plan ahead and control the scope of collection.
To Continue Reading: Click Here
-----------------------------------------
Source: law.com
GCs Embrace Outsourced Work
For Scott Rickman, the question is: Why pay big-firm associates $200 an hour to do document review when you can ship it out to India for $25 an hour?
High rates and the increasing bulk of e-discovery have pushed the associate general counsel at San Francisco-based Del Monte Foods to seriously consider using sources outside his outside law firm for the grunt work of litigation.
"What caused me to start to look into this issue was just the tremendous cost involved in discovery," said Rickman. "It doesn't make sense to pay 150 or 250 dollars an hour at some of the larger firms to do the document review -- it just seems like overkill."
Some in-house departments have already reached that conclusion. It has been reported in recent years that big companies like Microsoft Corp. and Cisco Systems Inc. offshore some patent application work. Companies like San Jose's Cadence Design Systems Inc. dabble, occasionally using Indian companies for large document review projects.
"It is a trend that I have observed -- a lot more companies are really considering it, if not doing it," said Stephen Yu, general counsel at Macrovision Corp., which doesn't outsource any legal work.
While many are still undecided or tentative, market researchers are bullish. Boston-based Forrester Research estimates the current value of legal work shipped overseas at $80 million, but predicts that $4 billion worth may head to India by 2015, according to an article last year in Legal Week, a Recorder affiliate.
With futuristic names like Pangea3, Office Tiger and Lexadigm, companies that get legal work done in India are continuing to pop up, and investors are betting they'll succeed. Pangea3, which employs 240 lawyers in three Mumbai offices, got a $4.4 million investment by GlenRock Capital Advisers, the fund headed by former top private equity lawyer Lawrence Graev, who now serves as Pangea3's nonexecutive chairman. Last year, the company scored a $7 million investment by venture capital firm Sequoia Capital, which also helped shepherd Yahoo, PayPal and YouTube.
The prices are certainly appealing for in-house counsel looking to cut costs. Rickman said he can get document review done in India for between $25 and $65 an hour. That same work also could be done for about $70 an hour by contract attorneys hired by law firms, another attractive option, he said.
The outsourcing issue takes aim at a sensitive area between companies and outside law firms who are always going back and forth about ever-rising rates.
"The private law firm partners are not enamored by it because they lose control and it cuts into their margin," said Wendy Tice-Wallner, a consultant with the Tice-Wallner Group in San Francisco.
Law firm partners -- as well as some in-house counsel -- also enumerate a number of risks associated with shipping work to foreign locales. Katherine "Kathi" Lutton, who heads Fish & Richardson's litigation practice, says it's better for lawyers who are working on the case to review related documents.
"You get a big picture of the case when you see the documents," Lutton said. "The bigger risk is, are you finding and producing the right documents?"
In mulling his decision, Del Monte's Rickman says he hears a lot about the risks of outsourcing legal work, but it's not something he's overly concerned about.
"In these articles, there's always a quote from a partner at a large law firm about the risk of sending work to India," Rickman said. "Yes there's a risk -- there's a risk to law firm profits."
WHEN IT WORKS
Mona Sabet, who heads IP at Cadence, said her company has found that some matters are better outsourced than others. Large document review projects -- Cadence is using an Indian company for one now -- make sense because of the lower cost and routine nature of the work. But for other services, like patent drafting, Cadence hasn't gotten a lot of bang for its buck, she said.
"I think some of the reason for that, at least in India, is that the business of patent drafting in India is still a relatively new one," Sabet wrote in an e-mail. "As with any complex activity, it takes years before an organization can develop the depth of proficiency necessary to compete with others who have been in the industry for decades."
To Continue Reading: Click Here
-----------------------------------------
Source: law.com
High rates and the increasing bulk of e-discovery have pushed the associate general counsel at San Francisco-based Del Monte Foods to seriously consider using sources outside his outside law firm for the grunt work of litigation.
"What caused me to start to look into this issue was just the tremendous cost involved in discovery," said Rickman. "It doesn't make sense to pay 150 or 250 dollars an hour at some of the larger firms to do the document review -- it just seems like overkill."
Some in-house departments have already reached that conclusion. It has been reported in recent years that big companies like Microsoft Corp. and Cisco Systems Inc. offshore some patent application work. Companies like San Jose's Cadence Design Systems Inc. dabble, occasionally using Indian companies for large document review projects.
"It is a trend that I have observed -- a lot more companies are really considering it, if not doing it," said Stephen Yu, general counsel at Macrovision Corp., which doesn't outsource any legal work.
While many are still undecided or tentative, market researchers are bullish. Boston-based Forrester Research estimates the current value of legal work shipped overseas at $80 million, but predicts that $4 billion worth may head to India by 2015, according to an article last year in Legal Week, a Recorder affiliate.
With futuristic names like Pangea3, Office Tiger and Lexadigm, companies that get legal work done in India are continuing to pop up, and investors are betting they'll succeed. Pangea3, which employs 240 lawyers in three Mumbai offices, got a $4.4 million investment by GlenRock Capital Advisers, the fund headed by former top private equity lawyer Lawrence Graev, who now serves as Pangea3's nonexecutive chairman. Last year, the company scored a $7 million investment by venture capital firm Sequoia Capital, which also helped shepherd Yahoo, PayPal and YouTube.
The prices are certainly appealing for in-house counsel looking to cut costs. Rickman said he can get document review done in India for between $25 and $65 an hour. That same work also could be done for about $70 an hour by contract attorneys hired by law firms, another attractive option, he said.
The outsourcing issue takes aim at a sensitive area between companies and outside law firms who are always going back and forth about ever-rising rates.
"The private law firm partners are not enamored by it because they lose control and it cuts into their margin," said Wendy Tice-Wallner, a consultant with the Tice-Wallner Group in San Francisco.
Law firm partners -- as well as some in-house counsel -- also enumerate a number of risks associated with shipping work to foreign locales. Katherine "Kathi" Lutton, who heads Fish & Richardson's litigation practice, says it's better for lawyers who are working on the case to review related documents.
"You get a big picture of the case when you see the documents," Lutton said. "The bigger risk is, are you finding and producing the right documents?"
In mulling his decision, Del Monte's Rickman says he hears a lot about the risks of outsourcing legal work, but it's not something he's overly concerned about.
"In these articles, there's always a quote from a partner at a large law firm about the risk of sending work to India," Rickman said. "Yes there's a risk -- there's a risk to law firm profits."
WHEN IT WORKS
Mona Sabet, who heads IP at Cadence, said her company has found that some matters are better outsourced than others. Large document review projects -- Cadence is using an Indian company for one now -- make sense because of the lower cost and routine nature of the work. But for other services, like patent drafting, Cadence hasn't gotten a lot of bang for its buck, she said.
"I think some of the reason for that, at least in India, is that the business of patent drafting in India is still a relatively new one," Sabet wrote in an e-mail. "As with any complex activity, it takes years before an organization can develop the depth of proficiency necessary to compete with others who have been in the industry for decades."
To Continue Reading: Click Here
-----------------------------------------
Source: law.com
Data protection through encryption
Encryption has been used to hide covert messages from prehistoric times. Today, companies use encryption to protect data in transit and on disk.
The encryption story in the India is slowly beginning to unfold, thanks to compliance requirements like PCI DSS, SOX and HIPPA and the global exposure of most Indian companies. Secure data interchange has become a norm now when companies share data and critical information with their partners and customers alike. The physical boundaries that existed in the past between the enterprise and the rest of the world have faded. One of the most efficient and secure ways to control and share information with the right parties is encryption. Though just encryption is not enough for this, it needs to be integrated with policy enforcement mechanisms like Access Control, Segregation of Duties and Log Management.
Amuleek Bijral, Country Manager- India & SAARC for RSA, the Security Division of EMC said, “The Indian customers today are looking at vendors who can fulfill all these requirements and provide a complete, well integrated and consistent solution. The encryption can span from the application, network and storage layers.”
Today it is not just compliance that drives the security solutions, customers have started realizing that security can be a business enabler provided that it is done right. As infrastructure becomes more expensive telecommuting has become a critical requirement for IT and ITES companies. Making the right data available to remote offices and offshore operations is critical to the functioning of any business. All this can be achieved with the right security solution.
Data security is one of the top items on any company’s IT agenda. Almost all organizations backup their data regularly and maintain offsite copies for the purpose of data retention and disaster recovery. In spite of the fact that backup tapes contain confidential data, comparatively few companies have taken steps to ensure that the data that is backed up and transported offsite for storage is secure. In fact, while IT departments go to great lengths to secure their network perimeter against attack, many organizations are lax in the way in which they protect their backup infrastructure and tape media. However, a series of new regulations and a spate of high profile backup tape losses are finally forcing organizations to re-evaluate how effective their data security processes and technology really are.
To Continue Reading: Click Here
-----------------------------------------
Source: expresscomputeronline
The encryption story in the India is slowly beginning to unfold, thanks to compliance requirements like PCI DSS, SOX and HIPPA and the global exposure of most Indian companies. Secure data interchange has become a norm now when companies share data and critical information with their partners and customers alike. The physical boundaries that existed in the past between the enterprise and the rest of the world have faded. One of the most efficient and secure ways to control and share information with the right parties is encryption. Though just encryption is not enough for this, it needs to be integrated with policy enforcement mechanisms like Access Control, Segregation of Duties and Log Management.
Amuleek Bijral, Country Manager- India & SAARC for RSA, the Security Division of EMC said, “The Indian customers today are looking at vendors who can fulfill all these requirements and provide a complete, well integrated and consistent solution. The encryption can span from the application, network and storage layers.”
Today it is not just compliance that drives the security solutions, customers have started realizing that security can be a business enabler provided that it is done right. As infrastructure becomes more expensive telecommuting has become a critical requirement for IT and ITES companies. Making the right data available to remote offices and offshore operations is critical to the functioning of any business. All this can be achieved with the right security solution.
Data security is one of the top items on any company’s IT agenda. Almost all organizations backup their data regularly and maintain offsite copies for the purpose of data retention and disaster recovery. In spite of the fact that backup tapes contain confidential data, comparatively few companies have taken steps to ensure that the data that is backed up and transported offsite for storage is secure. In fact, while IT departments go to great lengths to secure their network perimeter against attack, many organizations are lax in the way in which they protect their backup infrastructure and tape media. However, a series of new regulations and a spate of high profile backup tape losses are finally forcing organizations to re-evaluate how effective their data security processes and technology really are.
To Continue Reading: Click Here
-----------------------------------------
Source: expresscomputeronline
Thursday, January 24, 2008
Mobile phone SIMs can go to hell and back
Even if your mobile phone is unlikely to survive a fire, chances are that the SIM card inside might.
Scientists have discovered that some SIM cards can withstand heat up to 450°C and possibly even higher. The discovery should be useful for police and forensics staff investigating terror attacks and other crimes.
Hot technology
A total of 12 SIM cards were subjected to heat trials by electronic engineers Benjamin Jones and Tony Kenyon from University College London, AFP reports. The researchers tried to recover data from the SIM cards by attaching tiny probes to the circuit and reading its contents via an interface pad.
Six cards were heated to around 180°C and could be read after rewiring with no loss of data. Five were cooked to 450°C, four of which could not be read by the researchers. However, the fifth one could, albeit briefly. The twelfth, heated to 650°C, could not be read.
Jones and Kenyon said that the experiment proves SIM cards can survive in temperatures up to 450°C - and "quite possibly beyond that".
In an article published in the latest issue of Forensic Science International, the researchers pointed out that the rewiring technique they used was not the last resort for forensic experts wanting to delve into a damaged SIM card.
Reading data
"A chip that has been exposed to such temperatures may also be mechanically damaged, and the data may not be retrieved by simple probing or rewiring. But the data itself remains uncompromised and can possibly be read using other techniques," Jones and Kenyon said.
SIM cards may also survive for much longer in a blaze if they are close to the floor or on a desk, as temperatures in a building fire vary greatly according to the location.
To Continue Reading: Click Here
-----------------------------------------
Source: Tech Radar
By: Anna Lagerkvist
Scientists have discovered that some SIM cards can withstand heat up to 450°C and possibly even higher. The discovery should be useful for police and forensics staff investigating terror attacks and other crimes.
Hot technology
A total of 12 SIM cards were subjected to heat trials by electronic engineers Benjamin Jones and Tony Kenyon from University College London, AFP reports. The researchers tried to recover data from the SIM cards by attaching tiny probes to the circuit and reading its contents via an interface pad.
Six cards were heated to around 180°C and could be read after rewiring with no loss of data. Five were cooked to 450°C, four of which could not be read by the researchers. However, the fifth one could, albeit briefly. The twelfth, heated to 650°C, could not be read.
Jones and Kenyon said that the experiment proves SIM cards can survive in temperatures up to 450°C - and "quite possibly beyond that".
In an article published in the latest issue of Forensic Science International, the researchers pointed out that the rewiring technique they used was not the last resort for forensic experts wanting to delve into a damaged SIM card.
Reading data
"A chip that has been exposed to such temperatures may also be mechanically damaged, and the data may not be retrieved by simple probing or rewiring. But the data itself remains uncompromised and can possibly be read using other techniques," Jones and Kenyon said.
SIM cards may also survive for much longer in a blaze if they are close to the floor or on a desk, as temperatures in a building fire vary greatly according to the location.
To Continue Reading: Click Here
-----------------------------------------
Source: Tech Radar
By: Anna Lagerkvist
Congress questions security of backup tape sales
Congresswoman Betty McCollum (D-Minn.) has reopened an interesting can of worms on Capitol Hill by sending a letter to the Government Accountability Office requesting an investigation into the potential security implications of a program under which federal agencies are reselling used magnetic data tapes to the public.
According to McCollum's letter, an unofficial test recently conducted on a handful of tapes sold via the program found a wealth of sensitive data still resident on the storage media, including bank account numbers, personal information of government employees, travel expense reports and a range of other financial documents.
The forensic test of the tapes, which are supposed to be wiped clean before re-sale, was conducted by officials at Imation, a maker of removable storage technologies.
McCollum maintains in her plea that the sensitive data mined from the tapes was unearthed using "readily available equipment and information," implying that anyone else with such knowledge could easily replicate the feat.
The Congresswoman directly questioned a previous 2007 GAO review -- launched at the request of the Dept. of Homeland Security based on similar security concerns -- that found that the tapes were indeed wiped of any information before they were made available for sale.
The GAO said that its tests found that the tapes were sufficiently wiped clean of any data, and that they should pose only a low security risk as long as the involved agencies followed established guidelines for erasing any data on the devices.
McCollum claims that the Imation test took only one-and-a-half business days to find the sensitive data, and that it was conducted using only a standard PC and well-known forensics techniques.
"If federal agencies are selling used magnetic storage tapes on the open market with this level of recoverable sensitive data available to anyone with minimal technical skills or equipment, we should all be alarmed and demanding greater accountability," McCollum said. "Federal agencies could be under the impression that the sale of these used tapes is secure, while the fact remains that substantial amounts of highly-sensitive government [data] may be circulating in the open market."
The Congresswoman is "strongly urging" the GAO to launch a broader investigation to ensure that tapes sold by agencies including the Federal Reserve and U.S. Air Force do not contain valuable or sensitive information.
To Continue Reading: Click Here
---------------------------------------
Source: infoworld.com
According to McCollum's letter, an unofficial test recently conducted on a handful of tapes sold via the program found a wealth of sensitive data still resident on the storage media, including bank account numbers, personal information of government employees, travel expense reports and a range of other financial documents.
The forensic test of the tapes, which are supposed to be wiped clean before re-sale, was conducted by officials at Imation, a maker of removable storage technologies.
McCollum maintains in her plea that the sensitive data mined from the tapes was unearthed using "readily available equipment and information," implying that anyone else with such knowledge could easily replicate the feat.
The Congresswoman directly questioned a previous 2007 GAO review -- launched at the request of the Dept. of Homeland Security based on similar security concerns -- that found that the tapes were indeed wiped of any information before they were made available for sale.
The GAO said that its tests found that the tapes were sufficiently wiped clean of any data, and that they should pose only a low security risk as long as the involved agencies followed established guidelines for erasing any data on the devices.
McCollum claims that the Imation test took only one-and-a-half business days to find the sensitive data, and that it was conducted using only a standard PC and well-known forensics techniques.
"If federal agencies are selling used magnetic storage tapes on the open market with this level of recoverable sensitive data available to anyone with minimal technical skills or equipment, we should all be alarmed and demanding greater accountability," McCollum said. "Federal agencies could be under the impression that the sale of these used tapes is secure, while the fact remains that substantial amounts of highly-sensitive government [data] may be circulating in the open market."
The Congresswoman is "strongly urging" the GAO to launch a broader investigation to ensure that tapes sold by agencies including the Federal Reserve and U.S. Air Force do not contain valuable or sensitive information.
To Continue Reading: Click Here
---------------------------------------
Source: infoworld.com
Wednesday, January 23, 2008
E-mail Scandal Drives Storage Lesson Home
As the saga of whether the Bush administration properly saved or illegally deleted e-mail continues to unfold, experts are advising companies to review and confirm that corporate e-mail policies are not only in place but are meeting regulatory requirements.
"It's one thing to back up and archive e-mail, but it's a whole other thing to make sure it's there and you're able to retrieve it," said Matt Smith, president of LiveOffice, a provider of message managing and archiving services.
According to reports by the Associated Press and the Washington Post, the White House has allegedly been recycling e-mail backup tapes since 2003.
Investigators are questioning whether e-mail communications have been properly archived as required by federal statutes.
The AP reported that a congressional committee has scheduled a hearing for Feb. 15 about the alleged e-mail loss. White House Counsel Fred Fielding, White House Office of Administration Director Alan Swendiman, and United States Archivist Allen Weinstein are slated to appear.
The Post reported Friday that House Oversight and Government Reform Committee Chairman Henry A. Waxman (D-Calif.) released a study Friday claiming that no e-mail from various White House offices, including those of the president and vice president, was saved for nearly 500 days between 2003 and 2005.
Calls by InternetNews.com to the White House press office and the House Oversight and Government Reform Committee were not returned by press time.
White House spokespeople have been quoted saying that no facts support the contention that the administration has destroyed e-mail or done anything improper in relation to retention.
Yet two private organizations, the Citizens for Responsibility and Ethics in Washington and the National Security Archive, have launched lawsuits in response to the e-mail retention issue.
Despite the scrutiny over the issue, many companies are not taking e-mail retention and archival seriously, Smith told InternetNews.com.
Although 43 percent of companies have an e-mail retention policy, only 12 percent have an automated archiving and compliance system in place, reported Osterman Research.
As a result, Smith said the lesson for private and public companies is clear: No time is better than the present to check that e-mails are properly saved, retained and retrievable if needed.
To Continue Reading: Click Here
---------------------------------------
Source: enterpriseitplanet.com
"It's one thing to back up and archive e-mail, but it's a whole other thing to make sure it's there and you're able to retrieve it," said Matt Smith, president of LiveOffice, a provider of message managing and archiving services.
According to reports by the Associated Press and the Washington Post, the White House has allegedly been recycling e-mail backup tapes since 2003.
Investigators are questioning whether e-mail communications have been properly archived as required by federal statutes.
The AP reported that a congressional committee has scheduled a hearing for Feb. 15 about the alleged e-mail loss. White House Counsel Fred Fielding, White House Office of Administration Director Alan Swendiman, and United States Archivist Allen Weinstein are slated to appear.
The Post reported Friday that House Oversight and Government Reform Committee Chairman Henry A. Waxman (D-Calif.) released a study Friday claiming that no e-mail from various White House offices, including those of the president and vice president, was saved for nearly 500 days between 2003 and 2005.
Calls by InternetNews.com to the White House press office and the House Oversight and Government Reform Committee were not returned by press time.
White House spokespeople have been quoted saying that no facts support the contention that the administration has destroyed e-mail or done anything improper in relation to retention.
Yet two private organizations, the Citizens for Responsibility and Ethics in Washington and the National Security Archive, have launched lawsuits in response to the e-mail retention issue.
Despite the scrutiny over the issue, many companies are not taking e-mail retention and archival seriously, Smith told InternetNews.com.
Although 43 percent of companies have an e-mail retention policy, only 12 percent have an automated archiving and compliance system in place, reported Osterman Research.
As a result, Smith said the lesson for private and public companies is clear: No time is better than the present to check that e-mails are properly saved, retained and retrievable if needed.
To Continue Reading: Click Here
---------------------------------------
Source: enterpriseitplanet.com
O'Melveny Says It's Sorry for Missing E-Mails
Bankruptcy examiner says firm 'not forthright' about New Century's cash collateral. And how about the 700,000 missing e-mails?
The fees may be good, but lawyers at O'Melveny & Myers have had a rough few weeks representing one of the nation's largest failed subprime lenders.
New Century Financial Corp. and its outside restructuring attorneys at O'Melveny misled a bankruptcy examiner about funds that may belong to creditors, according to a blistering report by the examiner unsealed last week.
And the bank's outside counsel had to apologize to U.S. Bankruptcy Judge Kevin Carey for a discovery "mishap" in which more than 700,000 e-mails weren't turned over to the bankruptcy examiner. O'Melveny blamed an "outside vendor" for the problem in a Jan. 14 filing.
"The debtors recognize that such errors, even if unavoidable in the context of such a process, cause inconvenience to participants in proceedings of this nature, and accept full responsibility," wrote O'Melveny lawyers Ben Logan and Suzzanne Uhland, along with local counsel in Delaware.
Bankruptcy examiner Michael Missal's report and O'Melveny's response were submitted to Carey last fall and unsealed Thursday.
Missal, a Kirkpatrick & Lockhart Preston Gates Ellis partner in Washington, D.C., said O'Melveny attorneys "were not forthright" in their dealings with him, causing the examiner to expend additional funds to sort out the mess.
That accusation stems from the bank's handling of cash collateral, or money in the bank's possession that may actually be the property of another party.
New Century and its lawyers represented numerous times that they had done no analysis of cash collateral before the company filed for bankruptcy, Missal contends in his report. Based on those representations, the examiner concluded in August 2007 that the company had not properly handled the collateral.
Then, Missal said, the company disclosed for the first time the legal advice it received from O'Melveny, which guided its cash collateral strategy.
"The examiner and his counsel expressed their astonishment about these disclosures to the CEO and outside counsel," Missal wrote, adding that the legal strategy "had never been disclosed in the more than two months that the examiner had investigated the cash collateral issue and no satisfactory explanation was given why this information was not provided."
The conflicting stories forced the examiner to needlessly spend more than $800,000, Missal wrote, plus whatever amount O'Melveny billed for litigating the issue. All told, O'Melveny has charged more than $12 million in six months of work on New Century's wide-ranging legal issues, according to the firm's fee applications.
To Continue Reading: Click Here
---------------------------------------
Source: Law.com
By: Dan Levine
The fees may be good, but lawyers at O'Melveny & Myers have had a rough few weeks representing one of the nation's largest failed subprime lenders.
New Century Financial Corp. and its outside restructuring attorneys at O'Melveny misled a bankruptcy examiner about funds that may belong to creditors, according to a blistering report by the examiner unsealed last week.
And the bank's outside counsel had to apologize to U.S. Bankruptcy Judge Kevin Carey for a discovery "mishap" in which more than 700,000 e-mails weren't turned over to the bankruptcy examiner. O'Melveny blamed an "outside vendor" for the problem in a Jan. 14 filing.
"The debtors recognize that such errors, even if unavoidable in the context of such a process, cause inconvenience to participants in proceedings of this nature, and accept full responsibility," wrote O'Melveny lawyers Ben Logan and Suzzanne Uhland, along with local counsel in Delaware.
Bankruptcy examiner Michael Missal's report and O'Melveny's response were submitted to Carey last fall and unsealed Thursday.
Missal, a Kirkpatrick & Lockhart Preston Gates Ellis partner in Washington, D.C., said O'Melveny attorneys "were not forthright" in their dealings with him, causing the examiner to expend additional funds to sort out the mess.
That accusation stems from the bank's handling of cash collateral, or money in the bank's possession that may actually be the property of another party.
New Century and its lawyers represented numerous times that they had done no analysis of cash collateral before the company filed for bankruptcy, Missal contends in his report. Based on those representations, the examiner concluded in August 2007 that the company had not properly handled the collateral.
Then, Missal said, the company disclosed for the first time the legal advice it received from O'Melveny, which guided its cash collateral strategy.
"The examiner and his counsel expressed their astonishment about these disclosures to the CEO and outside counsel," Missal wrote, adding that the legal strategy "had never been disclosed in the more than two months that the examiner had investigated the cash collateral issue and no satisfactory explanation was given why this information was not provided."
The conflicting stories forced the examiner to needlessly spend more than $800,000, Missal wrote, plus whatever amount O'Melveny billed for litigating the issue. All told, O'Melveny has charged more than $12 million in six months of work on New Century's wide-ranging legal issues, according to the firm's fee applications.
To Continue Reading: Click Here
---------------------------------------
Source: Law.com
By: Dan Levine
Qualcomm Court Sets Baseline For Electronic Discovery Programs For In-House And Retained Counsel
The U.S. District Court for the Southern District of California's latest opinion in Qualcomm Inc. v. Broadcom Corp., Case No. 05cv1958 (BLM) (S.D. Cal.), issued on January 7, 2008, serves as a warning to all corporate litigants regarding electronically stored documents and emails. This warning is especially applicable for in-house counsel, of which several were engulfed in this quagmire. The court ordered Qualcomm to pay all of Broadcom's litigation costs — around $8.5 million — for "intentionally with[holding] tens of thousands of decisive documents from its opponent in an effort to win this case and gain a strategic business advantage over Broadcom."
In addition, the attorneys most heavily involved were referred to the California State Bar for violations of their ethical duties.
The underlying case was a patent infringement suit filed by Qualcomm, alleging that Broadcom was infringing two of Qualcomm's patents on video-compression technology. In defense, one of Broadcom's arguments was that Qualcomm had an obligation to disclose its technology to a committee that was setting industry standards for the technology. Qualcomm repeatedly represented that this obligation did not exist. Broadcom succeeded at trial and subsequently the court became aware that Qualcomm had failed to produce an abundance of documents that were responsive to Broadcom's discovery requests. The court found that Qualcomm opposed any attempts to remedy its deficient production and to investigate the surrounding issues.
The district court was particularly concerned with upholding the good faith standard necessitated by the discovery system and emphasized that for the system to work in a time when documents are stored electronically, "attorneys and clients must work together to ensure that both understand how and where electronic documents, records and emails are maintained and to determine how best to locate, review, and produce responsive documents."
Emphasizing that it is the responsibility of attorneys (both in-house counsel and retained counsel) to make certain that their clients carry out an effective and comprehensive document search, the court noted that "[p]roducing 1.2 million pages of marginally relevant documents while hiding 46,000 critically important ones does not constitute good faith and does not satisfy either the client's or attorney's discovery obligations." The court suggested that in-house counsel have a duty to confirm the veracity of any signed papers produced during discovery.
The district court's solution was to order Qualcomm to implement a "comprehensive Case Review and Enforcement of Discovery Obligations ('CREDO') program" which, at a minimum, includes:
(1) identifying the factors that contributed to the discovery violation,
(2) creating and evaluating proposals, procedures, and processes that will correct the deficiencies identified in subsection (1),
(3) developing and finalizing a comprehensive protocol that will prevent future discovery violations,
(4) applying the protocol that was developed in subsection (3) to other factual situations, such as when the client does not have corporate counsel, when the client has a single in-house lawyer, when the client has a large legal staff, and when there are two law firms representing one client,
(5) identifying and evaluating data tracking systems, software, or procedures that corporations could implement to better enable inside and outside counsel to identify potential sources of discoverable documents, and
(6) any other information or suggestions that will help prevent discovery violations.
The court ordered that the attorneys submit a proposed protocol for the court to evaluate and revise, if necessary. While the district court's immediate goal was to remedy this specific instance of misconduct, the court hoped that its opinion would be a "road map" for electronic discovery and would "assist counsel and corporate clients in complying with their ethical and discovery obligations and conducting the requisite 'reasonable inquiry.'"
To Continue Reading: Click Here
-------------------------------------------
Source: Mondaq
By: John N. Maher and Richard T. Ruzich (Duane Morris)
In addition, the attorneys most heavily involved were referred to the California State Bar for violations of their ethical duties.
The underlying case was a patent infringement suit filed by Qualcomm, alleging that Broadcom was infringing two of Qualcomm's patents on video-compression technology. In defense, one of Broadcom's arguments was that Qualcomm had an obligation to disclose its technology to a committee that was setting industry standards for the technology. Qualcomm repeatedly represented that this obligation did not exist. Broadcom succeeded at trial and subsequently the court became aware that Qualcomm had failed to produce an abundance of documents that were responsive to Broadcom's discovery requests. The court found that Qualcomm opposed any attempts to remedy its deficient production and to investigate the surrounding issues.
The district court was particularly concerned with upholding the good faith standard necessitated by the discovery system and emphasized that for the system to work in a time when documents are stored electronically, "attorneys and clients must work together to ensure that both understand how and where electronic documents, records and emails are maintained and to determine how best to locate, review, and produce responsive documents."
Emphasizing that it is the responsibility of attorneys (both in-house counsel and retained counsel) to make certain that their clients carry out an effective and comprehensive document search, the court noted that "[p]roducing 1.2 million pages of marginally relevant documents while hiding 46,000 critically important ones does not constitute good faith and does not satisfy either the client's or attorney's discovery obligations." The court suggested that in-house counsel have a duty to confirm the veracity of any signed papers produced during discovery.
The district court's solution was to order Qualcomm to implement a "comprehensive Case Review and Enforcement of Discovery Obligations ('CREDO') program" which, at a minimum, includes:
(1) identifying the factors that contributed to the discovery violation,
(2) creating and evaluating proposals, procedures, and processes that will correct the deficiencies identified in subsection (1),
(3) developing and finalizing a comprehensive protocol that will prevent future discovery violations,
(4) applying the protocol that was developed in subsection (3) to other factual situations, such as when the client does not have corporate counsel, when the client has a single in-house lawyer, when the client has a large legal staff, and when there are two law firms representing one client,
(5) identifying and evaluating data tracking systems, software, or procedures that corporations could implement to better enable inside and outside counsel to identify potential sources of discoverable documents, and
(6) any other information or suggestions that will help prevent discovery violations.
The court ordered that the attorneys submit a proposed protocol for the court to evaluate and revise, if necessary. While the district court's immediate goal was to remedy this specific instance of misconduct, the court hoped that its opinion would be a "road map" for electronic discovery and would "assist counsel and corporate clients in complying with their ethical and discovery obligations and conducting the requisite 'reasonable inquiry.'"
To Continue Reading: Click Here
-------------------------------------------
Source: Mondaq
By: John N. Maher and Richard T. Ruzich (Duane Morris)
Losing the way over e-discovery?
At the end of 2006, the Federal Rules of Civil Procedure got amended to address the question of electronic discovery in lawsuits. Not to be outdone, the Judicial Council of California has now proposed its own set of amendments.
If the proposed changes to California civil code dealing with electronic discovery procedures ultimately become law, the new rules will mean new burdens for parties appearing in state courts.
While the amended federal rules steered clear of providing a precise definition of what constitutes electronically stored information, it does cover information "stored in any medium" so far as it can be "retrieved and examined." In this way, the amended text avoids any specific definition that later could be outstripped by advances in technology.
The proposed California amendments take a different tack, referencing information that is stored in an electronic medium and relating to technology having "electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities." While this comes across as quite broad, the federal definition might be better, as it later may be less capable of evasion by a new technology.
Lawyers and clients live in mortal fear of death-knell sanctions resulting from the failure to preserve and produce information.
The proposed amendments differ markedly when it comes to the question of inaccessible information. The federal approach takes the position that a party seeking discovery must seek leave of court to force another party to produce information that the latter deems inaccessible.
If the California changes take effect, a responding party would have to seek a protective order from a court to avoid producing information on the grounds that it is inaccessible or unreasonably burdensome. This approach increases risk for the responding parties.
Still, the proposed California amendments parallel the federal ones in allowing for cost-shifting if production proves burdensome and expensive. It also allows for relief from production if the information sought is available from less intrusive sources, or if its value is far outweighed by its burden.
Another similarity: California would allow a requesting party to specify the form in which it desires the electronically stored information to be produced.
California's proposed rule changes are clearer than the proposed federal amendments when it comes to providing an actual safe harbor for information that has been "lost, damaged, altered, or overwritten" because of the routine and good faith operation of an electronic information system. This is good news. Lawyers and clients live in mortal fear of death-knell sanctions resulting from the failure to preserve and produce information. The changes sought by California would seem to supply added protection on that front.
To Continue Reading: Click Here
---------------------------------------
Source: news.com
If the proposed changes to California civil code dealing with electronic discovery procedures ultimately become law, the new rules will mean new burdens for parties appearing in state courts.
While the amended federal rules steered clear of providing a precise definition of what constitutes electronically stored information, it does cover information "stored in any medium" so far as it can be "retrieved and examined." In this way, the amended text avoids any specific definition that later could be outstripped by advances in technology.
The proposed California amendments take a different tack, referencing information that is stored in an electronic medium and relating to technology having "electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities." While this comes across as quite broad, the federal definition might be better, as it later may be less capable of evasion by a new technology.
Lawyers and clients live in mortal fear of death-knell sanctions resulting from the failure to preserve and produce information.
The proposed amendments differ markedly when it comes to the question of inaccessible information. The federal approach takes the position that a party seeking discovery must seek leave of court to force another party to produce information that the latter deems inaccessible.
If the California changes take effect, a responding party would have to seek a protective order from a court to avoid producing information on the grounds that it is inaccessible or unreasonably burdensome. This approach increases risk for the responding parties.
Still, the proposed California amendments parallel the federal ones in allowing for cost-shifting if production proves burdensome and expensive. It also allows for relief from production if the information sought is available from less intrusive sources, or if its value is far outweighed by its burden.
Another similarity: California would allow a requesting party to specify the form in which it desires the electronically stored information to be produced.
California's proposed rule changes are clearer than the proposed federal amendments when it comes to providing an actual safe harbor for information that has been "lost, damaged, altered, or overwritten" because of the routine and good faith operation of an electronic information system. This is good news. Lawyers and clients live in mortal fear of death-knell sanctions resulting from the failure to preserve and produce information. The changes sought by California would seem to supply added protection on that front.
To Continue Reading: Click Here
---------------------------------------
Source: news.com
Tuesday, January 22, 2008
Keeping user data private
I'm an IT administrator at a community college and am gearing up for the New Year. Many students have their social security numbers on file and also use their credit cards to pay for classes online. What approaches should I make to ensure others can't take this data and use it as their own?
My answer won't be the cure-all solution, but I am providing you with some tips that will assist you in working towards your goal.
Some of the basics you want to cover include, but are not limited to, the following:
* Encrypting the sensitive data
* Knowing where the sensitive data resides
* Using secure firewall(s) and current configurations
* Using a DMZ to protect the internal network from the external network
* Using strong authentication on equipment
* Using Intrusion detection/monitoring for critical applications
* Using virus checking with current updates
* Limiting access to the data (access management)
These are just basic steps taken to protect data on the computing side. Knowing where sensitive data resides is a hot topic for many reasons, including electronic discovery issues, loss of sensitive data, and employer liability. Where data resides and who has access to it has taken many administrators by surprise when the business has received discovery notification for litigation purposes.
To Continue Reading: Click Here
---------------------------------------
Source: networkworld.com
By: Bert Talley
My answer won't be the cure-all solution, but I am providing you with some tips that will assist you in working towards your goal.
Some of the basics you want to cover include, but are not limited to, the following:
* Encrypting the sensitive data
* Knowing where the sensitive data resides
* Using secure firewall(s) and current configurations
* Using a DMZ to protect the internal network from the external network
* Using strong authentication on equipment
* Using Intrusion detection/monitoring for critical applications
* Using virus checking with current updates
* Limiting access to the data (access management)
These are just basic steps taken to protect data on the computing side. Knowing where sensitive data resides is a hot topic for many reasons, including electronic discovery issues, loss of sensitive data, and employer liability. Where data resides and who has access to it has taken many administrators by surprise when the business has received discovery notification for litigation purposes.
To Continue Reading: Click Here
---------------------------------------
Source: networkworld.com
By: Bert Talley
Can You Restore A 6-Year-Old Backup?
Some things, like sneezes, just seem to come in threes. Last week I got the third call in the past year asking for help restoring an oddball tape. In each case, a midsize company tried to satisfy its data-retention policy by putting end-of-month backup tapes on the shelf just in case the data on them would be needed in the future. Then when that time came, each was missing a tape drive or application to read them.
In the simplest case, my client had a records management company pick up tapes every Monday for off-site backups and never recalled the first box each month. Then someone from legal started asking about files from an employee who had been fired in 2004. Back come the boxes and inside are both DLT7000 tapes and a few DDS-2 DATs. While they no longer had a DAT drive, CDW was glad to sell them one and Backup Exec 11D could read a Backup Exec 8 tape.
Then a university police officer came in with an 8mm tape. Label on the tape just said "backup of 10.14.01" -- apparently someone took the tape and stuck it in an envelope that was part of a case that was coming to trial. No one makes 8mm tape drives anymore, but universities being what they are, a department had one on an old AIX system. The drive accepted the tape OK, but it took me three days of trial and error to find and application that could read it.
In the third case, a client decided to clean out the media safe and found about 100 OnStream ADR tapes. When they called, I let them know that OnStream went out of business in 2003, that the reason it went out of business was the product wasn't very reliable. I did find a Dutch company (OnStream was a Phillips spin-off) that has some drives and tapes available. Luckily, the client's legal counsel told them they could shred the tapes so we didn't have to play backup application bingo again. If you have OnStream issues, try http://www.hastec.nl/ .
To Continue Reading: Click Here
---------------------------------------
Source: informationweek.com
In the simplest case, my client had a records management company pick up tapes every Monday for off-site backups and never recalled the first box each month. Then someone from legal started asking about files from an employee who had been fired in 2004. Back come the boxes and inside are both DLT7000 tapes and a few DDS-2 DATs. While they no longer had a DAT drive, CDW was glad to sell them one and Backup Exec 11D could read a Backup Exec 8 tape.
Then a university police officer came in with an 8mm tape. Label on the tape just said "backup of 10.14.01" -- apparently someone took the tape and stuck it in an envelope that was part of a case that was coming to trial. No one makes 8mm tape drives anymore, but universities being what they are, a department had one on an old AIX system. The drive accepted the tape OK, but it took me three days of trial and error to find and application that could read it.
In the third case, a client decided to clean out the media safe and found about 100 OnStream ADR tapes. When they called, I let them know that OnStream went out of business in 2003, that the reason it went out of business was the product wasn't very reliable. I did find a Dutch company (OnStream was a Phillips spin-off) that has some drives and tapes available. Luckily, the client's legal counsel told them they could shred the tapes so we didn't have to play backup application bingo again. If you have OnStream issues, try http://www.hastec.nl/ .
To Continue Reading: Click Here
---------------------------------------
Source: informationweek.com
Three tips for print security
Despite the vital role that networked printing and imaging resources play in the processes and workflows of many organisations, the imaging and printing infrastructure is often an overlooked security vulnerability. In today's office, multifunction peripherals (MFPs) can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. As such, MFPs have evolved to become an efficient and cost effective method of document distribution and storage and an integral part of the IT infrastructure. However, it is this network connectivity, along with hard disk and memory storage, that means that MFPs are susceptible to the same security risks as PCs and servers.
The more advanced and integrated MFPs become, the greater the risk to confidential information during a document's life cycle when it is being copied, printed, scanned or faxed. It should be a given that data integrity is ensured at all stages including the processing, transmission and storage of printed material. Printed material remains a core component of most business processes, and securing sensitive or confidential paper based documents and information is key to complying with regulations such as the data protection acts, the US Sarbanes Oxley Act and Basel II—to name but a few. An unsecured printing environment can have serious implications for any business in relation to maintaining the information security of businesses and the customers.
So what are the main MFP security challenges and how should they be addressed?
1. Protect the device
At the most basic level, document security can be compromised by printouts being left in output trays to be picked up by unauthorised recipients. Using secure print products guards against the risk of interception by ensuring only authorised users are able to access their print jobs. This is achieved through print authentication which is a cost-effective and relatively non-disruptive means of increasing security. It offers a form of access control that enables organisations to prevent unauthorised users from using specific device functionality, route sensitive documents to secure printers as well as regulate retrieval and create an auditable paper trail detailing device usage to ensure regulatory compliance.
There are typically two categories of print authentication controls: Walk-up authentication occurs at the MFP and allows organisations to predetermine service availability based on specific user qualification criteria such as job function or title. In contrast, network authentication occurs at the infrastructure level and allows organisations to predetermine service availability based on technological criteria such as device type and location. Also known as PIN and pull printing, print jobs can be saved electronically in the device, or on an external server, until the authorised user is ready to print them. The user provides a simple PIN code or uses an alternative authentication method such as a swipe card, proximity card or fingerprint authentication. There are many products in this space, including Capella's MegaTrack, Jetmobile‘s SecureJet and Ringdale's FollowMe, all of which are compatible with most MFP devices.
The majority of MFPs on the market today offer a standard hard disk drive that provides large storage capacity. In addition to storage, the hard disk drive is used to manage all data flow in to and out of the device. As the image data is transmitted or scanned into the device, it is stored temporarily in the hard disk drive until processed. Additional steps are needed in order to completely render all data on an MFP's hard drive completely useless to safeguard against the theft of the MFP device or the drive itself.
There are several options to protect the integrity of the hard disk drive and network data. This includes lockable and removable hard drives, data encryption and disk overwrite features. Data overwriting ensures that the hard drive is absolutely clear of readable data. It works by overwriting the actual data with random and numerical characters. Residual data also can be completely erased when the encryption device and the hard disk drive are removed from the MFP.
When it comes to scanning, further protection is needed when scanning documents to email and network locations. With Secure PDF, users can assign a password to scanned PDF documents directly from control panel of the MFP. The password allows for various levels of control such as access, printing, editing and copying the content. Canon, for example, offers features such as secure watermarks and digital user signatures, to track who has sent, printed and scanned each document. Users have to identify themselves before they can send an email, thereby eliminating unauthorised use.
2. Secure the network
Many print jobs are unencrypted and therefore are unsecured as they pass over the network. This need not be so, MFP devices can make use of several protocols and communication methods to improve security. The most common way of encrypting print jobs is SSL (secure socket layer) which prevents hacking and allows sensitive documents to be printed via a wired or wireless network. Using an SSL connection means the information exchanged, including the user's credentials, names, email addresses and fax numbers, is encrypted to preserve the confidentiality and privacy of the data. Implementing secure protocols such as IPSec allows all wide area network traffic to and from printers and MFPs to be secured in the same way.
To Continue Reading: Click Here
---------------------------------------
Source: ITDirector.com
By: Louella Fernandes
The more advanced and integrated MFPs become, the greater the risk to confidential information during a document's life cycle when it is being copied, printed, scanned or faxed. It should be a given that data integrity is ensured at all stages including the processing, transmission and storage of printed material. Printed material remains a core component of most business processes, and securing sensitive or confidential paper based documents and information is key to complying with regulations such as the data protection acts, the US Sarbanes Oxley Act and Basel II—to name but a few. An unsecured printing environment can have serious implications for any business in relation to maintaining the information security of businesses and the customers.
So what are the main MFP security challenges and how should they be addressed?
1. Protect the device
At the most basic level, document security can be compromised by printouts being left in output trays to be picked up by unauthorised recipients. Using secure print products guards against the risk of interception by ensuring only authorised users are able to access their print jobs. This is achieved through print authentication which is a cost-effective and relatively non-disruptive means of increasing security. It offers a form of access control that enables organisations to prevent unauthorised users from using specific device functionality, route sensitive documents to secure printers as well as regulate retrieval and create an auditable paper trail detailing device usage to ensure regulatory compliance.
There are typically two categories of print authentication controls: Walk-up authentication occurs at the MFP and allows organisations to predetermine service availability based on specific user qualification criteria such as job function or title. In contrast, network authentication occurs at the infrastructure level and allows organisations to predetermine service availability based on technological criteria such as device type and location. Also known as PIN and pull printing, print jobs can be saved electronically in the device, or on an external server, until the authorised user is ready to print them. The user provides a simple PIN code or uses an alternative authentication method such as a swipe card, proximity card or fingerprint authentication. There are many products in this space, including Capella's MegaTrack, Jetmobile‘s SecureJet and Ringdale's FollowMe, all of which are compatible with most MFP devices.
The majority of MFPs on the market today offer a standard hard disk drive that provides large storage capacity. In addition to storage, the hard disk drive is used to manage all data flow in to and out of the device. As the image data is transmitted or scanned into the device, it is stored temporarily in the hard disk drive until processed. Additional steps are needed in order to completely render all data on an MFP's hard drive completely useless to safeguard against the theft of the MFP device or the drive itself.
There are several options to protect the integrity of the hard disk drive and network data. This includes lockable and removable hard drives, data encryption and disk overwrite features. Data overwriting ensures that the hard drive is absolutely clear of readable data. It works by overwriting the actual data with random and numerical characters. Residual data also can be completely erased when the encryption device and the hard disk drive are removed from the MFP.
When it comes to scanning, further protection is needed when scanning documents to email and network locations. With Secure PDF, users can assign a password to scanned PDF documents directly from control panel of the MFP. The password allows for various levels of control such as access, printing, editing and copying the content. Canon, for example, offers features such as secure watermarks and digital user signatures, to track who has sent, printed and scanned each document. Users have to identify themselves before they can send an email, thereby eliminating unauthorised use.
2. Secure the network
Many print jobs are unencrypted and therefore are unsecured as they pass over the network. This need not be so, MFP devices can make use of several protocols and communication methods to improve security. The most common way of encrypting print jobs is SSL (secure socket layer) which prevents hacking and allows sensitive documents to be printed via a wired or wireless network. Using an SSL connection means the information exchanged, including the user's credentials, names, email addresses and fax numbers, is encrypted to preserve the confidentiality and privacy of the data. Implementing secure protocols such as IPSec allows all wide area network traffic to and from printers and MFPs to be secured in the same way.
To Continue Reading: Click Here
---------------------------------------
Source: ITDirector.com
By: Louella Fernandes
Subscribe to:
Posts (Atom)
