Ad: Manage updates with the Download App
ie8 fix

compliance

E-mail anger meter gets sensitivity training

Lymbix is releasing a more accurate version of its e-mail sentiment analysis app, ToneCheck, today. If you're an Outlook user and haven't checked out this service, give it a whirl. It's one of the more interesting Outlook plug-ins.

ToneCheck monitors your e-mail's composing window for potential errors of tone, just as spell-check scans for errors of spelling or grammar. The plug-in will tell you if there are sentences in a message that are likely to come across as aggressive, or likely to cause the recipient to feel sad, or fearful, or humiliated.

If ruining someone's day is what you want, though, ToneCheck won't actually change anything for you. Nor does it attempt to rewrite your messages. It just alerts you to the potentially troublesome emotional backlash you may be setting yourself up for.

The Outlook plug-in is easy to use and unobtrusive. A little meter stays out of the way, only blushing red with a "Tone Alert" when your message goes off the rails. When you click through, It tells you how, flagging sentences with words like "Concerning," or "Upsetting."

You get the chance to correct your tone before HR gets wise to you. And make no mistake, the HR department and other corporate overseers are the intended customers for this service. While the individual plug-in is free and kind of sick fun for a while, Lymbix's goal is to sell corporate versions of this app, as well as API access to its service, to businesses and development shops that support them. The idea is to bake this engine into CRM and other outbound messaging systems. The API is also being used, currently, to add outbound sentiment scanning to Twitter via the HootSuite enterprise Twitter management system.

Read more

Backupify is more than a backup service

Mirco Wilhelm, the poor guy whose Flickr account was mistakenly wiped out, along with the 4,000 photos, comments, and working hyperlinks in it, could have saved himself some amount of heartache had he signed up for Backupify, a handy utility that backs up social and cloud-based services to ensure against just this type of thing. Backupify is much more than backup, though--more on that in a second.

Wilhelm got lucky. A day after the error at the Yahoo photo-sharing site that led to the deletion of his account, Flickr figured out how to restore his data. The story ended happily, and has the advantage of serving as a reminder to all of us that the "cloud" can leak. Our data on a Google, Yahoo, or other online services might be safer than it is on a hard drive in our home, but it's not absolutely safe. It pays to keep backups, and that's just what Backupify does. The Wilhelm incident was also served as priceless advertising for Backupify.

Most cloud data problems are user error, Backupify CEO Rob May tells me. With his service, you can undo your own errors. Or, as in the Wilhelm case, your provider's. Services supported include Twitter, Facebook, Gmail, Google Docs, and several others. Support for LinkedIn will be announced next week.

Backupify is easy to use: Point it at your online accounts, authorize it to access them, and then periodically, Backupify goes in, slurps your data out, and stores it on its own cloud servers. Yes, it backs up the cloud into another cloud. The option to back up to your own hardware is coming later, possibly via Dropbox sync, which would be pretty cool.

Restoring deleted data, though, is another kettle of fish. For some services, like Google Docs, it's easy to pump Backupify archives back into the service, either to un-delete an erroneously erased file, or to transfer information in bulk from one account to another. But in other cases, restore doesn't work quite so cleanly. You cannot restore a Twitter account, for example, since the Twitter API doesn't provide a way to push a status update into the Twitter system with anything but the current date and time. A restored Twitter account would have all your tweets looking like they were posted milliseconds apart. But you do get a usable, potentially searchable archive of your Twitter activity, which you will eventually be able to scan with other apps. Currently, you can ask the service to send you a PDF of everything that Backupify can grab.

Read more

W3C seeks help, patience with HTML5 tests

The World Wide Web Consortium is griping about this week's premature judgments regarding which browser best complies with the HTML5 standard and is asking for help to improve its tests.

Philippe Le Hegaret, who oversees HTML5 and other standards at the W3C, today chastised those who concluded from tests done so far that Internet Explorer 9 is leading the race to support the new Web page technology. The W3C has added 135 new HTML5 compliance checks in the last month, bringing the total to 232, but that's nowhere near enough, he said.

"It seems that people are … Read more

HP completes tender offer for ArcSight

HP announced today that it has completed its tender offer of ArcSight and expects to integrate its new acquisition with an HP subsidiary in the next several days.

Around 33.1 million shares, or 92.1 percent of ArcSight's outstanding shares, were tendered to HP, giving it full ownership of the security and compliance management company. HP paid a total of $1.5 billion, or $43.50 per share, to acquire ArcSight, which makes products to help businesses monitor their networks and data centers for security threats.

HP is eyeing its integration of ArcSight as a way to protect … Read more

A world without records

I received an e-mail recently from my good friend and book co-author Chris Stakutis, who is also vice president of emerging technology at CA.

Chris can have very different ways of looking at things, a quality that makes him well-suited for his job. The e-mail I'm reprinting below (with a few edits for brevity) is a case in point.

From time to time, one of the organizations that specializes in counting things speculates that in the next five years, humans will generate many yottabytes of data. Here's an example from IDC. (Yes, you can yotta yotta data.) These … Read more

Security driven by compliance, rather than protection

A new report by Forrester Research, commissioned by Microsoft and RSA, the security division of EMC, found that even though corporate intellectual property comprises 62 percent of a given company's data assets, security programs are focused on compliance rather than data protection.

The report highlights a number of key findings, that provide a number of things to think about if you are remotely involved in the security of corporate data:

Secrets comprise two-thirds of the value of firms' information portfolios Compliance, not security, drives security budgets Firms focus on preventing accidents, but theft is where the money is The more valuable a firm's information, the more incidents it will have CISOs do not know how effective their security controls actually are

According to Forrester, corporate security programs are typically divided into two main categories of data types to protect: secrets and custodial data.

Secrets--that can confer long-term competitive advantage such as product plans, earnings forecasts, and trade secrets.

Secrets refer to information that the enterprise creates and wishes to keep under wraps. Secrets tend to be messily and abstractly described in Word documents, embedded in presentations, and enshrined in application-specific formats like CAD.

Custodial data--which includes customer, medical, and payment card information that becomes "toxic" when spilled or stolen.

Custodial data has little intrinsic value in and of itself. But when it is obtained by an unauthorized party, misused, lost, or stolen, it changes state. Data that is ordinarily benign transforms into something harmful. When custodial data is spilled, it becomes "toxic" and poisons the enterprise's air in terms of press headlines, fines, and customer complaints. Outsiders, such as organized criminals, value custodial data because they can make money with it. Custodial data also accrues indirect value to the enterprise based on the costs of fines, lawsuits, and adverse publicity.

Forrester notes that while toxic data spills are both dramatic and expensive, secrets are actually much more valuable and are an "underappreciated and underprotected information asset." … Read more

Why we can't have nice security

I know this is TLDR fodder of the highest order, but I'd like to read to you from a press release--for a security product, even. Here it goes:

The entire line of Spyrus Hydra PC USB encryption drives are invulnerable to such attacks because no password authentication values or keys are ever stored on Hydra PC devices after logoff or removal. Unlike any competing USB encryption drive, the Hydra PC reconstitutes a Master Key Encryption Key at logon using a FIPS-approved Key Derivation Function which utilizes, at a minimum, an Elliptic Curve Diffie-Hellman (ECDH) public/private key pair … Read more

Employers grappling with social network use

Social networking is on the rise, both on and off the job, leaving companies uncertain how to monitor their use by employees, reports new survey.

More than 50 percent of companies questioned said they have no policy to address the use of social networking by employees outside the workplace, according to a survey released Wednesday by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association.

Typically, companies shy away from restricting an employee's actions off the job. But businesses are concerned about employees who use social networking and reveal private details or post inappropriate pictures … Read more

IBM buys security provider Ounce Labs

IBM has purchased Ounce Labs, a privately held software security provider, the companies said Tuesday.

Software developers often face both security and compliance issues with their products. Ounce Labs uses its technology to scan the source code of an application, hunting for security holes and compliance failures. Ounce tries to track down problems early on in a product's development when they're easier and cheaper to fix.

IBM will integrate Waltham, Mass.-based Ounce Labs into its Rational software business, which offers security and compliance testing. Big Blue said it believes that the combination of Ounce Labs and Rational … Read more

LogLogic demos power of embedded Linux

Linux gets a great deal of credit and attention in the desktop and server markets, where it's visible and gaining market share. However, too often, we overlook the power of the Linux platform when it's hidden inside appliances, the so-called embedded market where Linux has long played a dominant role (and where I got my career start in open source at Lineo).

In embedded, Linux dwarfs Microsoft. It's time we took notice.

The most recent Linux-focused IDC market-sizing report came out in spring 2008 at the Linux Foundation's annual summit. The numbers are remarkable:

Server operating … Read more