Well it has been a while since I last blogged and that is because I have just been so manic, busy beyond belief, mostly because of work. It has been eventful, firstly with new deployments eating most weekends as well as technical challenges.
Lately I have been battling with Blackberry encryption. In the past this was a straight forward setup with their old version of BES Professional so I thought I would try out the new version BES Express. According to the marketing blurb on RIM’s website it leads you to believe their new freeby product Blackberry Enterprise Server Express 5 supports PGP.
This link http://na.blackberry.com/eng/services/business/server/express/features.jsp#tab_tab_security
and has the following info:
“Flexible security architecture
For implementations requiring additional security, PGP®, S/MIME and PGP/MIME are also supported. Over 35 IT policies further support the needs of your business by providing adjustable security levels and capabilities that include the following:
• Impose a device lock-down
• Wipe data from a lost or stolen device
• Wirelessly enforce security settings such as Bluetooth® lockout”
Having read the bit that says “flexible security architecture for implementations requiring additional security, PGP, S/MIME and PGP/MIME are also supported” I thought bingo! This should be quick and easy to configure however after two weeks of pulling my hair out and eventually deciding to bite the bullet, admit defeat and pay for Blackberry support, they have come back to say, “errrr actually it doesn’t support PGP”.
This has been a bit of a blow for me seeing as I had recently deployed a new BES Express server for our business based on this info, predominantly to get the new features such as HTML mail. Alas, when it came down to it I could not find the option to configure PGP in the server and so it turns out neither could their support team.
I guess the bottom line is that you can’t always believe what you read! It is a shame that this little exercise has cost me a support ticket and also two weeks of my time on and off trying to sort this out.
Monday 31 May 2010
Wednesday 12 May 2010
Time for change
After a week of political uncertainty we now have a new government, a historic moment of political compromise. It will be a time of change and a time of spending reviews. There will be cuts to public spending, there has to be because it is unsustainable and you definitely cannot borrow your way out of debt so something must give.
My only worry is that it will be cuts that are deemed low hanging fruit and the significance or importance is not appreciated compared to a quick budgetary win. As always it is down to perception of what is important to the individual making the cuts and there will be some difficult decisions to make however this should in no way compromise our security or information assurance. Data is precious, it is valuable, I am mindful of the average cost of a record for a data breech and also how valuable data is to the criminal world.
There were some interesting facts presented at the Ecrime Congress in London this year about how much personal data is worth, information about individuals that is being bought and sold around the globe. Credit card details, addresses, bank details, information we all hold dear is being traded.
My overarching fear is that with the exabytes of data that the last government harvested will become vulnerable unless security measures are kept and tightened. This is a difficult task in a climate of prudence and austerity where it would be easier to cancel the security project and save a bit of money now and worry about data loss later which would be a bigger crime than the wasting of billions to date has been.
So by all means cut the waste but let’s not cut back on security, especially when it comes to the data they have about you and me!
My only worry is that it will be cuts that are deemed low hanging fruit and the significance or importance is not appreciated compared to a quick budgetary win. As always it is down to perception of what is important to the individual making the cuts and there will be some difficult decisions to make however this should in no way compromise our security or information assurance. Data is precious, it is valuable, I am mindful of the average cost of a record for a data breech and also how valuable data is to the criminal world.
There were some interesting facts presented at the Ecrime Congress in London this year about how much personal data is worth, information about individuals that is being bought and sold around the globe. Credit card details, addresses, bank details, information we all hold dear is being traded.
My overarching fear is that with the exabytes of data that the last government harvested will become vulnerable unless security measures are kept and tightened. This is a difficult task in a climate of prudence and austerity where it would be easier to cancel the security project and save a bit of money now and worry about data loss later which would be a bigger crime than the wasting of billions to date has been.
So by all means cut the waste but let’s not cut back on security, especially when it comes to the data they have about you and me!
Thursday 6 May 2010
is this the death of PGP innovation?
It has been a little while since my last post, I have been manic. The big news for me has been the recent purchase of PGP by Symantec. I make it no secret, although I try not to promote it here, that I think the PGP product set is a great platform for encryption. I love the way the product platform fits together than delivers the company slogan, defending data to the core. It is a Ronseal slogan, it does what it says.
All business, no matter how big or small, rely on data, without data you cannot function no matter what your business. Think about it, even if you don’t have computers you still keep financial records, transaction histories, customer information. All examples of data. PGP deliver a great product suit that gives end to end protection and has the widest spread of products delivering the most protection in the market.
My only worry is that with Symantec taking them over (along with several other encryption businesses) that the innovation and product diversity will start to dwindle and we will lose what has been, up until now, the market leader with regards to encryption. Their boast used to be that they were agnostic only delivering encryption products rather than a whole portfolio of products with encryption being one of them.
I am interested to see how this develops, especially now that Symantec has binned its consulting division, and I hope that Symantec value the strength of the PGP product portfolio as much as I do and keeps on funding the innovation rather than just absorbing it into their ever growing range of products.
All business, no matter how big or small, rely on data, without data you cannot function no matter what your business. Think about it, even if you don’t have computers you still keep financial records, transaction histories, customer information. All examples of data. PGP deliver a great product suit that gives end to end protection and has the widest spread of products delivering the most protection in the market.
My only worry is that with Symantec taking them over (along with several other encryption businesses) that the innovation and product diversity will start to dwindle and we will lose what has been, up until now, the market leader with regards to encryption. Their boast used to be that they were agnostic only delivering encryption products rather than a whole portfolio of products with encryption being one of them.
I am interested to see how this develops, especially now that Symantec has binned its consulting division, and I hope that Symantec value the strength of the PGP product portfolio as much as I do and keeps on funding the innovation rather than just absorbing it into their ever growing range of products.
Subscribe to:
Posts (Atom)
