Messaging News - The Technology of Email and Instant Messaging

Text Message Policies: Privacy Expectations and Employees

Stephanie Jordan — Thu, 22 Jul 2010 18:57:43 +0000

Here’s a reminder to employees: your employer may legally read the text messages you send. In June the Supreme Court, in the case of City of Ontario v. Quon, unanimously ruled that the City of Ontario had the right to audit messages sent by an employee over a company-issued pager. The California city, in its “Computer Usage, Internet and Email Policy” states that it has the right to monitor and log all network activity, including email and Internet use and that “users should not have the expectation of privacy or confidentiality when using these resources.” Quon had signed an acknowledgement of the policy.

What made this case interesting was that the text messages were being sent not over the City network, but instead over the radio frequency of a third-party wireless service. At the time the pagers were distributed, the City stated that the text messages would be treated in the same manner as emails and as such were covered by the electronic policy.

The trouble started when Quon (and others that had received the pagers) regularly exceeded the character limits set by the City. The cost of the character overage was the responsibility of the individuals. Quon paid for his overage amount, when it occurred. The City administrator, in an effort to explore if the character limit was set appropriately, requested the third-party to provide the transcripts of the messages to determine if the overage was due to personal use or work-related use. It was discovered that in one month Quon sent 456 messages during work hours, of which no more than 57 were work related. Quon was disciplined for this non-work messaging activity, but he contended that his messages should have remained private and were protected by the ban on “unreasonable searches and seizures” found in the Fourth Amendment to the United States Constitution.

The intent of the audit, as well as if the third-party was at fault for turning over the transcripts, was probed particularly in this case and its appeals. If the reason for requesting the third-party transcripts of the messages had been to see if Quon was “wasting time” then the City may have indeed been in trouble. Since the review was to see if the character limits were appropriately set and to ensure that employees were not being asked to pay for possible work-related costs, the court deemed that the Fourth Amendment was not violated.

The City of Ontario’s Computer Usage, Internet and Email Policy also strengthened the City’s case. This emphasizes the importance of having a policy for electronic communications. If Quon had not signed the policy, the City very well could have lost the case because the employees right of “reasonable expectation of privacy” could have been considered violated by the audit.

EDITOR’S NOTE: Thanks to Smarsh for the story lead.

Epsilon and Message Systems--Real World Solutions

Stephanie Jordan — Thu, 22 Jul 2010 17:22:51 +0000

The Challenge

Epsilon is a marketing services firm that offers clients multi-channel marketing solutions with a full range of direct and digital agency services, including creative, interactive web design, email deployment, search engine optimization and direct mail production. In addition, Epsilon is one of the largest permission-based email marketers.

Epsilon needed a configurable message management platform to segregate and authenticate email streams to protect its clients’ brands, ensure higher deliverability rates. The company also required a solution to consolidate messaging infrastructure and adapt to changing business needs.

The Solution

Epsilon selected Message Systems’ Momentum for more efficient management and scalability as well as next-generation technical capabilities, including advanced clustering, adaptive delivery and email authentication. By deploying Momentum, deliverability of Epsilon’s 40 billion permission-based messages per year on behalf of clients will significantly increase, enabling the company to continue to grow its client base and differentiate global email marketing services in a highly competitive marketplace.

The Customer Rave

“As the world’s largest global permission-based email provider, it’s imperative that our clients achieve peak email performance, exceptional deliverability and strong conversion rates. Email is a valuable tool for today’s multi-channel marketer, but only when messages are reaching the inbox and resonating with customers,” says Andrew Frawley, president of marketing technology at Epsilon. “Message Systems was the clear choice, enabling us to combine business assets, and provide us with reliable message management capabilities to support our outbound email communications.”

What It Does

According to the companies, Momentum provides a customized framework for email service providers to achieve maximum email deliverability without sacrificing flexibility or performance. Momentum’s bounce management, authentication and real-time reporting tools help email service providers to produce more effective message content, improve deliverability and avoid reputation risks.

Last Word

“Momentum is ideal for rapidly growing companies like Epsilon that are scaling quickly and require flexible solutions to ensure the email delivery of the right message at the right time and place,” believes George Schlossnagle, CEO of Message Systems. “Our solution will also strengthen Epsilon’s brand reputation by providing new insight into the messaging stream and business agility for responding to customer needs in real time.”

Smartphones Play Expanding Role For Disaster Survivors

Stephanie Jordan — Thu, 22 Jul 2010 17:18:13 +0000

Your smartphone just became even more useful in the event of a disaster. If you are in an area that has been declared a disaster zone, you can now use your smartphone to apply for federal assistance.

This week the Federal Emergency Management Agency (FEMA) announced the new feature to the m.fema.gov mobile platform to help disaster survivors apply for federal aid from FEMA, and other federal agencies. With this new functionality, disaster survivors can apply for federal assistance directly through their Web enabled mobile phone devices (such BlackBerry, Apple iPhone, or Windows Mobile).

“This new addition to our FEMA mobile site will provide disaster survivors with another avenue to quickly apply for assistance, not just from FEMA, but from the Small Business Administration and our other federal partners,” says FEMA Administrator Craig Fugate. “As smartphones become cheaper and more prevalent, and wireless networks more resilient, these devices are becoming more than just simple communication tools - they can be life lines during emergencies.”

FEMA first launched the mobile version of its Web site in May to give smartphone users easy access to information about emergency preparedness for both before and after a disaster. FEMA says it plans to continue making enhancements to the m.fema.gov platform over the coming months, like “providing individuals the ability to check on their application status or update an existing application, among other things.”

Businesses Using Email Service Providers Likely to Switch Within 24 Months, Plan to Integrate Social Media

Stephanie Jordan — Thu, 22 Jul 2010 17:13:59 +0000

A recent survey of businesses that use an email service provider (ESP) reveals that a majority (77 percent) have changed providers within the last two years. The main reasons for switching: lack of product features, limited services and high costs.

In addition, another third plan to switch in the next 12 months – expressing a lack of product features as the top reason, but adding data integration and deliverability as the other key reasons for planning to switch.

According to the survey analysis:

“Deliverability as a reason to change ESPs is also underscored by 67 percent of companies using an ESP’s deliverability services, making it the most popular ESP service offering by nearly a factor of three. Execution (21 percent) and production services (19 percent) round out the top three services offered by ESPs.”

The survey also says businesses are continuing to look for ways to adopt social media. Not surprising, the survey found that 71 percent of companies have either integrated email and social media or plan to in 2010. Businesses’ top objectives, according to the survey, is to promote corporate presence on social networks (71 percent) and make email content shareable, 63 percent indicate a growth opportunity for more sophisticated social media tactics like viral marketing campaigns (48 percent) and user-generated content (35 percent).

Zoomerang conducted the 2010 Email Marketing Survey of more than a 1,000 global businesses online for StrongMail, a provider of online marketing solutions for email and social media.

Outbound Spam: What It Is and Why It Matters

Stephanie Jordan — Thu, 22 Jul 2010 17:03:42 +0000

Outbound spam is a growing problem. What is meant by outbound spam and how is it different from the spam you well know? According to Osterman Research, inbound spam has been a problem for about the past nine years and represents upwards of 80 percent of all email. Outbound spam, in Osterman Research’s view, is a rapidly growing problem for service providers who act as “unwilling hosts.”

In its paper The Growing Problem of Outbound Spam for Commtouch, Osterman notes “Outbound spam—that content sent from Web hosting companies, SaaS email providers, Internet access service providers, free email service providers, and onsite email managed service providers—creates enormous problems on a number of levels.”

Key outbound spam culprits are the zombie networks. Service providers, that participated in the survey for the whitepaper, report that 11.2 percent of their users’ accounts are currently part of a botnet that is being used for sending out spam, and 86 percent of the service providers report that they are actively battling zombies in their networks.

The statistic that interested me from the report was that of another source of outbound spam, the creation and use of email accounts specifically meant to send spam. Here it is: “The service providers we queried reported that one in eight users’ accounts are openly sending out spam and/or malware.” WIth a ratio like that it is easy to see why our email inboxes get inundated with spam.

The Osterman paper goes on to review some of the current tactics and solutions for dealing with the problem of outbound spam, the effects of outbound spam and its negative consequences, and finally what a good outbound spam solution looks like. To learn more, request the paper from Commtouch.

EEC Adopts New Email Measurement Standards, Encourages Industry to Follow

Stephanie Jordan — Thu, 15 Jul 2010 21:04:43 +0000

The Email Experience Council (eec) is the email marketing arm of the Direct Marketing Association and its members are professionals that represent trade organizations, agencies, advertisers, technology partners and others that focus on electronic marketing. Its founding came about for a few reasons, but mostly because email is largely unregulated when it comes to marketing. The council believes this lack of regulation has allowed what they term “unscrupulous marketers” to abuse email.

A function of the ecc is its member roundtables, which set standards and seek initiatives pertinent to email marketing and communications practices. One issue it recently tackled is measuring email campaigns. Email marketing success has traditionally been driven by measurement, however the metrics used have not been standardized across the industry.

“Industry standard metrics is so foundational that many marketers don’t even think to ask if an open is always an open or if delivered doesn’t mean reaching the inbox,” says eec Measurement Accuracy Roundtable vice-chair and Return Path, Inc. VP of Global Market Development Stephanie Miller.

The Measurement Accuracy Roundtable worked to create standardized metrics for industry adoption. The two-year effort ended in March, when the eec introduced eight email marketing measurement standards that it hopes marketers will adopt.

As of late last month, just two vendors (AllWebEmail and Email Transmit) have actually adopted the standards, but the ecc notes that 11 others have promised to implement the standards in the coming six months.

“I believe in this standard because it provides four main benefits to the email marketers. It improves testing validity by limiting environmental variance, improves industry benchmarking through increased data conformity, improves internal reporting for benchmarking by easing the transition between vendors and finally use of the standards will normalize data across the industry, a key assumption required for any statistical analysis”, said eec Measurement Accuracy Roundtable co-chair Luke Glasner of Glasner Consulting.

The new measurement standards include eight definitions for reporting on Accepted, Render and Click-through. In the past, not only were multiple names and terms used that confused some marketers, but also different vendors used different calculations for the same terms.

Project co-chair John Caldwell of Red Pill Email believes, “The email industry has long been without measurement standards, using terms and definitions that make it impossible to benchmark properly or compare vendor performance with confidence. The good work of our volunteer eec member committee is the first time the industry has rallied around a common set of measurement standards.”

Organizations that adopt and conform to the eec’s email marketing measurement standards will be given an official seal to display on the company’s Web site. Those interested in participating will find an application on the ecc site.

Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: sjordan [at] messagingnews [dot] com

Android Deemed Not Ready for Enterprise, Limited Support for ActiveSync

Stephanie Jordan — Thu, 15 Jul 2010 19:35:31 +0000

In its January report, J. Gold Associates LLC stated that it expected: “to see a significant increase in market share for Android, becoming third behind Symbian and BlackBerry by 2013, with iPhone in fourth place.”

In its June report, the analyst group rescinded the prediction, instead saying: “Android is not ready for the enterprise.” Why the turnaround? The limited support for ActiveSync, and perhaps more importantly the lack of communication about when it may be resolved, has caused them to re-evaluate the predicted Android market share.

“The primary fault lies in the inability of Android to enforce key corporate polices set within Exchange so companies can assure compliance before allowing a device to connect. And while third-party apps exist that ‘trick’ the Exchange server into thinking the policies (e.g., wipe, complex password, VPN, etc.) have been set, the current implementation of Android (2.1) doesn’t allow such settings to be enforced,“ notes analyst Jack Gold in his report.

Gold goes on to note that the upcoming Android version 2.2 while improved, still does not have enterprise-class policy enforcement. The firm believes that as a result, other major mobile OSes are better suited for the enterprise.

The report offers a nice OS comparative chart in its June 15 Technology Brief.

Indiana Wesleyan University and Quantum Corp. -- Real World Solutions

Stephanie Jordan — Thu, 15 Jul 2010 19:30:39 +0000

In the past two decades, Indiana Wesleyan University evolved from a small liberal arts college with 1,000 students to a university with campuses spread over three states. However, with this growth came data backup and restore challenges that the university’s legacy tape library wasn’t designed to accommodate.

“We really needed to address the limitations of our backup system. When it takes longer than 24 hours to do a daily backup, you know you have a problem,” says Everette Webber, director of systems administration for the university. “Restore was another big issue. When we needed to restore a file, we would have to wait for the prior day’s backup to be done before starting. It was impossible to tell users with any confidence when they would have their data back.”

Webber felt it was critical to reduce backup time and have an infrastructure that provided an effective way to restore data quickly. After speaking with several consultants, he was convinced that the university needed a combination of a disk-to-disk solution with deduplication technology and an integrated tape library for archival purposes. Ultimately, Webber chose Quantum’s DXi7500 Express system with 9 TB of disk space, along with a Quantum Scalar i500 tape library. Webber’s team also took the opportunity to update the university’s existing backup software, Symantec NetBackup, to version 6.5.

The team created 40 virtual servers using VMware Consolidated Backup, with 12 virtual servers backing up to the DXi7500 and the remainder backing up to tape. This approach enables the team to back up an entire VM image and perform a file level restore from that image. Critical information that would need to be restored quickly in the event of a disaster, as well as information that is subject to frequent restore requests, is earmarked for the DXi7500, according to Webber. He also reports that restoring files is now a “pain-free process” that allows staff to give a confident estimate of when users will see their data again.

“With our new capabilities, we are backing up things that we couldn’t get to before,” notes Webber. “We’ve established unique retention schedules for different types of data, as well as separate policies for what goes on disk or tape.”

E-Discovery Application for iPhone and iPad May Aid Administrator's Responsiveness

Stephanie Jordan — Thu, 15 Jul 2010 19:20:51 +0000

The iPad continues to flood the market as, according to Apple in late June, three million iPads have sold in the 80 days since its introduction in the U.S. Despite reported reception problems, iPhone 4 is likewise streaming into the world, with more than 1.7 million iPhone 4 devices sold through June 26, a mere three days after its launch. With such numbers (that continue to grow daily), it is no wonder that such consumer-oriented products are coming into the workplace.

For those organizations that use the Clearwell E-Discovery Platform, Clearwell Systems, Inc. announced this week the launch of iClearwell, which the company calls the industry’s first electronic discovery companion application available for iPhone and iPad.

“One of the easiest ways to drive workforce productivity is to provide application access to remote and distributed employees,” comments Brian Babineau, senior consulting analyst at Enterprise Strategy Group. “This is especially true in electronic discovery, where deadlines are increasingly aggressive. By providing access to its robust application and facilitating increased collaboration within the electronic discovery process, iClearwell allows a unique flexibility to manage cases remotely, generating substantial time savings in completing initial analysis and first pass reviews. These are benefits that companies cannot afford to pass up.”

iClearwell allows access to the Clearwell E-Discovery Platform from an iPhone or iPad. With iClearwell, users of the Clearwell E-Discovery Platform can access, configure, and view the status of cases and servers while on the go. Users can manage the list of cases on each server; monitor processing status and statistics for all cases; start, stop, or view the status of any task, such as production or backup tasks; and also email log files. iClearwell offers granularity in that users can view system-specific settings such as the cases, tasks, and users on each server and also view case-specific settings such as data sources, tasks, users, and productions.

“E-Discovery is an inherently complex business process, and with the growth of the mobile workforce, it will become increasingly beneficial to have the ability to manage cases remotely in order to maintain fluidity among the entire case team,” said Kamal Shah, VP of products and marketing at Clearwell. “With the release of iClearwell, we are able to arm Clearwell administrators with increased responsiveness and greater control by allowing them the flexibility to respond immediately, anytime, anywhere as they work to meet critical E-Discovery deadlines.”

The iClearwell application is currently available in the iTunes store.

How Standard Is FaceTime on the iPhone? Packet Capture Verification

Ben Gross — Tue, 13 Jul 2010 22:01:17 +0000

Apple CEO Steve Jobs announced FaceTime video conferencing for the iPhone 4 during his keynote at the Apple World Wide Developer Conference (WWDC) in June. FaceTime takes advantage of new frameworks that are part of iOS 4 in addition to the new hardware capabilities of the iPhone 4 including the front facing camera, the high-resolution Retina display, and the increased speed of the A4 processor. Jobs stated that FaceTime based on existing standards and that FaceTime itself would be published as an open standard. Packet captures of FaceTime sessions give a clearer picture of which standards Apple employs and how Apple implements these standards.

Jobs’ demonstration showed a seamless video conferencing experience that could be initiated directly as a video chat or by upgrading a traditional voice call to video. FaceTime currently only operates over a WiFi connection on an iPhone 4 and not on earlier devices. Jobs said that Apple was working on carrier agreements to allow FaceTime to work over a 3G connection. You can read a transcript of the 2010 WWDC Keynote at Macworld, view a gallery WWDC 2010 keynote images at The Mac Observer or watch the official video of the Apple WWDC 2010 Keynote Address.

Jobs stated that FaceTime was based on H.264, AAC, SIP, STUN, TURN, ICE, RTP, and SRTP standards. Stephen Strowes has a nice description of the standards and how they interact in his post iPhone4, Facetime, and open standards. Even though Jobs explicitly listed the standards on a slide during the presentation, I could find no official mention of the standards on the Apple web site or a record of a submission of FaceTime to a standards body. Apple will certainly publish all the details in time, however I wanted to see what I could verify at the present time.

I assumed that observing a FaceTime session with a packet sniffer would provide all the information needed. Unfortunately my iPhone 3GS is not capable of running FaceTime, so I looked for others who had analyzed packet captures of FaceTime sessions with an iPhone 4.

Arjun Roychowdhury and FryGuy both posted quick analyses on June 25th. Both primarily looked at the voice portion of the call setup. In Facetime on Iphone 4: Vanilla unencrypted STUN and SIP, Roychowdhury used Wireshark to find that Apple implemented the voice setup portion using standard SIP mechanisms. He posted further clarifications in the comments. FryGuy published similar findings in iPhone 4 and FaceTime Packet Capture using a Cisco ASA capture filter.

Joshua Wright’s ongoing series in the Packetstan blog is far and away the most detailed analysis of the FaceTime protocol. Wright nicely describes his use of Wireshark, videosnarf, and openssl so that others can replicate his experiments. In Face Time (part 1: Introduction), Wright provides a quick characterization of a FaceTime session, which traffic is delivered of TCP vs. UDP and which portions are encrypted. In Face Time (part 2: SIP and Data Streams), he dissects the SIP portion of the session with Wireshark and uses videosnarf to analyze the RTP media streams. Wright found that FaceTime extends SIP MESSAGE authentication in non-standard way and that neither the audio nor the video portions of the FaceTime sessions are encrypted. Finally, in Face Time (part 3: Call Connection Initialization), Wright finds that FaceTime authentication uses Jabber/XMPP with SSL on TCP port 5223 that connects to a Jabber server at Apple with client certificates. The certificate-based authentication means that Apple will be able to control which devices are able to connect to its own servers. Wright speculates that the certificate could be extracted from a jailbroken iPhone and used with other clients. Joshua’s own blog, Will Hack For SUSHI, is sporadic, but excellent.

Highly Profitable Email Newsletters

Ben Gross — Fri, 09 Jul 2010 21:29:37 +0000

In Email Newsletters Are Still A Serious Business, Jason Baptiste continues his survey of highly successful email newsletters. He discusses the recent sale of Help A Reporter Out (reportedly sold for twenty million), Thrillist (more than two million subscribers), Tasting Table, GeekChicDaily, DailyWorth (more than forty thousand subscribers), Letter.ly, Groupon, and ScoopSt. Jason’s original article from October 2009, Email Newsletters Are Serious Business, covered DailyCandy (sold for one hundred and twenty-five million), Thrillist, Help A Reporter Out, Jason Calacanis’, and Ideal Bite newsletters.

One interesting new development is the Letter.ly service from Sam Lessin the founder of Drop.io. In F*Ck Blogging: My Last Blog Post, Sam announces the launch of his platform for paid newsletters and says he will no longer posting to his blog and will instead published a paid subscription-based email newsletter for $1.99 a month. The Letter.ly service uses Amazon for payments, although I could not find any significant documentation or what cut Lessin takes. I will be watching how the service develops with interest.

In the comments to Jason’s article, I found Email newsletters still going strong from Gus Sentementes at the Baltimore Sun. Gus describes successful email newsletters for businesses around Washington DC and Baltimore including the CityBizList real estate newsletter, SmartBrief’s hundred and fifty email newsletters, and FierceMarkets with twenty-nine newsletters and more than nine-hundred thousand total subscribers.

Consumer Influence on Enterprise IT

Stephanie Jordan — Thu, 08 Jul 2010 22:16:37 +0000

Striving to understand the impact of social networking on the enterprise, Cisco conducted a survey earlier this year of 512 IT security professionals across the U.S., Germany, Japan, China and India. The results reflect, as I would expect, that consumer influence on IT is growing and that more employees are bringing personal devices and applications into the network.

“Increasingly, unapproved and unmanaged personal devices in the corporate environment are hastening the need for more intelligent security management,” believes Chris Christiansen, program vice president, Security Products and Services Group at IDC. “These ‘solutions’ must deal with the difficulty of protecting individuals and corporations, while providing a positive user experience and corporate data access from any device, anywhere, anytime.”

Exploring the security implications of consumer-oriented technology in the enterprise, the survey found that employees are consistently working around information technology security policies to use unsupported devices and applications.

Additional key findings included:

More than half of the survey respondents have determined that their employees use unsupported applications, including:
- Social networking – 68 percent
- Collaborative – 47 percent
- Peer-to-peer – 47 percent
- Cloud – 33 percent
Nearly half (41 percent) of the respondents have determined that employees have been using unsupported devices, and more than one-third of that number said they have had a breach or loss of information due to unsupported network devices.
Despite these trends, about half (53 percent) of the IT respondents said they are likely to allow personal devices on the network in the next 12 months and 7 percent already support personal devices.
More than half (51 percent) listed “social networking” as one of the top three biggest security risks to their organization, while one in five (19 percent) considers it the highest risk.
Nearly three out of four survey respondents said that overly strict security policies have a moderate or significant negative impact on hiring and retaining employees under age 30.

It is not unexpected that unsanctioned tools, like social networking, are so prevalent. As the report notes, social media is an unprecedented and highly beneficial tool for many parts of an organization, especially human resources, marketing and customer service. There is a clearly a place for the technology, and it appears that users are making the choice on behalf of the organization.

“As the lines between personal and business computing increasingly blur, it is becoming clear that employees are going to use social networking and personal devices whether permitted or not,” observes Fred Kost, director, security solutions for Cisco. “The best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use. These solutions involve more than technology. Organizations should develop education programs, corporate policies and best practices in order to realize the extensive business benefits of social networking, while protecting against the variety of potential threats that it can present.”

The survey results are available now.

Data Loss Incidents Rise, Creates Need for Online Trust and Privacy Protection

Stephanie Jordan — Thu, 08 Jul 2010 20:39:23 +0000

According to the Identify Theft Research Center, data breaches involving personally identifiable information (PII) increased over 600 percent this past year with over 222 million records being compromised. The Online Trust Alliance (OTA) believes that few events can damage a company’s reputation and create mistrust than breaches to PII. Beyond that, breaches are expensive: the Ponemon Institute’s 2009 Cost of Data Breach Report estimates data breach incidents cost U.S. companies $204 (USD) per compromised customer record, compared to $202 (USD) in 2008. The average total per-incident costs in 2009 were $6.75 million.

The OTA offers a Privacy & Data Loss Incident Readiness Planning Guide, to help companies be proactive and prepared in the event of a data loss. It’s a free resource. Another resource the OTA offers is its forums.

Just yesterday, the OTA announced more details for its upcoming forum, to be held September 22 -24 at Georgetown University in Washington DC. The goal of the 5th Annual Online Trust and Cybersecurity Forum is to help e-commerce companies, governmental agencies, financial institutions, and marketers enhance consumer protection while protecting their brands from emerging threats.

White House Cybersecurity leader and presidential advisor Howard Schmidt is the initial keynote, followed by Greg Link of Franklin Covey who will provide a keynote on the Speed of Trust, the New York Times best seller.

“Consumer trust is one of the primary enablers for continuing the global economic growth driven by the Internet,” says Mark Bregman, executive vice president and chief technology officer for Symantec Corporation, who is also a speaker at the event. “A strong public/private partnership between government and business is a key element for ensuring online trust for consumers. Events such as the Online Trust and Cybersecurity Forum help develop the framework necessary for the exchange of information needed to make that kind of partnership successful.”

Event organizers say attendees will learn the latest techniques and best practices, evolving issues in security, privacy and data governance, and strategies for decision-makers to use to align business and marketing goals with technical solutions.

In conjunction with the Forum, OTA will be hosting the OTA Training Academy on Wednesday, Sept 22, offering two half-day training programs on email authentication and email regulatory compliance. Taught by industry leaders, the Academy is a mix of curriculum-based instruction, theory, practical applications and hands-on exercises. Participants will have the option to take a certification exam at the conclusion of the program.

Registration for the forum and the Training Academy is open to the public. (Save $200 (USD), if you register for the forum this month.)

Email Archiving for Microsoft Productivity Online Suite

Stephanie Jordan — Thu, 08 Jul 2010 20:18:58 +0000

From ComArchive comes a new product announcement for archiving email from Microsoft Business Productivity Online Standard Suite (BPOS). BPOS is a set of messaging and collaboration solutions hosted by Microsoft, and consists of Exchange Online, SharePoint Online, Office Live Meeting, and Office Communications Online. ComArchive now supports archiving of email from BPOS and other hosted email services, using the Exchange Web Services (EWS) protocol.

“Whether our customers want to run their Exchange Server and their email archiving solution on premises, hosted or in the cloud, ComArchive is their first choice,” says Svend Frandsen, CEO of ComArchive. The reasons for choosing ComArchive are performance, efficiency and price. We have delivered solutions to all kinds of businesses, both small and large, and they have had success because ComArchive is email archiving made easy. You can install and setup ComArchive in one hour, no matter what operational setup you choose.”

EWS differs from the traditional Microsoft Exchange protocol (MAPI) in that it allows for use over any network topology, including the open Internet. This is especially important when using Microsoft BPOS, which is only available via the Internet. EWS is the Microsoft-preferred way to access Microsoft Exchange Server 2007 and 2010, and uses Hypertext Transfer Protocol (HTTP) and Extensible Markup Language (XML); both well-known and open, industry standard protocols.

About the announcement, Ferris Research commented: “A nice implementation. This provides a lot of flexibility: on-premises message store can have cloud archive, cloud-based message store can have on-prem archive, and so on.”

ComArchive still supports traditional MAPI-based email archiving in addition to Exchange Web Service-based email archiving, and can even use the same archive database and existing users. According to ComArchive, it is possible for a single user to have email archived from both a local exchange server and a cloud server simultaneously; providing maximum flexibility in deployment, planning and migration scenarios.

Growth of VDI Leads to New Security Challenges

Stephanie Jordan — Thu, 08 Jul 2010 20:12:18 +0000

According to a recent study by the Enterprise Strategy Group, 60 percent of enterprises have a desktop virtualization strategy and 45 percent of them will have virtualized 50 percent of their desktops within the next three years. But despite the smaller economic impact of cleaning or rebuilding infected virtual endpoints, most usage scenarios of virtual desktops have a risk profile nearly identical to that of physical desktops.

Trend Micro, Inc. believes the temptation for enterprises is to deploy their existing non-virtualization-aware endpoint security to their virtualized endpoints. Doing so, the company says, poses significant performance challenges on the shared VDI server hardware, leaving end-users negatively impacted. In the end, enterprises are forced to choose between poor VDI Return on Investment (ROI) or poor security along with potential lack of regulatory compliance.

Last month, Trend Micro announced “the industry’s first hypervisor ‘agnostic,’ virtualization-aware endpoint security offering”. OfficeScan 10.5, according to Trend Micro, enables customers to maximize the number of virtualized desktops per host, contributing to a higher ROI of a customer’s VDI investment without lowering security standards. Based on its internal testing, using OfficeScan enterprises can more than double the number of virtual machines per VDI host – without sacrificing security.

For more, read Trend Micro’s whitepaper, “When Desktops Go Virtual,” which examines the security challenges enterprises face within a virtual desktop environment.

Trend Micro OfficeScan 10.5 is expected to be available later this month.

Rackspace, GlobalSCAPE Partnership Agreement Yields Cloud-based File Transfer Product

Stephanie Jordan — Thu, 08 Jul 2010 20:07:36 +0000

In June, GlobalSCAPE, Inc. announced that it had entered into a partnership agreement with Rackspace Hosting. Through Rackspace’s infrastructure, GlobalSCAPE expected to deliver cloud-based managed file transfer solutions for the secure exchange of business-to-business data, including large files and sensitive data.

Yesterday, the company announced availability of GlobalSCAPE Managed Information Xchange (MIX), a new cloud-based managed file transfer (MFT) service that integrates GlobalSCAPE’s Enhanced File Transfer Server (EFT Server) solution with infrastructure from Rackspace.

The technology for MIX is based on GlobalSCAPE’s enterprise MFT solution: EFT Server. According to the company, MIX offers:

options for secure transport protocols
user-friendly interfaces for sending and receiving files
data encryption and security
built-in PCI and FIPS compliance to enforce best practices
event-base automation and processing
capabilities for auditing, reporting and monitoring all information exchange activity

“Customers and prospects have validated the market need for a hosted and managed MFT solution that complements our on-premises solutions,” says Bill Buie, executive vice president of sales at GlobalSCAPE. “Our partnership with Rackspace allows us to present such companies with a compelling value proposition: Industry-leading MFT capabilities delivered securely through a scalable, cloud-based infrastructure with much-reduced capital outlays and predictable monthly expenses.”

MFT technology is growing in adoption by organizations of all sizes, especially for certain industries, as compliance regulations require sensitive information to be better managed with features like audit trails and data encryption. GlobalSCAPE expects MIX to appeal to small- and medium-size businesses, as well as large enterprises wanting an alternative to on-premise MFT solution implementations.

GlobalSCAPE’s new tiered service is designed to help customers outsource all or part of their complex information exchange needs with the benefit of reducing costs, improving operational efficiencies, tracking and auditing transactions, and providing a greater level of security. Available solution tiers range from trial and proof-of-concept implementations to enterprise-scale managed services.

Evolving Security Needs of Enterprise Leads to Borderless Network Systems

Stephanie Jordan — Thu, 01 Jul 2010 19:23:31 +0000

In March, Cisco announced that it wanted to tackle today’s enterprise security challenges with a new architecture to help enable business users to access information from any device and any location with what it termed: “a high degree of ease and security.” At that time, the company announced the Cisco Secure Borderless Network architecture to evolve enterprise security by focusing on four critical anchors: enterprise endpoints (mobile or fixed), the Internet edge, the data center, and policy that is context- and location-aware.

At that time, Tom Gillis, vice president and general manager, Security Technology business unit for Cisco noted: “The security needs of businesses are changing and becoming more complex, as more employees spend time out of the office accessing the corporate network via their smart phone or laptop. As a result, enterprises need a solution that will not hamper employee productivity, while helping to ensure that the network is not exposed to hackers, malware and other threats.”

Building on its Borderless Network, last week Cisco announced that it has partnered with third-party technology vendors to create a validated Secure Borderless Network Systems initiative that allows Cisco to simplify the integration and validation of security systems for its customers.

Cisco points to IDC analyst findings that “indicate that some of the most prominent security management challenges are a result of difficulties with integration, complexity and the complications associated with managing point solutions.”

Cisco says it is addressing these challenges with its validated Secure Borderless Network Systems designs. These validated designs provide a blueprint for tightly integrated solutions of Cisco and third-party products that allows IT managers to simplify the task of managing today’s security policies.

“We’re entering the next phase of evolution in the maturity of the security market,” says Pat Calhoun, general manager, Security Systems Unit, Cisco. “What began as isolated point products eventually developed into a series of loosely integrated product suites. Now with Cisco’s platform leadership, the security market is moving towards tightly integrated multi-vendor systems that deliver the best attributes of the earlier stages, but offer simplicity of operation and ease of deployment not yet experienced in the industry. The launch of our Validated Secure Borderless Network initiative will enable us to act as a trusted adviser to our customers, providing enterprises with a comprehensive system to most effectively meet their security challenges, while reducing their costs and the risks involved with integration.”

Announced partnerships included last week are in the area of secure mobility: HTC, Nokia, Palm and Samsung. For data security, validated designs are available for Cisco Data Security Systems from RSA, Lumension and Credant Technologies. For security management, validated systems are available for tested configurations of Cisco security technology with ArcSight; LogLogic; netForensics; RSA, the Security Division of EMC; and Splunk.

New Features Added to Barracuda Spam and Virus Firewall

Stephanie Jordan — Thu, 01 Jul 2010 19:15:14 +0000

The Barracuda Spam & Virus Firewall is an integrated hardware and software solution that offers email servers anti-spam, anti-virus, anti-spoofing, anti-phishing, anti-spyware, and Denial of Service protection. Yesterday Barracuda Networks Inc., announced new features that extend the Barracuda Spam & Virus Firewall’s capabilities. The enhancements ensure that confidential or sensitive information is not distributed outside the organization.

“It is crucial for organizations, especially within highly regulated industries, to have the ability to protect intellectual property and other sensitive information from being distributed,” says Stephen Pao, vice president of product management for Barracuda Networks. “The new Barracuda Spam & Virus Firewall extends our powerful content scanning features and makes it easier for customers to manage both inbound and outbound email filtering from the same appliance.”

How it works: the new Barracuda Spam & Virus Firewall allows administrators to define policies to prevent confidential or sensitive information from leaving the organization. For example, hospitals and other healthcare organizations that must comply with HIPAA policies that mandate the confidentiality of sensitive patient information, such as social security or credit card numbers, as well as personal health information, can now apply pre-defined dictionaries to outbound email scanning to ensure compliance. In addition, administrators can set up separate rules for inbound and outbound filtering, and review the outbound email quarantine for any policy violations before delivery.

The company also announced administration enhancements that include increased granularity of its roles-based administration interface, enabling assignment of sender and recipient policies on a per-domain basis. The product is used by small organizations, as well as large organizations with as many as 200,000 employees. The enhancement is especially targeted to these larger organizations that need to delegate administration across different divisions and for service providers offering granular policy controls directly to their end customers.

The Barracuda Spam & Virus Firewall firmware release 4.1 is available now.

Could Social Networking at Work Leave SMBs Playing Russian Roulette with the Law?

Stephanie Jordan — Thu, 01 Jul 2010 04:26:35 +0000

Research by IDC published in January this year found that 57 percent of U.S. workers use social media for business purposes at least once per week. As social networking and collaboration tools that started out in the home become increasingly absorbed into the workplace it appears that the business environment is inexorably changing forever.

As ever, major change in business culture brings new risks. Social networking at work presents unseen challenges for both individuals and companies. This month Purdy FitzGerald Solicitors, a prominent law firm, was among the first to sound a warning. They note that the more business embraces social networking techniques to spread their messages and build their brands the more the dividing lines between personal and company data are becoming blurred. For firms there is a real danger this could lead to ownership issues being contested in the courts.

At SpamTitan we believe that Internet filtering software such as our own WebTitan product can help. In Q1 of this year we conducted our own audit of 200 SMBs worldwide to find out attitudes to filtering. In almost every case Internet access and some social networking applications were permitted in the workplace. But while 76.4 percent said Web filtering was important around half (49 percent) of all respondents admitted not using one. At least 50 percent of those without filtering said they were taking positive steps to secure themselves against the possibility of either attack or employee misunderstanding in respect of social networking applications. A further 16 percent who had not yet done anything were intending to do something about it in the next 12 months. This still leaves a significant proportion doing nothing at all.

To date legal cases involving disputes between employees and employers over who owns that data have tended to favor the employer. In a recent UK case a recruitment consultant moved confidential contact information to his LinkedIn account. The court reported that the consultant had planned to set up his own company in direct competition using the contact database concerned. He had thought that once the contacts had been invited to connect to him and they had accepted on LinkedIn, their contact information ceased to be confidential because it had been seen by all his other contacts. This decision was one of the first to highlight the tension between businesses encouraging employees to use social networking websites for work but then claiming that the contacts and content remain confidential information at the end of their employment. It is a sign of things to come.

As social data is shared between increasing numbers of sites the question of ownership becomes almost impossible to track. A piece of information may pass through various social networking sites becoming retouched as it does so. At what point are the rights to that data transferred? The issue is a moot point with important implications for business as it appears technology is once again outpacing the legal system.

Developments taking place in the U.S. and the EU could soon provide a greater legal imperative for companies adopt formal social media policies or risk playing Russian roulette with the law.

One such initiative is 2015.eu which calls for a charter of individuals’ Internet rights and aims to entitle Internet users to demand their information is removed from company systems even if it was collected with their consent. Elsewhere the Federal Trade Commission (FTC) recently warned that even positive statements by employees in social media postings may constitute endorsements or testimonials and create liability for companies. With so much information being posted online and shared the boundaries will continue to become increasingly blurred.

Companies need to introduce policies and procedures and deploy technology to help them manage every employee’s Internet usage at the individual level. We are in a new era and it is incumbent on every company to include a corporate social media policy alongside their social networking strategy. Without such clear social media policies many employees will be unaware of their rights and employers risk being drawn into costly legal wrangles with their employees over data ownership disputes.

About Ronan Kavanagh
Ronan Kavanagh is responsible for Global Sales and Marketing for the SpamTitan suite of products. Educated in NUI Galway, Ireland, he joined Copperfasten Technologies in June 2004. Prior to joining Copperfasten Ronan worked with Eurokom, an Internet Security Services provider, delivering a wide range of solutions to both Government and large blue chip companies in Ireland.

Why Pinboard.in Is My Favorite Bookmarking Service

Ben Gross — Fri, 25 Jun 2010 19:06:45 +0000

Pinboard is a bookmarking service that allows you to easily save, tag, annotate and optionally share and archive bookmarks independent of your browser. Pinboard has many of the social features offered Yahoo’s Delicious service, but describes itself as “antisocial bookmarking,” which highlights its capabilities as a private and personal archiving tool. I find Pinboard a simple, fast, and reliable way for me to save bookmarks and archive web pages for future reference. I have been happily using the service for nearly five months and recommend it highly.

Pinboard has become a part of my everyday online reading. I use it to archive bookmarks as well as the full text for any article that I find interesting and articles I plan to read later. I primarily use Pinboard as a personal archive and not for publicly sharing bookmarks and I prefer it to Yahoo’s Delicious bookmarking service for this purpose, although it has fewer options for sharing and tag management. For example, it does not support the Delicious style of aggregating multiple tags in tag bundles or the ability to share a bookmark with a specific user.

To start using the service, simply drag one of the Pinboard bookmarklets into your browser bookmark bar. The first style of bookmarket can either open a new page or a popup window allows you to edit the URL, title, description, tags, and optionally mark the bookmark as private or “to read”. I use the send style of bookmarklet that Pinboard calls “read later.” This bookmarklet saves the page, automatically marks it as read later, and returns you to the place on the page where you left off without opening a new window or a popup. The “to read” status allows you to quickly build up a reading list without interrupting your workflow.

You can aggregate links posted to multiple services by configuring Pinboard to watch for links in your Twitter posts, Twitter favorites, or pages saved to Instapaper, Read It Later, Delicious, and Google Reader. You can easily save links from a BlackBerry or iPhone using a private email address from Pinboard. I find the ability to centralize my bookmarks from multiple services very convenient. Pinboard automatically expands any shortened links and stores the original URL. Full text search on Pinboard include the title, description, tags, and notes, but not the text contained in the pages themselves. Pinboard also allows you to narrow the results of queries with public vs. private status, starred status, and the source e.g. Twitter.

Pinboard offers a single paid add-on, that will snapshot archive the entire page, HTML, CSS, and images for each bookmark you save. You can then view the snapshot of the page even if the original disappears. The cost for this is $25 a year minus your sign-up price. Pinboard recently introduced a feature where all users can download an offline copy of the last 25 URLs saved. The developer says that he plans to eventually allow users to download their entire archive.

Pinboard offers multiple ways to import and export data including both importing and exporting bookmarks in a format compatible with Delicious. Pinboard offers both public and private RSS feeds of bookmark data including tag-based feeds. The Pinboard API is compatible with the Delicious API. This means that any application that uses the Delicious API should be able to easily support the Pinboard by changing the URL to the API endpoint. Unfortunately, most bookmarking applications do not allow end users to change the API endpoint and few directly support Pinboard. On the Mac, both Delibar and Pukka desktop applications support Pinboard. None of the iPhone applications I tested allowed me to use Pinboard instead of Delicious. The best solution for mobile devices is to use the Mobile web version of Pinboard

Overall, Pinboard is an excellent option for storing and archiving bookmarks and I recommend it highly. The service is not free. Currently the price to join is $6.38 and the cost increases by a fraction of a cent for each new user. I like this pricing model as it is inexpensive and allows the developer to support the service without ads and without taking external funding. This leaves the service with a smaller, but more active user-base, and more importantly almost no spam. Recent Pinboard releases have improved bulk editing capabilities, but it is not currently possible to add or remove tags on a set of items returned from a search of your own bookmarks. Hopefully, the developers will eventually add this feature as it would make it possible to quickly and easily organize large numbers of uncategorized bookmarks.

If the idea of social bookmarking seems foreign or the benefits do not seem clear, I highly recommend taking three minutes to watch the short and entertaining animated video Social Bookmarking in Plain English by Common Craft. What is Antisocial Bookmarking? is a nice post on the Pinboard blog by, Maciej Ceglowski, the founder of Pinboard describing the impetus for creating the service.