- WellPoint's missing data shows up
- W3C sets XML standards
- Feds crawl toward encryption
- Wells Fargo leaks personal data
- Chevron springs data leak
- Author to talk tech trash
- Study: Most execs sleep their way to the top
- Ellison pans open source databases
- MySQL marks 10 years; future IPO likely
- Kirix Data Base App Debuts
March 15, 2007 | Comments: (0)
WellPoint's missing data shows up
Executives at WellPoint -- the nation's largest managed health care services provider -- are breathing a lot better today, and not just because they're keeping an eye on their diet and maintaining an optimal level of physical fitness.
Last week, the Indianapolis-based firm began the process of informing some 75,000 of its customers that it had lost a CD that carried unencrypted data including their health records and other personal data, however, the company claims it has now found the missing information.
In a statement released late Wednesday, the firm's New York-based Empire Blue Cross Blue Shield insurance unit said that the missing CD, which had been shipped to business partner Magellan Behavioral Health Services via UPS, by Health Data Management Solutions (HDMS), a third party vendor to Magellan, was discovered.
The company offered few details of the recovery other than to say that the CD had merely been misplaced in transit. Something tells me that WellPoint might swap overnight companies from Big Brown to FedEx, or fire some of its mailroom employees.
The incident highlights the challenges faced by corporations in meeting the increasingly strict terms of emerging data exposure reporting laws. As part of the statement on the misplaced -- and more importantly unencrypted -- CD the company couldn't help but give itself a little pat on the back saying that it "accelerated member notification as our members' security and trust are our highest priority."
Kudos to the firm for not actually losing the information, but it could have easily avoided the entire situation by somehow protecting the data. However, Empire Blue Cross said that it did have policies in place to prevent such incidents.
"The information was not transferred in accordance to our contractual terms with Magellan, who did not require HDMS to encrypt or password protect the data," the company said. "We are addressing these issues and we have made it clear to both HDMS and Magellan that their security practices with respect to the data transfer were unacceptable."
Magellan will now only transmit personal health information electronically over a secure network, eliminating CDs and the use of a delivery service, WellPoint said.
I'm betting that the employee who failed to follow said rules is somewhere considering their job options right now.
Posted by Matt Hines on March 15, 2007 05:39 PM
January 26, 2007 | Comments: (0)
The World Wide Web Consortium (W3C) this week announced it has published eight standards in its XML family to support the ability to query and transform XML data and documents.
Primary specifications include XQuery 1.0: An XML query language; Extensible Stylesheet Language Transformations (XSLT) 2.0 and XML Path Language (XPath) 2.0.
The new standards will play a role in enterprise computing by connecting databases with the Web, W3C said. XQuery provides for data mining while XSLT 2.0 boosts functionality in XSLT, which enables transformation and styled presentation of XML documents. These two specifications are dependent on XPath 2.0.
XPath 2.0 is an expression language allowing processing of values conformining to the data model defined in XQuery/XPath Data Model (XDM). The model provides a tree representation of XML documents and atomic values such as integers and strings. Version 2.0 supports a richer set of data types than the 1.0 version.
"XQuery will serve as a unifying interface for access to XML data, much as SQL has done for relational data," said Don Chamberlin of IBM Almaden Research Center, co-inventor of the original SQL query language and a co-editor of XQuery 1.0, in a statement released by W3C.
In addition to the primary specifications published this week, others include:
* XML Syntax for XQuery 1.0 (XQueryX).
* XDM.
* XQuery 1.0 and XPath 2.0 Functions and Operators.
* XQuery 1.0 and XPath 2.0 Formal Semantics.
* XSLT 2.0 and XQuery 1.0 Serialization.
Posted by Paul Krill on January 26, 2007 09:41 AM
December 28, 2006 | Comments: (0)
Often it takes a high-profile disaster to get the wheels of government moving toward preventing a repeat.
Such appears to be the case with this year's infamous data-leak episode of millions of U.S. veterans' private information last May, which prompted the White House to issue a presidential mandate [PDF] requiring all agency mobile laptops and devices storing sensitive data to have fully encrypted hard drives.
Slowly but surely, the encryption-project ball is rolling, notes the Web site Full Disk Encryption: The government has posted RFPs (request for proposals), giving vendors a chance to line up and make their case for their respective encryption wares. "As with any other encryption product being used by Federal Government, the selected FDE product must have FIP 140-2 certification." (You can read the rest of the technical requirements here [Doc].)
Interested companies include Seagate, Mobile Armor, Pointsec, SafeNet, and Credant. According to Full Disk Encryption; the evaluation is expected to end in 90 days.
It will be interesting to see how much this encryption ends up costing, as well as just how effective it turns out to be. Hopefully it will help the Feds fare better than a D+ the next time its data security competence is assessed.
Meanwhile, perhaps more companies will follow the governments lead, given the rash of data leaks we've seen at corporations like Chevron, Boeing, Wells Fargo, Starbucks, and others over the past couple of years. If they're not sure where to start, they could check out InfoWorld's encryption special report from earlier this year.
Posted by Ted Samson on December 28, 2006 03:06 PM
September 06, 2006 | Comments: (0)
Wells Fargo leaks personal data
Wells Fargo has joined the unfortunate ranks of Chevron, AT&T, Williams-Sonoma, and the U.S. Department of Veteran Affairs, in suffering a recent leak of private data.
In this case, the financial insitution lost personal information about an unspecified number of its employees, according to reports. The company informed workers of the breach on Aug. 28.
The data was on a disk drive and/or a laptop, both of which were swiped from the trunk of a car. Whether they know it or not, the perpatrators got away with names, Social Security numbers, and presciption information.
There's a common thread in all these data-leak cases, one that I've alluded to previously: The data was being handled by third-party companies. Frustratingly, most of these companies won't disclose the name of their data-fumbling partners, which means they don't have to suffer embarrassing publicity and make promises to step up their security measures. Heaven forbid.
Third-party follies aside, maybe organizations aren't taking the problem seriously because courts have already set a precedent that relieves them of negligence if they lose customer data. Last March, U.S. District Judge David Doty in Minnesota ruled that Wells Fargo was not responsible for losing customers' personal data because said data was never misused by miscreants. The judge's general reasoning was, the people suing the company hadn't suffered any actual damages; they were just worried about future damages.
So there you have it. Companies have the luxury of saving money by being lax on security. If they spill your SSN, your address, your phone number, your health records -- info that could be used for identity theft or a targetted phishing scam -- they don't have to fret. That is, unless the data is abused in the aforementioned manner, in which case I expect the victims would then have to demonstrate that the perpatrators were using the data they'd harvested from said company.
It's a fascinating legal precedent, isn't it? Why are there strict government regulations and guidelines in HIPAA that protect patients' medical records, for example, but nothing to better ensure protection of customer data, which could be used just as maliciously?
Granted, I'd rather that companies and organizations take it upon themselves to enact better security measures, such as implementing encryption technology. But for the time being, there's no tangible ROI in that, I guess. It's cheaper to just e-mail out an apology and give victimized customers and employees a year of free credit monitoring.
Posted by Ted Samson on September 6, 2006 10:13 AM
August 16, 2006 | Comments: (0)
Chevron has a messy spill to clean up, but it's not an oil spill; it's a data leak.
The oil behemoth circulated an e-mail to its U.S. employees last Monday, cautioning them that a laptop "was stolen from an employee of an independent public accounting firm who was auditing our employee savings, health and disability plans," according to today's San Francisco Chronicle.
The laptop was swiped on Monday, Aug. 7, according to the report, and contained data such as Social Security numbers and other private data of potentially thousands of employees. The name of the public accounting firm was not disclosed.
According to the report, the e-mail, sent to "U.S. Payroll Employees" by Peter Robertson, Chevron's vice chairman, offered assurances to workers that "we believe it is unlikely that any Chevron benefit plans will be impacted by this theft with the security measures we have in place for those plans."
Nonetheless, the e-mail continues, "in order to mitigate any identity theft issues related to this event, we are offering a comprehensive set of services paid for by Chevron to affected plan participants."
Reports of data leaks are becoming regrettably common these days. In recent months, for example, government agencies such as the U.S. Department of Veteran Affairs have reported thefts of personal data. The VA announced earlier this week plans to invest $3.7 million in encryption technology in an effort to prevent future data leaks.
Posted by Ted Samson on August 16, 2006 09:53 AM
August 08, 2006 | Comments: (0)
At times, I have upwards of 20 empty drinking receptacles on my desk here at InfoWorld. It's not that I anticipate my empty Glaceau Vitamin Water (i.e. Kool-Aid for adults) bottles will suddenly appreciate in value. I'm a recycling proponent -- albeit a well-hydrated one with a propensity to procrastinate.
So what happens when a similarly environmentally-minded CTO, for example, faces the task of getting rid of a load of PCs and monitors? For the sake of both the environment and security, he or she might want to recycle them. And in order to learn just how and why to do that, might be interested in a talk to be given on Aug. 15 by author Elizabeth Grossman, who will be speaking in San Francisco about her latest book, "High Tech Trash: Digital Devices, Hidden Toxics, and Human Health."
Grossman argues that "e-waste" warrants some serious attention, citing on her Web site facts about its environmental and health impacts. Tons of lectronics such as monitors, PCs, and semi-conductors, are being improperly dumped or melted down, she says, which can release dangerous materials such as lead, mercury, and copper. Plus, it's pretty wasteful; the systems that are too slow to do the 3D rendering your organization needs may be a perfect fit for the local public school or community center.
One of the answers to the problem of the ever-growing piles of junked computers and LCDs, she says, is recycling programs, and she cites several places you might go to help you with that task. Among them is the eBay-hosted ReThink Program, where you can find an extensive list of electronics recyclers.
When choosing a recycler, she recommends, be sure to ask about how equipment is tracked and where it will be sent. "What you want ensure is that your equipment won't be exported to parts of the world where unsafe, environmentally unsound recycling or dumping takes place — or anywhere else that you're not comfortable with," she writes.
For the sake of security, Grossman advises that you be sure to ask about how the recycler or reuse organization "handles data destruction: Can the recycler or reuse organization wipe the hard drive for you and provide documentation that they have done so?" Of course, you also can do that data-scrub in-house, for better peace of mind.
For more guidance to disposing of your old electronic gear, consider checking out this article from CIO.
If you live in the Bay Area, you can see her live at 7:00 p.m. Pacific at Book Passage, located at 1 Ferry Plaza, #46, in San Francisco. Otherwise, C-SPAN will be recording the talk and running it several times in coming weeks. (Check your local listings, or the C-SPAN Web site, for details.)
Posted by Ted Samson on August 8, 2006 04:56 PM
November 01, 2005 | Comments: (0)
Study: Most execs sleep their way to the top
Results released this week from an online poll by a data visualization software company reveals that 71 percent of business executives surveyed have fallen asleep or felt sleepy during dull presentations.
The survey of 382 business managers was conducted by San Diego-based Infommersion. In addition to the 71 percent who admitted to dozing off, another 43 percent have caught other people napping during presentations.
The most difficult types of presentations to stay awake through were individual speeches, followed by training sessions, and then general meetings, according to the Infommersion poll. Interestingly, Webcasts were said to be the easiest type of conference to stay alert though with only 11 percent of respondents saying they were difficult to sit through, the company reported.
Survey participants said that the most important elements for a successful presentation were an 'animated and enthusiastic' speaker (at 51 percent), followed by an 'interesting and interactive' presentation (at 36 percent of the votes). It helped if the presenter was 'good looking,' 3 percent of respondents said.
Infommersion makes a Windows application that converts data from databases, Web services, and Excel spreadsheets into visual and interactive dashboards, scorecard, charts, and graphs.
The survey may be a gimmicky way to get a little media attention but at least those executives who have dozed off during presentations now know they aren't alone.
Posted by Cathleen Moore on November 1, 2005 03:17 PM
September 21, 2005 | Comments: (0)
Ellison pans open source databases
MySQL and PostgreSQL database adherents may beg to differ, but Oracle CEO Larry Ellison is not sold on the enterprise-readiness of open source databases.
Asked for his take on open source rivals to his own commercial database platform at the Oracle OpenWorld conference in San Francisco on Wednesday, Ellison was quick to pan them.
"As of right now, the open source databases do not have a lot of industrial-strength support. We'll see how it all plays out," Ellison said. Open source databases have limited uses such as for Internet caching, according to Oracle's brash CEO.
While the open source Linux operating platform has benifitted from investments from companies such as IBM and Novell, open source databases have not had this kind of support, Ellison contended.
"One of the myths around open source is open source is built by a bunch of guys who work at Radio Shack and when they go home at night, they log onto the Internet and write code," Ellison said. But this has not been the case with Linux, he said.
Ellison also commented on software pricing formats, saying he preferred prices based on the volume of revenue per employee at a user site as opposed to per-processor or multicore pricing formats.
"I think that licensing model works better for most people than what we currently have," Ellison said.
Posted by Paul Krill on September 21, 2005 03:57 PM
April 20, 2005 | Comments: (0)
MySQL marks 10 years; future IPO likely
MySQL celebrated its 10th anniversary this week, and a co-founder acknowledged that taking the company public is likely at some juncture.
Co-founder David Axmark, interviewed at the MySQL Users Conference 2005 in Santa Clara Wednesday, said the company does have venture capitalist investors who would like to exit at some point, thus making an initial public offering likely. But no decision has been finalized and no timeframe set. "That's up to our investors to decide," Axmark said.
Reflecting on the evolution of MySQL, which began in Scandinavia in 1995, Axmark said the company's database was offered under a partial open source license in 1996 and a full, GPL-based license in 2000. Asked why the company initially opted for an open source strategy, Axmark said, "Why not?"
"We had nothing to lose. We had a couple of customers we would have had anyway," Axmark said. He added that those involved in the venture already were using open source technologies such as Linux and emacs.
Now, the company boasts 50,000 downloads of its software per day and revenues of $20 million last year, with revenues doubling every year. But Axmark does not see open source software generating the kind of billion-dollar earnings sheets that proprietary commercial companies have seen. "The customer gets to keep the biggest part of the pie," through cost savings, Axmark said.
Open source will dominate software commodities but not specialized systems such as complex ERP applications, Axmark said. Such a system has a small number of users and a great deal of code, making it less conducive to open source, he said.
Axmark is an outspoken opponent of software patents, even applying "No Patents" stickers to his laptop. It is just too hard to determine whether something being done in software already exists, he said.
Also at the show, Marten Mickos, MySQL CEO touted open source, MySQL showed off some new clustering technology, and Red Hat's Michael Tiemann spoke out against software patents and Microsoft.
-- By Paul Krill, reporting from the MySQL Users Conference 2005 event.
Posted by Tom Sullivan on April 20, 2005 02:27 PM
February 17, 2005 | Comments: (0)
One of the more interesting products making its debut at this week's LinuxWorld in Boston was a data base application from Kirix Corp. that helps users to better manipulate data in a graphical environment create queries and generate reports.
Called Strata the product, which can be used with both Linux and Windows, combines some of the capabilities of a spreadsheet with those of a data base management system. Users are able to create a variety of calculations across an entire dataset and then combine that with data from other data sets interactively, thereby carrying out instant aggregate calculations on large groups of related data base records.
The product is capable of importing and exporting data back and forth from Microsoft's Access, FoxPro and xBase and text delimited files as well as ODBC, IBM's DB2, Oracle, MySQL and Microsoft's SQL Server. It also provides Unicode support.
"The idea is to have a dialogue with your data. You can make changes to the logic of your formulas and then be able to see the results immediately without having to run a long query," said Aaron Williams, the Chief Scientist at Kirix. "With this sort of quick feedback you can respond fast to what the data is telling you," he added.
The folks running IDG's LinuxWorld Conference and Expo this week also liked what they saw of the new product, giving it their Product Excellence Award in the Best Desktop-Productivity-Business Application category.
The product costs $125 per year for a subscription license or $425 for a perpetual license, plus $45 a year annual maintenance fee to pay for updates.
Posted by Ed Scannell on February 17, 2005 01:54 PM
December 20, 2004 | Comments: (0)
"I, BI, take thee EII…"
This morning Cognos and Composite Software unveiled an arranged marriage of the former's business intelligence reporting tool with the latter's enterprise information integration software.
The dynamic duo will form the basis of what several people called next-generation reporting. Executives from Composite, meanwhile, said that next generation reporting is the killer app for EII.
In speaking with analysts about this newfound dynamic duo, it seems that next-generation reporting maybe the app that kills EII -- not as a technology, but as a market with standalone products.
Ted Friedman, a principal analyst at Gartner said that the industry will see more relationships like this one.
But, in time, EII is likely to become a piece of the bigger picture, as opposed to best-of-breed tools.
"I'd be surprised if EII is a standalone market over time," Friedman said.
Posted by Tom Sullivan on December 20, 2004 07:51 AM
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Solution for Open Virtualization Provides Server Consolidation
- Help Simplify Virtualization
- A Guide to Rich Internet Application (RIA) Security
