Ferris Research Free News
Tuesday, April 08, 2008
  Apr 8, Daily Compliance & Messaging News
Ferris Research Home

Sign up for the Ferris News Service here

News on messaging, content control, compliance, e-discovery, data leak prevention
Daily Digest: April 8, 2008
Content Control, Compliance, Archiving, E-Discovery, & Data Leak Prevention

C2C and Titus Labs Integrate Classification for More Effective Archiving and Discovery
Partnership to Allow Smart Archiving and Discovery of Emails Based on Classifications

EMC Unveils New Solution Aimed at Dramatically Advancing IT and Security Operations
Integrated EMC Voyence Control and RSA enVision Solution Delivers Unique Capabilities for Compliance, Risk Management and Cost Control

HP Introduces Security Products to Maximize Data Protection and Minimize Risk for Businesses 

NextiraOne Mexico Standardizes New Managed Security Services on eIQnetworks' Security, Risk and Audit Management Platform
eIQ's SecureVue solution integrates enterprise security and compliance management to drive efficiency and reduce complexity

Messaging & Collaboration

New Commtouch Anti-Zombie Service Detects Internet Threats
New Web-based Stats Lab Tracks Global Zombie Activity, Identifies Zombie "Hot Spots"

FaceTime Secures and Controls 20,000 Facebook Widgets and 400 Web and Real-time Applications for Safe Use in Enterprise Networks
60% of IT managers surveyed are more concerned about social networks than email Analysts advise enterprises to avoid blocking social networking

Funambol and Smaato Provide Ad-funded Open Source Push Email Solution for the Mass Market
Mobile operators, service providers and portals can now generate revenue by providing push email for free to billions of mobile users

BNP Paribas Deploys PGP Encryption Solutions to Secure Email Communications
PGP Encryption Platform Protects Sensitive Data and Ensures Global Regulatory Compliance

Quest Software Launches Solution Set to Support Unified Communications
Quest a Platinum Sponsor at Microsoft INTERACT2008 Conference

Trend Micro Announces Innovations in Security For the VMware Platform That Make Virtual Environments More Secure Than Physical Environments
New technology securing virtualized environments to be demonstrated during the 2008 RSA Conference at the Moscone Center in San Francisco April 7-11

Abaca's Industry-Leading Anti-Spam Solution Now Available for Enterprise Customers
Abaca Email Protection Gateway EPG 3000 Ideal for Enterprises with as Many as 3,000 Users, Guarantees 99 Percent Accuracy in Email Filtering

Accellion Announces Eco-Friendly Digital Delivery
Good for the Bottom Line; Good for the Environment

PostPath Enhances PostPath Server Utilizing EMC CLARiiON to Deliver Efficient Mail and Collaboration Infrastructure
PostPath Server's High Performance File Store to Enable "Bottomless" Mail Boxes

"The New Sendmail" Announces Two New Message Processors: A VMware-based Virtual Appliance (MPV) and a Quantum Message Processor (MPQ)
High-Performance Message Security Solutions Showcased at RSA Conference

Mirapoint Software Reputation Hurdle Provides an Additional Layer of Defense to RazorGate Security Appliance
Reputation Hurdle Stops Illicit Threats at the Gate

Entrust Announces Launch of Entrust Authority 8.0
PKI solution offers single platform for enterprise X.509 standard, ePassport capabilities

Thru Expands Availability of Thru Secure Communication Network(TM) (SCN) to Mid-Market Firms and Large Enterprises
Insight Enterprises, Inc. To Resell The Thru SCN Brand Of Software-As-A-Service Worldwide

Blog Item(s)

Fortiva Technical Review
David Ferris recently wrote a bulletin about several interesting aspects of the Fortiva archiving solutions. I thought that our readers might be interested in a little more technical detail.

The architects of an archival and e-discovery product or service have to solve a number of difficult technical problems. These include, but are not limited to:

  1. Disaster tolerance
  2. Suitably fast accession (i.e., indexing)
  3. Suitably fast search
  4. Iron-clad security
  5. Assured destruction (at the end of a retention period)

The first three are, in general, solved much more economically by a shared service. This is because a shared service can more economically maintain storage across multiple data centers, and employ large grids of parallel computers to perform both accession and search (think Google). The fourth is more easily solved by an on-customer-premise product, while the fifth is a nightmare for both the architects of shared services and on-premise products.

Fortiva, as a well architected shared service, is able to economically offer disaster tolerance -- at least two copies of each archived record are maintained on RAID disk storage at a customer's primary Fortiva data center, while at least one other copy is maintained on RAID disk storage at another, remote, Fortiva data center. Their data centers are also equipped with sufficient shared processing power to operate suitably rapid accession and search. This is not what is unique to Fortiva; other archival and e-discovery services can take a similar approach. Whether they have done so to date is an open question.

What is unique to the Fortiva service is the vendor's approach to providing iron-clad security. Their solution is provided by an array of one or more on-customer-premise appliance/s that perform five tasks:

  1. An appliance extracts the search terms (words) in a record and individually encrypts them using a long-lived key. These encrypted words will be passed to the Fortiva accession service, which will employ them to index the record.
  2. It encrypts the entire record, again using a long-lived key before passing that record to the Fortiva service for storage.
  3. It employs Active Directory-based policies and Windows credentials to control access to the fourth task (see task 4 following).
  4. It constructs search queries using encrypted search terms (see task 1 above).
  5. It accesses and decrypts records referenced by a search query (see task 4 above) response.

Fortiva is not particularly forthcoming about how it encrypts search terms (tasks 1 and 4 above) - it's the company's secret sauce.

In addition to employing appliance-based encryption to ensure the privacy of customer data (both record and index), the Fortiva service also employs encryption to effect assured destruction. All records received by the Fortiva service, and we believe (Fortiva has not confirmed this) all full text indices maintained by the Fortiva service, are encrypted using a time-dependent (monthly) symmetric encryption key. If they are encrypted, then index blocks are decrypted using the same time-sensitive key in order to perform matching, as are records which are decrypted before being returned to an appliance.

At the end of a retention period, the time-sensitive keys employed to encrypt both record data and full text indices for that period are destroyed by the Fortiva service. This destruction must be total! Once a time-sensitive key is destroyed, any and all data encrypted with it can no longer be decrypted, and thus the data is assuredly destroyed. There is no need, given this approach, to physically scrub, or otherwise destroy, bits on physical media in order to achieve assured destruction! ... Nick Shelness



Upcoming Reports & Events

Determining the Right Retention Policies
Wednesday, April 9, 2008
8:30am Pacific, 11:30am Eastern, 4:30pm UK, 5:30pm CET. One hour.

Organizations vary considerably with regard to their policies on how long to retain electronic information before deleting it. In this webinar, Ferris analyst David Ferris and Richard Hoffman of AXS-One discuss laws and regulations that affect retention policy, internal corporate policies and other things to consider when determining retention policy, how to define a retention policy, the main retention policies in place today, and how retention policies are changing. The event concludes with a Q&A session.

To register for the webinar, click here. For more information, click here.

Electronic Discovery: Helping General Counsel Understand IT's Role
Wednesday, June 4, 2008
8:30am Pacific, 11:30am Eastern, 4:30pm UK, 5:30pm CET. One hour.

IT today plays an important role in the e-discovery process. In-house and external legal teams are often unclear on what IT's role should be. In this webinar, we discuss IT's role and how IT should educate its legal colleagues about its role. The event concludes with a Q&A session.

To register for the webinar, click here. For more information, click here.

Recent Research

Recent Reports Available for Purchase:

For more purchasable reports, visit our reports page.

Recent Ferris Webinars:

About Ferris Research

Ferris Research studies messaging, and the control of electronic information. More specifically, we help IT staff evaluate and implement products and services that:

  • Provide messaging and collaborative technologies
  • Archive electronic information
  • Ensure compliance with corporate policy, industry regulations, and laws
  • Facilitate e-discovery, and contain its costs
  • Reduce the dangers of information leaks

Email is the most important type of electronic information that requires control today. Other important types include instant messages, Sharepoint teamspaces, images, voice, video, and miscellaneous desktop files.

We've been in business since 1990--longer than any other analyst firm in our field:

  • Clients include 300 of the world's 1,000 largest organizations, and computer vendors from the largest corporations to small startups
  • While other analysts have come and gone, we've published more than 200 formal reports and 1,100 short bulletins
  • Our news service covers more than 2,000 highly specialized announcements annually
  • We have nine experts in our research team, sharing many decades of experience in our core competencies

In short, our technology and industry depth helps you understand today's products, where they've come from and where they're going.

Have news you want to share with us or product or interest area that you would like us to cover? Send press releases to releases@ferris.com.

Copyright © Ferris Research 2008.



Links to this post:

Create a Link

<< Home
Lets anyone with a professional interest in messaging and collaboration keep up with the news and key trends ... To sign up, go to www.ferris.com ... If you want a version that includes analysis of the news and puts everything in a single email, subscribe to our Analyzer Information Service ... Got some news you want to share with us? Send press releases and conference announcements relevant to messaging to releases@ferris.com ... Copyright © Ferris Research 2005-2006.

September 2005 / October 2005 / November 2005 / December 2005 / January 2006 / February 2006 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / August 2006 / September 2006 / October 2006 / November 2006 / December 2006 / January 2007 / February 2007 / March 2007 / April 2007 / May 2007 / June 2007 / July 2007 / August 2007 / September 2007 / October 2007 / November 2007 / December 2007 / January 2008 / February 2008 / March 2008 / April 2008 / May 2008 / June 2008 / July 2008 / August 2008 / September 2008 / October 2008 / November 2008 / December 2008 / January 2009 / February 2009 / March 2009 / April 2009 / May 2009 / June 2009 / July 2009 / August 2009 / September 2009 / October 2009 / November 2009 / December 2009 / January 2010 / February 2010 / March 2010 / April 2010 / March 2011 / March 2012 /

Powered by Blogger