- UID
- 852313
- 在线时间
- 小时
- 注册时间
- 2013-1-25
- 最后登录
- 1970-1-1
- 主题
- 帖子
- 性别
- 保密
|
沙发
楼主 |
发表于 2014-12-22 23:38:08
|
只看该作者
Part II: Speed
Are You Sure You Want to Use Email?
Companies Rethink Policies About Deleting Messages in Wake of Sony Leaks
By DON CLARK, SHIRA OVIDE and ELIZABETH DWOSKIN | Dec. 19, 2014b
[Time 2]
Devastating leaks from Sony Corp. ’s computer systems have dramatized the risks of storing corporate email for extended periods. Some people in Silicon Valley wonder if it is time to rethink that practice.
Electronic mail, despite many attempts to replace it, remains a vital communications tool and an ad-hoc filing cabinet for employees at most companies. Retrieving important information and attachments by searching mail—which can be stored indefinitely—is simple and fast.
But as was highlighted in the Sony hack, this puts a single trove of both potentially embarrassing communication and critical company secrets within easy reach of cybercriminals. (Related Article: Obama Says Sony ’Made a Mistake’ Canceling Film)
Many long-established companies have for some time had email-deletion policies, but for a different reason: Complying with demands for stored communication in legal cases can be expensive.
These policies typically call for automatic deletion of emails after a set period, often after 90 or 120 days. But many companies—especially startups—have no retention policies.
Some experts view the startling success of attackers in breaching Sony’s defenses and distributing sensitive emails—an incident thatU.S. officials have linked to North Korea—as a powerful argument for prompt destruction of nonessential messages.
“My belief is the retention policy should be 30 days,” said Steve Blank, a veteran Silicon Valley entrepreneur and academic. “I think the Sony-North Korea thing just kind of reinforces the fact.”
There are signs that some companies are heeding such calls. Cloud Sherpas, an Atlanta-based firm that helps companies buy Gmail and other workplace technology from Google Inc. and others, said two customers have changed their email retention systems since the Sony hacking.
One of them, a big technology manufacturing firm on the West Coast, asked for a customized software process to purge email of specific users whenever the business deemed it necessary, said David Hoff, Cloud Sherpas’ chief technology officer. The other customer, a midsize manufacturer, added a Google function to automatically delete emails after a year, with a shared “safe” folder in which employees could stow emails that they needed to keep longer.
[346 words]
[Time 3]
Deleting messages isn’t necessarily an absolute defense against theft, since storage systems frequently retain traces of data that can be retrieved under some circumstances.
A Sony spokesman didn't respond to questions about the company’s data-retention policies or details about the breach.
Amid the uncertainty, some tech companies say they are reviewing their security precautions, in part because customers in government and other sectors are demanding to know their data will be safe.
“They have a lot more questions for us as we sell into those accounts,” said Douglas Murray, chief executive of Big Switch Networks Inc., a Silicon Valley startup that is using a security firm to evaluate its safeguards. “People are concerned.”
Executives at some startups say the very idea of regularly deleting emails is a foreign concept, and may be too drastic a solution.
“Destroying email that has become a repository for employees to go back and do research will be a significant culture change,” said Justin Somaini, chief technology officer at Box Inc., which offers online data storage and related services. “A better approach than deleting email is the application of healthy security practices on the content itself.”
Another familiar option is encrypting mails to make them unintelligible in the event they are stolen. Few companies encrypt all of their email, though, in part because many employees correspond with others outside their organizations who aren’t using the technology.
[231 words]
[Time 4]
Some startups, meanwhile, have been pushing alternatives to email that they believe improve collaboration. They include Slack Technologies Inc. and HipChat.
Matt Mullenweg, chief executive of the startup Automaticc, said it mainly leans on tools such as Slack and hardly uses email anymore. But those services also generate data that could tempt attackers.
“Search is one of the big features of these tools, so deleting old stuff would be counterproductive,” Mr. Mullenweg said, who said his company has no plans to start deleting emails.
Many startups also rely on services like Google’s Gmail, rather than storing and managing email on their own servers as established companies tend to do.
“We expect our email to stick around forever,” said Jonathan Gray, chief executive of the big data startup Cask, which uses Gmail. “I think most would be best served thinking that way.”
Mr. Gray said his company has strict policies around handling sensitive data from its enterprise customers, but had no internal policy governing how email data would be deleted.
John Schroeder, chief executive of big data startup MapR, said the company takes a similar stance. “We haven’t implemented a deletion policy of any kind,” he said, adding that the company has strict policies for handling customer data.
At the opposite extreme are companies like Intel Corp. , which grappled with email retention issues in a private antitrust suit by rival Advanced Micro Devices Inc. that was settled in 2009.
Some Intel employees failed to take the proper measures to stop relevant emails from being destroyed by the company’s auto-delete system.
Now the company automatically deletes emails after 90 days, unless employees individually take action to store them in folders, said Chuck Mulloy, an Intel spokesman.
These days, Silicon Valley companies seem more interested in reducing the risks with additional technology. Some entrepreneurs have advocated messaging systems, along the lines of the consumer service Snapchat, that are designed to delete messages soon after they are viewed.
Others believe that companies should develop technology that gives individuals or corporate owners of that data the ability to destroy it remotely if it falls into the wrong hands, though the feasibility of the approach remains unclear.
“The sender should have the right to delete the email,” said Muddu Sudhakar, chief executive of Caspida, a Silicon Valley security startup. “These systems need to evolve to support that capability.”
[396 words]
Source: Wall Street Journal
http://www.wsj.com/articles/are-you-sure-you-want-to-use-email-1419030075
Fears Spread of Sony-Style Hack
Damaging Revelations Prompt Executives to Review Security and Counsel on Email Etiquette
By RACHEL FEINTZEIG, CLINT BOULTON and JOANN S. LUBLIN | Dec. 17, 2014
[Time 5]
Damaging revelations emerging from the computer assault on Sony Corp. are playing like a horror movie in America’s executive suites, prompting companies to review security measures and reconsider what is said in an email.
Corporations long have dealt with hackers who went after their trade secrets and customers’ financial data. But the attack on film studio Sony Pictures Entertainment Inc. that on Wednesday led it to cancel a film debut took the possible consequences to a new level by leaking financial data, secret details about coming films, complaints about business partners and racially insensitive comments about President Barack Obama .
The scale is causing executives who thought they had computer security under control to sit up and take notice.
“Sony is Snowden, right?” said Bruce Schneier, chief technology officer of cybersecurity firm Co3 Systems Inc., referring to the former National Security Agency contractor who exposed reams of embarrassing information about America’s electronic spying efforts. “It’s someone getting in and getting everything.”
Larry Pimentel, chief executive of Azamara Club Cruises, a luxury cruise line owned by Royal Caribbean Cruises Ltd. , said he is more likely to pick up the phone or walk down the hall to meet in person after hearing about the Sony breach.
“I was always thinking about hacking in terms of financial stuff,” he said. But the Sony incident made him realize that his relationships and social interactions could be invaded too, creating a new kind of discomfort and embarrassment.
Soon after learning of the studio breach, he reached out to Royal Caribbean’s information chief to learn more about the company’s cybersecurity profile, including details on passwords and filters and access controls. He was satisfied with the answers and took the executive’s advice to keep employees up-to-date on security protocols and concerns. At a quarterly meeting with his top executives on Tuesday, he urged they take a lighter approach to email.
“Say the facts, but be more gentle,” he said he told them.
[329 words]
[Time 6]
Faisal Husain, CEO of technology firm Synechron Inc., says he has always been careful about communicating over email. But after news of the Sony breach began emerging, he brought up the topic on a weekly management call with his executive team. He urged the group, the company’s top 50 employees, to use the phone or schedule in-person meetings if they need to address a conflict between employees, tackle a tricky client situation or “speak very openly.”
The attack on Sony came at the end of a year marked by a succession of data thefts at retailers. A long running intrusion at Target Corp. last year exposed around 40 million credit and debit cards. A similar attack at Home Depot Inc. this summer compromised 56 million cards. Shoppers have become inured to the breaches, which also hit luxury retailer Neiman Marcus Group, crafts chain Michaels Cos . and grocer Supervalu Inc.
The breach at Target helped topple the company’s CEO and served as a wake-up call for many companies. Still, the attack on Sony appears more serious because sensitive, private information was made public to discredit and damage the company and its executives, Mr. Schneier said.
Stuart Kippelman, information chief at Covanta Energy Corp., said until the Sony incident, he had never been in a security meeting and raised the question: Who is out to cause us harm?
“Whereas CIOs have traditionally thought generically about security, going forward they will have to assess who their enemies are,” he said. “I think this changes the way every company should think about security.”
U.S. officials have concluded North Korea is behind the attack on Sony, people familiar with the investigation said on Wednesday. North Korea, which called the Sony comedy portraying the assassination of leader Kim Jong Un an “act of war,” has denied any connection.
The bad news, said Charles Elson , a board member at HealthSouth Corp. and Bob Evans Farms Inc., is there is little companies can do to stop sophisticated, government-backed motivated attackers.
[335 words]
[End up]
The weakest links in any corporation are the employees, said Tim Arthur, chief information officer of Alltech Inc., an animal health and nutrition science company based in Kentucky. That won’t change regardless of how many policies and procedures are put in place. He wonders whether executives and other employees might start going “anti-digital,” reverting to conducting more conversations via the phone than email.
Bonnie Hill, a director of Yum Brands Inc. and California Water Service Group , echoed that point, saying the attack on Sony got everyone’s attention and is a reminder “that you don’t use your email for general, chatty conversations.’’ She said she expects boards to start asking more questions about what kind of information is being kept and how safe it is.
“A sufficiently skilled, motivated and funded attacker will get in, period,” Co3’s Mr. Schneier said. Companies must continually improve security with layers of defense that include intrusion prevention, detection and incident response, he said.
“This is going to take years to unwrap,” Mr. Schneier added. “Now every company is thinking, ‘What would it be like if everything in our company was made public?’ ”
[191words]
Source: Wall Street Jounal
http://www.wsj.com/articles/fears-spread-of-sony-style-hack-1418863212?KEYWORDS=email
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
|