Security is the big concern this week on the GRC front with Big Blue closing the BigFix deal that offers them better enterprise and database security, while Adobe also looks to the security of Adobe Reader with a new sandbox solution. Meanwhile, SAP and CA also get together this week for a combined GRC solution.
Adobe Reader Climbs Into New Sandbox
For those with probably justifiable concerns about using PDFs, Adobe (news, site) has just announced that it is to add an additional layer of protection against PDF attacks by using sandboxing technology that will isolate code from the rest of the computer.
As of the next release of Adobe Reader for Windows, Adobe will be adding a ‘Protected Mode’ which will be enabled by default and will also be included in Reader plug-ins for all major browsers.Adobe says that the new sandboxing feature will keep all PDF operations locked into a single area and prevent outside applications altering, installing or deleting files, accessing processes or making changes to the operating system.
While Reader will be able to communicate with the operating system applications running in the program, it will not be able to work outside of the sandbox so if malware gets into your computer through Reader, it will not be able to leave the sandbox. At the moment there are no plans to add this feature to the Macintosh version.
IBM Adds BigFix Security
According to the announcement, BigFix will become part of the IBM (news, site) Software Group and will provide software that will intelligently secure enterprises by managing and automating security and compliance updates on thousands of computers around the globe.
BigFix software is also critical to IBM's automation portfolio that controls the ever-expanding data center, including PCs and laptops, in addition to servers, software, storage and physical assets. With BigFix software, IBM customers can manage
- Security by design
- IT Compliance
- Energy and resource consumption
BigFix is the 11th security-related company acquired by IBM since 2006.
Iron Mountain Analyzes SaaS Risk
From PDFs, we move to SaaS as Iron Mountain (news, site) publishes its latest survey on SaaS security and protection strategies in the Softletter SaaS Escrow Report -- a study conducted by Softletter on behalf of Iron Mountain to investigate all aspects of software as it relates to SaaS.
The report covers everything from SaaS application usage, value and risk perceptions associated with SaaS application adoption to the forecasted use of SaaS applications, and the awareness and prevalence of SaaS escrow (intermediary) services. The report's key findings include:
- Companies are becoming increasingly comfortable with SaaS and Cloud computing as indicated by the fact that more than half (56%) of the respondents are using SaaS systems for mission-critical applications.
- However less than half of companies using SaaS for mission-critical applications are using SaaS intermediary services to protect their investments and their company's data and operations.
- 49% of providers offer escrow protection and another 21% are considering its adoption. Better than half of all providers over $1M in revenue offer escrow protection.
Softletter concludes that both SaaS application providers and subscribers need to take a closer look at their strategies regarding software escrow as the adoption of SaaS applications continues to grow.
CA and SAP Monitor IT Management
From risk management to governance, SAP and CA Technologies have announced that they have collaborated on offering an integrated GRC tools for CIOs, linking SAP's (news, site) enterprise software with CA‘s (news, site) monitoring software.
More precisely, they have linked CA’s IT management products with GRC software from SAP Business Objects portfolio to ensure IT compliance.
The result is a linked set of business processes and monitoring features that better integrate IT projects and activities with the GRC requirements facing many businesses. Benefits include:
- Automated and standardized GRC activities with pre-defined workflow and reporting.
- Protect business value through continuous monitoring of both IT and business controls
Initial product focus is on continuously monitoring security, IT project and portfolio management and assuring service performance
Iron Mountain to Cure Hospital Management
Also this week from Iron Mountain is the release of its Electronic Medical Record (EMR) Enablement Solution, which offers healthcare organizations a complete set of tools for digitizing patient records, archiving electronic files, protecting them from disaster and then destroying outdated records.
The new solution is a combination of services for document scanning, file archiving, data backup into one solution for hospitals and healthcare organizations converting hardcopy patient files into an (EMR) system. The new EMR solution includes:
- Image on Demand capabilities for the conversion and delivery of medical records
- Backfile scanning
- Secure cloud-based archiving and disaster-recovery capabilities
- Additional records management and secure shredding of paper records
If you want to find out more about this check out the website.
McAfee Won’t Take Risks
Finally this week McAfee (news, site) also released risk management software for IT security. This software combines real-time threat intelligence with global vulnerability scanning across applications, databases and networks, and correlates that with security countermeasures already in place, to help organizations assess their highest priority risks.
The McAfee Risk Management solution, consisting of McAfee Risk Advisor 2.5, McAfee Vulnerability Manager 7.0 and McAfee Vulnerability Manager for Databases, automatically pulls information together into a real-time risk analytics engine.
This enables enterprises to analyze risk posture across every meaningful sector of their IT environment including databases, web applications, systems and networks to know precisely what is needed to optimize their security posture.
All products are available now. For more information, please visit the McAfee risk and compliance Web page.