This week, there were a couple of acquisitions including the closure of the deal by Symantec to buy Nukona, which provides mobile data security, and IBM’s announcement that it will buy Varicent, which should help with compliance. Kroll released its biannual survey on health data compliance, while LockPath upgrades Keylight.

Symantec Closes Nukona Deal

Symantec was clearly eager to get its hands on Nukona, which provides solutions for protecting data on mobiles. The deal to buy the company was only announced in the middle of March, and already, just yesterday, it announced that the deal is closed and that it will start pulling Nukona products into its portfolio.

The acquisition of Nukona extends Symantec's enterprise mobility portfolio to include a cross-platform mobile application protection solution enabling organizations to protect and isolate corporate data and applications across both corporate owned and personally owned devices.

Nukona complements Symantec's earlier acquisition of Odyssey Software, which provides mobile device management (MDM) to enterprises.

By offering both MDM and MAM across multiple platforms, Symantec is offering enterprises a way of dealing with the growing problem of employees using their own device for work and, as a result, dumping unsecured data onto those devices.

Nukona offers enterprises a way to distribute, secure and control applications and data without requiring them to manage the complete devices. With Nukona's ability to natively protect and control iOS, Android and HTML5 apps, Symantec will address the core problem of corporate and personal data separation without limiting the end-user experience or application adoption.

IBM Buys Varicent

Also in the acquisition space this week was the acquisition of Varicent by IBM. Not strictly within the GRC space, it does, however, have implications for enterprises concerned about compliance.

Varicent provides software that offers automation, analysis and compliance for data from sales, HR and IT departments using a unified management system.

The acquisition accelerates IBM's Smarter Analytics capabilities across line of business operations in all industries, and will be combined with IBM's existing software offerings that are delivered to clients through on-premises or cloud computing models.

IBM will combine Varicent with its R&D and prior acquisitions, including Algorithmics, Clarity Systems, OpenPages, Cognos and SPSS, to expand IBM capabilities in business analytics and optimization across finance, sales and customer service operations. These acquisitions are part of IBM's larger focus on analytics, which spans hardware, software, services and research.

The acquisition continues IBM's drive to offer analytics to front-line staff, especially in the area of sales where many organizations still rely on silos of data and antiquated spreadsheets.

Compliance issues around this are obvious, but IBM aims to deal with this by offering analytics to view, monitor and track information, as well as derive meaning from the data in repositories.

Healthcare Data Security

A new report on technology, security and healthcare suggests that an increased focus on compliance since the HIPAA act 16 years ago has not resulted in increased security.

The 2012 HIMSS Analytics Report: Security of Patient Data, the third installment of Kroll's bi-annual survey of healthcare providers in the US, shows a steady rise in data breaches over the last six years, despite increasingly stringent regulatory activity surrounding reporting and auditing procedures and heightened levels of compliance.

In the 2012 report, respondents indicated that they were more prepared than ever to confront the data security risks, giving themselves a 6.40 rating on a scale of one to seven (with with 1 being "not at all prepared" and seven being "extremely prepared"), as compared with 6.06 in 2010 and 5.88 in 2008.

In addition, 96% of respondents reported conducting a formal risk analysis at their organization in the past 12 months.

Yet the fact that 27% of respondents reported a security breach during that same time period (up from 19% in 2010 and 13% in 2008) -- of which 69% experienced more than one -- indicates that increased preparedness is not synonymous with increased security, the report says.

The 2012 report signals some of the most significant data security threats facing the healthcare industry today:

  • Human error remains the greatest threat to healthcare data security.
  • The mobility of patient data made possible by new technologies and the proliferation of mobile devices in the workplace is a leading factor in healthcare data breaches.
  • The industry's expectations of third party data security practices are not keeping pace with the increased outsourcing of patient data; third party breaches are on the rise.

There is a whole bunch of things that needs to be considered in this report, which is extensive to say the least. Anyone working in security, compliance and healthcare really needs to take a look at this. 

LockPath Upgrades Keylight

Finally this week, GRC vendor LockPath has announced the release of version 2.3 of the Keylight platform.

With Keylight 2.3, users can upload data files (.xls and .csv) and import them into DCF tables.

In addition, Threat Manager now displays vulnerability scan reports within a DCF table, allowing users to assign vulnerability tasks and track remediation items via workflow. Threat Manager now also dynamically pulls in the latest vulnerability results from the Qualys Detection API on a scheduled interval, providing differential imports, de-duplicating vulnerability data and significantly reducing import processing time and bandwidth requirements. Other enhancements in Keylight 2.3 include:

  • Reporting and Dashboards
  • Keylight Compliance Manager
  • Email Templates

The Keylight platform is composed of several reusable, integrated systems and processing engines that support feature-rich, scalable solutions to empower knowledge workers to make effective decisions in the context of a company’s regulatory framework.