woman reading a book under a tree

It's not really possible to ensure data anonymity and protect customers from being identified from even impersonal data, so the next best thing to anonymity is data security — and there has been a lot of talk about just that over the past couple of weeks. Take, for example, Box.

Since the very beginning, Box’s very raison d’etre was to store, manage and protect data even if in recent times the functionality that it has added is taking it closer to enterprise content management (ECM) and content services than anything else. To reassure users about the protections in place for data stored with Box, this week it announced the release of Box Shield, a set of new content security controls and intelligent threat detection capabilities to better protect enterprise workflows.

Although Box already has many different security capabilities offered with its services, Shield is built natively into Box and is designed to prevent accidental data leakage, detect potential access misuse and proactively identifies relevant threats.

There are many interesting features here, but the overall push to prevent accidental leakage of data will be a major addition for IT people who, while able to create defenses against cyberattacks and malicious data tampering, find it difficult to combat workers' carelessness with data.

Earlier this year, the Insider Data Breach survey published by Egress showed that:

  • 79% of IT leaders believe that employees have put company data at risk accidentally in the last 12 months. 61% believe they have done so maliciously.
  • 30% of IT leaders believe that data is being leaked to harm the organization, 28% believe that employees leak data for financial gain.
  • Asked to identify what they believe to be the leading causes of data breaches, close to 60% of IT managers said employee carelessness through rushing and making mistakes was the reason behind data leaks.

Box Shield prevents this through a system of manual or automated security classifications for files and folders, and classification-based access policies. In addition, Shield also enables users to detect abnormal and potentially malicious behavior from internal and external threats. Box Shield is in private beta and will become generally available in the fall of 2019.

Google, IBM, Intel, Microsoft, Red Hat Join Data Privacy Group

This is not all that’s happening with digital data privacy. While we have become used to almost monthly data privacy initiative announcements from the big tech companies, the creation of the Confidential Computing Consortium (CCC) by the Linux Foundation has all the signs of something that might actually be effective, if only by virtue of the numbers and weight of the companies that have signed up for it.

Already, and without having done anything at all, it has commitments for contributions from Alibaba Cloud, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent, all major players in the world of data security.

A statement from CCC describes itself as, “A project community at the Linux Foundation dedicated to defining and accelerating the adoption of confidential computing. It will embody open governance and open collaboration that has aided the success of similarly ambitious efforts.”

In sum, it aims to secure data in use as opposed to the current industry approach which is to secure data at rest (storage) and in transit. However, it points out that data in use is far more challenging as it requires companies to offer a full encrypted life cycle for that data. Confidential computing meets that challenged by enabling enterprises process encrypted data in memory without exposing it to the rest of the system.

Already, some of the promised contributions should pique the interest of enterprises using large amounts of sensitive data. Among the proposed offerings are:

  • Intel Software Guard Extensions (Intel® SGX) Software Development Kit designed to help application developers protect select code and data from disclosure or modification.
  • Microsoft Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications.
  • Red Hat Enarx, which provides a platform abstraction for Trusted Execution Environments (TEEs) enabling creating and running “private, fungible, serverless” applications.

There are all kinds of interesting possibilities here especially as this does appear to be truly global given the presence of Alibaba, Baidu and Tencent in the mix. The fact that it is being created under the umbrella of the Linux Foundation should ensure transparency for those actors inside and outside the industry that have concerns around the interface of geopolitics and technology.

Businesses Get Google Hangouts Reprieve

This week, Google’s G Suite users received some good news from the search giant in the shape of a reprieve for Google Hangouts — but only for G Suite users.

According to a company blog, Google will let G Suite customers continue to use Hangouts until next year despite having announced earlier this year that the shutdown of the service would start in the October. The statement says that Hangouts will remain functional until next June.

The reason for the delay, a blog post explained, was based on feedback from client companies saying they would “like more time to migrate [their] organizations from classic Hangouts to Hangouts Chat.”

The original idea was to start moving users over to Hangouts Chat, which will be a bit like Slack, and a new videoconferencing service called Meet.

With the rollout now postponed, Google says it will “continue to improve the transition experience of classic Hangouts group conversations, as well as add new chat features like read receipts. We’ll also provide advance notice once we have a more definitive date.”

Those that still what to go ahead with the transition to the new services can still request an invitation to the Accelerated Transition Program, which disables classic Hangouts and migrates all users to Hangouts Chat, while providing early access to new Chat features.

The delay is probably a good thing for enterprises that are not quite ready to move yet and the extra time can be used to plan migrations. However, it is not very clear what exactly is going to happen as no definitive date has been set for the wind down. This does not mean, though, that you should not prepare — Hangouts will be wound down and its best to be ready. For now, none of this impacts consumer accounts — these changes are only for business users.

Capacity Releases AI-Native Knowledge Sharing Platform

Elsewhere, Capacity has launched its AI-native knowledge sharing platform. Designed to meet the needs of digital workplace employees whose work is enabled by data sharing, Capacity is a cloud-based system built on AI that captures, mines and connects organizational knowledge to maximize employee productivity.

The company also announced that it raised $13.2 million in Series B funding from a Midwest network of private and angel investors to help support company growth and scale its technology.

The release of the platform addresses an old problem, notably that team members are forced to waste hours every day searching for information that’s spread across dozens of systems and silos which reduces their capacity, engagement and overall satisfaction.

Capacity addresses these challenges by capturing tacit knowledge, mining documents and spreadsheets, and connecting to enterprise apps — making everything instantly accessible through a single, automated chat platform.

Splunk Buys SignalFx

Finally, Splunk announced a definitive agreement to acquire SignalFx, a provider of Software-as-a-Service (SaaS) real-time monitoring and metrics for cloud infrastructure, microservices and applications.

Under the terms of the agreement, Splunk will buy SignalFx for $1.05 billion, 60% of it cash and 40% in Splunk common stock. The acquisition is expected to close in the second half of fiscal 2020

Splunk said the aqusition of SignalFx continues its drive to provide enterprises with a single platform allows IT to monitor and observe data in real time, no matter the infrastructure or data volume. This, in turn, enables organizations to work across their entire data landscape, not just silos in the data center or cloud-native environments.