Venyu Blog

It’s happened again: a massive data breach that has placed the private information of more than 500,000 customers at risk of identity theft, or worse.

According to the March 1^st Network World article, on October 2, 2009, 57 hard drives were stolen from a closet at BlueCross BlueShield of Tennessee’s training center.  The drives contained recordings of more than 1 million customer support calls, totaling more than 50,000 hours of conversation.  Included on these drives were also 300,000 screen shots, showing what BlueCross representatives had on their computer monitors at the time the calls were made. Since, BlueCross BlueShield has mustered the services of a “small army” of workers – more than 500 full-time workers and 300 part-time employees to MANUALLY examine every screen shot and listen to every minute of every phone conversation, at a cost of more than $7M — and they are not finished. As of January, more than 110,000 hours had been spent reviewing the screen shots and audio logs. To date the company has notified about 300,000 customers of the more than 3 million who may have been affected by the breach.

Did I mention the data on the 57 hard drives was not encrypted?  Or that they could be poached as readily as walking into one of the company’s wire closets?

It doesn’t have to be this way. Online data backup and storage solutions eliminate the possibility of data being compromised onsite. Applying encryption as the backup is occurring eliminates anyone being able to penetrate data for the purposes of identity theft.

To put a spin on the tagline of a national insurance provider, “What’s your [customer data protection] policy?” Consider that question the next time you feel secure in keeping your customer’s (unencrypted) data on-site.  More information here:

Venyu is a premier provider of online data backup, protection, recovery and availability services, meaning it is the trusted custodian of data that someone, somewhere actually wants to save and refer to at a later point in time.  The deeper I drill down into the industry at large, the more often I learn not everyone wants their data saved, accessible, revealed or some combination thereof.

Case in point, the newly announced application for the iPhone: TigerText.

While so-called traditional texts continue to reside on your carrier’s server long after you press send, texts using TigerText (and yes, its name coincidentally capitalizes on the pro golfer with the same name), are deleted at a time you select: beginning one minute and up to one month after they’re read. (According to the company, the application will also shortly be available for Blackberry and Android).

At $2.49 per month the cost of the service is minimal.  It’s also smart enough to sidestep your carrier’s own server by transmitting directly through TigerText’s server, and thereby eliminating any chance of the text being archived or ever seeing the light of day, even as part of an e-discovery process. There is at least one “gotcha” (e.g. both the sender and the receiver must have the app installed), and it’s the sender of the message who decides when the message will finally dissolve into the ether; however, if you want to wipe out your paw prints, this could be the app for you.  More information here:

As the Healthcare Information and Management Systems Society (HIMMS), opens its tenth annual conference today in Atlanta, GA, Venyu, a premier provider of commercial-grade, customizable solutions for data protection, availability and recovery, has announced at the conference a bold partnership with InSiteOne, a leading service provider of medical data archiving, storage, and disaster recovery solutions. The joint partnership is aimed squarely at helping healthcare institutions and providers better protect soaring amounts of image and non-image medical data.

For the uninitiated, HIMMS is a comprehensive healthcare-stakeholder membership organization exclusively focused on providing global leadership for the optimal use of information technology (IT) and management systems for the betterment of healthcare.  In other words, how do you leverage and optimize information technology solutions to transform healthcare management and delivery?

In the last five years, the amount of picture archiving and communications systems (PACs) imaging and traditional electronic data generated by the average sized hospital has grown by as much as 100%.  In parallel, HIPAA regulations structured around the privacy of patient records continue to dominate the headlines while directing the rules governing provider and patient record keeping. Coupled with the massive expansion of electronic protected health information (ePHI), HIPAA continues to be a pervasive force in the healthcare industry. In fact, in 2011, the certified electronic health records portion of the Health Information Technology for Economic and Clinical Health Act or the “HITECH” Act widens the scope of privacy and security protections available under HIPAA while increasing enforcement and the potential legal liability for non-compliance. 

Along these lines watch this space for future developments that result from today’s partnership as Venyu and InSiteOne help to arm present-day providers with proven data protection and delivery tools that satisfy next-generation compliance, regulatory and electronic medical records controls. More information here:

We’re all familiar with the concept of life insurance to make sure your family is monetarily taken care of in the event the Grim Reaper finally doubles down on your number. But what happens to your digital identity once you pass on (e.g. Facebook, Flickr, personal blogs)?

If you’re not able to update it (understandably), will your blog live on and who will control it? And what about Facebook? Can it be structured to announce you’re passing or to erase your wall once you’re gone? The most recent entry into the so-called digital life insurance arena is MyWebWill, a Sweden-based web service that launches in Spring 2010. According to its co-founder, Lisa Granberg, the theory behind the service is that just as in your offline life you want to be sure certain things are kept hidden, you’ll want to be able to take control of your online identity (or at least have your heirs do it for you).

The service, triggered upon receipt of an email from one of two persons you designate informs MyWebWill of your passing and provides evidence of such (e.g. death certificate), deactivates and erases your online accounts for the modest fee of $17 a year and a one-time charge of $179. MyWebWill account holders also have the opportunity to create an email that bids their followers on Twitter or fans on Facebook their fond goodbyes launchable on a pre-selected day, week, month or longer after the service is activated.

Given that more and more of us have a digital presence combined with the fact nothing on the Internet actually goes away once it’s posted, I suppose this service can be considered forward-looking and someone, somewhere inevitably would have come up with it. On a purely intellectual plane, however, isn’t this service redundant? After all, regardless of how you finally signed off and shed your mortal coil, your digital life and everything it has recorded will remain active into perpetuity. As those of us who spend our days manipulating it already know, data (like matter itself) is never entirely destroyed and digital memories really do have an afterlife.

Here’s a My WebWill video demo:

At Venyu we spend a lot of time working with and perfecting Virtualization; however, from time to time, the need to connect a USB device to a VM guest arises. In the past, this has been one of the few pitfalls companies face when implementing a virtualization solution.

Although USB support has been getting better with VMware vSphere, the problem of VM guests needing to migrate via VMotion around ESX hosts with physical USB devices still connected is a problem.

To get around this issue, Venyu uses the Digi AnywhereUSB devices.  These devices are IP-based USB hubs that allow your VM guests to map a “virtual” USB port to the physical USB device connected to the Digi device.  Here’s how easy they are to configure:

1)  Unbox and plug device into power and your IP network (the Digi’s will DHCP an IP if available)
2)  Run the installation wizard from the supplied CDROM, Set a static IP on the Digi box.
3)  On the VM guest, install the Digi USB driver in Windows.
4)  Run the AnywhereUSB configuration utility and connect to the device.

That’s it!  Almost.  Because USB device support is not typically “baked” into a Windows VM guest, you’ll need to manually add the USB drive to Windows.  Don’t worry, it’s VERY easy.  Here’s how:

1)  Copy the USBD.SY_ file from your installation I386 directory to your Windows VM guest’s C:\%systemroot%\system32\drivers folder.
2)  Rename the file from USBD.SY_ to USBD.SYS and then REBOOT the VM guest.

That’s all… Once the server comes up, you’ll be able to connect and use any of your USB devices.

*  Just remember, the current Digi AnywhereUSB devices only allow for 1 HOST connection at a time.  You CAN connect multiple USB devices that host.  Look for this issue to be resolved with newer versions of firmware/products.

FYI:  Here’s more information about VMware support:  http://www.digi.com/pdf/wp_ESXServer_AnywhereUSB.pdf

Thanks,
wsellers

I have to admit there’s something positively James Bondish about self-destructing data. Maybe it’s because the very idea of it conjures up visions of Peter Graves accepting his team’s next “Mission Impossible” over a portable tape that simmers, smokes and self-destructs once it has surrendered its contents.

“Vanish,” a cutting-edge software solution developed by a group of researchers from the University of Washington, Seattle uses peer-to-peer networks to create encryption keys presenting the idea that digital data has a shelf life. At its core, Vanish is user-defined data destruction. It begins as simply as a user highlighting the text they want to encrypt. A single mouse click creates a secret encryption key that’s ultimately divided and stored in various places on peer to peer networks. As computers log on and off these constantly changing peer-to-peer networks, pieces of the key eventually become inaccessible – meaning that the original data cannot be decrypted or read, even by the sender. This work-in-progress is reserved mainly for the academic community and not yet practical for the rest of us who know there really is no expiration date on user data. Except, I suppose, in the case of self-destructing messages.

Ok, I’ll cop to it freely. The bureaucratic behemoth that is the federal government is my all time favorite pincushion. There’s all kinds of reasons for that – waste, mismanagement, patronage (or what a well-known Boston based newspaper columnist has dubbed ‘the hackerama,’) but hey I give credit where credit is due.

To help answer the timely question “if you use cloud computing for your business, why can’t the government?” The office of the Federal CIO has produced a video entitled “Cloud Computing in the Federal Government.” Among other revelations gleaned from watching this video we learn the federal government has hundreds of data centers around the country that often perform similar tasks, are generally used at a fraction of their capability, and have ‘large carbon footprints.’ I especially like the use of the pop-up daffodils to project sustainability. Who knew the feds were finally catching up to companies in the dreaded private sector that already use cloud computing? But then again that’s just like the government: a day late and at least several billion dollars short. Enjoy!

Every national retailer has customer credit cards on file including yours – what they most fear is someone hacking that information. National retailer TJ Maxx was hacked, exposing at least 47 million credit cards. On March 1, 2010 the fallout from that security breach comes full circle when MASS 201 CMR 17 becomes law.  Make no mistake. That’s cause and effect and this is groundbreaking legislation as it becomes the first law in the nation to require encryption to protect personal information contained in both paper and electronic records.  In fact, if you license or own any personal data of a Massachusetts resident, regardless of the size of your business or where you’re located, you must comply with this law.

So, what does this mean for your business? That depends, but the singular thread that runs through this legislation – data encryption – is only problematic if you’re still relying on physical tape for backup and storage.  Consider:

• The law requires that backup tapes must be encrypted as they are being created. If  you currently use tape-based storage you will likely have to use an intermediary encryption appliance between the data source and the actual storage device (e.g. tape library) in order to meet the letter and spirit of the law.  If you don’t  already own one, prepare to pony up. 
• Data never really ages and you may be asked to produce it on-demand a month or ten years from now.   Chances are, particularly if you’re in a regulated industry, an auditor will ask you to produce specific data your appliance encrypted in years prior.  Even if that appliance can be located, will it still be able to read that data so far down the road?
• Trust but verify. Hackers aside, what happens to your tapes even before they reach the point of encryption? How are your tapes stored? Who has access to them? Are all your employees loyal and trustworthy? Pilfering just a single tape has the capacity to produce significant corporate damage, the kind of damage that only class-action lawsuits satisfy.
• Reputation is everything.  How long could your organization survive if your customers’ data is compromised?  Do you really have enough goodwill left in reserve to put up with the accusation and second-guessing?
• Non-compliance draws significant penalties. Under current enforcement statutes businesses who are found in non-compliance are subject to a $5,000 fine per violation – admittedly a far cry from the $2.5M judgment against TJX but multiple $5,000 violations could be the difference between your business surviving or going the way of the dot.coms.

MASS 201 CMR 17 is a game-changer in terms of applying legal standards to data protection. As you take stock of your company’s reliance on tapes, how wedded are you to them if you’re constantly wondering how safe they are and how accessible the data is contained on them?

Read more here:

Datamation, an online technology news and analysis aggregator for IT managers, has announced its picks for the 10 Emerging Virtualization Companies Shaking Up Datacenters in 2010.  We applaud the publication’s approach to focus on industry up-and-comers rather than the usual suspects, especially because Venyu is included in their list of companies offering a “unique solution that tackles some of virtualization’s most bedeviling problems.” 

With companies of all stripes continuing to struggle with having enough storage capacity (never mind physical servers) to meet demand, server virtualization is rapidly becoming the datacenter’s equivalent of a physical parachute: slowing the level of descent into the storage maelstrom while ensuring the safe recovery of data in the event the ripcord fails.  In addition to providing virtual hosting services for SQL, Microsoft Exchange and Sharepoint applications, Venyu also offers online backup and recovery of data on physical or virtual machines. Leveraging our commercial grade automated remote backup and online storage with our virtualized disaster recovery services enables companies to restore their data to virtualized servers in our datacenter, providing even the most demanding datacenter customers with an end-to-end virtualization solution that keeps their businesses humming and their storage needs in check. All in all it looks like the top-of-mind companies referred to in the author’s introduction to his Top 10 list better spend some of their time, at least in the near-term, looking over their shoulder. Read more here:

Possibly going head-to-head with Twitter, Google releases “BUZZ”, — a “twitter-like” micro-blogging tool…

You can find out more at:  http://www.google.com/buzz

Now you may ask yourself, “How is this different from Google Wave”… Here you go: http://www.mahalo.com/answers/email/how-is-google-buzz-different-from-wave/ Discuss!

Enjoy— and BUZZ ON… or tweet :)
-wsellers