Thank you for stopping by our blog.  We hope that you’ll consider this an ongoing resource for endpoint data protection industry news and trends.  We also want to provide you with a first-hand look at our activities at GuardianEdge.  So far 2010 has been an exciting year for the company with a strong first quarter and a recent move of our corporate headquarters to Silicon Valley.

The IT security industry is constantly changing, and we want our blog to evolve with it.  A variety of GuardianEdge voices will be sharing their expertise here, keeping you up to date with industry changes. My posts will include thoughts about the current state and future of enterprise security.  Ram Krishnan, senior vice president of products and marketing, will provide his take on market trends, enterprise security, and customer and product news.  Joe Gow, senior director of product management, will discuss trends in data protection technology, and Balaji Venkateswaran, vice president of engineering, will bring technical information and details on the nitty-gritty of IT security to the blog.  In addition, you may also hear from other GuardianEdge thought leaders.

On April 13 I co-presented an eSeminar with Wes Wright, the vice president and CTO of Seattle Children’s Hospital.  We talked about the questions and challenges that IT departments at healthcare organizations face as they move towards complying with the HITECH Act.

We agreed that Electronic Personal Health Information (ePHI) is a necessary byproduct of this digital age.  Healthcare data needs to be mobile.  But, with the transition to more digital records, each being touched by the complete spectrum of healthcare organizations (providers, insurers, etc.), how does this impact the complexity of security?

When you look at the healthcare industry from a 30,000 foot view, some staggering statistics emerge.  According to the Health Information and Management Systems Society (HIMSS), the association that guides healthcare IT, 69 percent of healthcare data breaches are a result of a lost or stolen endpoint.  This usually comes in the form of laptops, but does include other devices like Smartphones and USB thumb drives.

My favorite quote of the week: “The truth is, we now fear the auditor more than the attacker.”

The 451 Group Research Director of Enterprise Security, Josh Corman, joined me in a recent GuardianEdge eSeminar and explained the new challenges facing the “good guys” of IT security.  While obvious threats include malware and data breaches, many administrators are also finding themselves fending off auditors armed with regulations and strict compliance standards.

“Compliance is now eclipsing threat as the number-one driver in security spending,” Corman noted.  “Nearly every penny spent last year on security was under a compliance mandate.”

Corman added that when he asked administrators why they were focused more on dealing with the auditors then on fending off the latest threat or what their risk management research noted as key issues, the response was very clear: “I might get hacked, but I WILL be fined.”

Next Thursday, March 25, GuardianEdge is hosting an eSeminar on Practical and Proactive Data Encryption.  Bruce Bonsall, the award-winning CISO of MassMutual, and Josh Corman from the 451 Group are joining me on the panel.

How does a company protect its sensitive data when much of it resides on the endpoints of third-party agents who are not employees?  This is the challenge Bruce and his team faced at MassMutual, when tasked with rolling out encryption to their internal workforce as well as a large network of insurance brokers and agents in the field.  It’s an interesting dilemma, and as part of this discussion Bruce will draw on his many years as a leader amongst his CISO peers and highlight the importance of being proactive in outlining an overall protection strategy.