Enterprise Journey To The Cloud: Lessons Learned

On Tuesday, December 6, 2016 I’ll be part of a panel discussion covering “Enterprise Journey To The Cloud: Lessons Learned”. The event is hosted by the Boston Chapter of the Cloud Security Alliance, from 6:00pm to 8:00pm at the Salesforce offices in Burlington, MA. Additional presenters are from IDC, New Balance and iLand (possibly more to come).  Should be useful and informative, with real-world lessons learned and the ability to peel the onion back with the presenters…. Read more »

Zeta Alliance – Zimbra 8.7 Update Warning

Every week the members of the Zeta Alliance have an online meeting to talk about Zimbra Open Source initiatives, zimlet development etc. (Go to their web site to join our community!) On this week’s call we learned something new and surprising about Zimbra 8.7 updates.   Zimbra Now Uses Repositories As you know, the first time you run the 8.7 installer it adds packages repositories to your operating system’s list of what usually just comprise… Read more »

HIPAA Email Encryption Compliance

Compliance Challenges In most regulated industries, regulatory compliance is pretty straightforward: you read the regulations and do what they tell you to do.  SEC Rules 17 (a) 3 and 17 (a) 4 apply to the requirements for email archiving in financial services, and when you get in the weeds you’ll see that some form of write-once media is required for the archives.  As a result of that and other complexities (I said “straightforward” not “simple”… Read more »

DropBox Hack, Unique Passwords and Password Managers

Today The Guardian published new news about the 2012 DropBox hack. At the time, it was disclosed that only customer email addresses had been hacked, but in today’s news it now seems that users’ encrypted (but possibly crackable) passwords were also leaked. We thought it would be helpful to share with you three of our password management best practices. First, the old practice of changing your passwords every 60-90 days is (finally) coming under the scrutiny… Read more »

Zimbra 8.7.0 – Fine for New Smaller Installs; Wait A Little Longer Though To Upgrade

We really like Zimbra 8.7.0.  It’s been in the works for a long time and has gone through a huge amount of QA. The fix list is impressive and our experience has been that it’s rock solid in smaller installations. The challenges however are with upgrades and Zimbra farms with more than one LDAP server… You see, a lot of under-the-hood changes have been made to Zimbra over the years, and 8.7.0 includes a number of… Read more »

HIPAA Enforcement And Penalties – Data Breach Costs Increasing

How much does a data breach cost, per record? Recently, both Oregon Health and Science University and The University of Mississippi Medical Center paid penalties to the U.S. Department of Health and Human Services Office for Civil Rights of $2.7 million and $2.75 million respectively for post-breach HIPAA violations.  You can read the details at the links above, but the Oregon breach involved more than 3,000 individuals and the Mississippi breach involved some 10,000 individuals. The… Read more »

CloudExpo Day 2 Review

Today was a pretty busy day at Cloud Expo, and Security topics were covered in force, either explicitly or embedded as part of operational talks on best practices covering things like provisioning and backups/disaster recovery. Security Soundbite Of The Day – Zombie Servers Although Zombie Apocalypse topics have quieted down in popular culture, Zombie Servers are apparently a Big Thing. In case you need to catch up, a Zombie Server is a running server that no… Read more »

CloudExpo Day 1 Review

Thanks to Accelerite, I was provided with a Gold VIP pass to attend CloudExpo here in New York City.  For those of you who follow all-things-Citrix, Accelerite recently acquired from Citrix the CloudPlatform (based on the open source Apache CloudStack project) Private Cloud software suite.  (Full Disclosure: we are an Accelerite customer and use CloudPlatform for managing our, and our clients’ clouds.) The exhibit hall doesn’t open until tomorrow (if you exclude tonight’s welcome reception),… Read more »

Zimbra 8.7 Almost Here

Zimbra today announced a public release of the Zimbra Collaboration version 8.7 Release Candidate. We’ve been busy these past few weeks working on testing the private betas, and we like what we have seen so far.  This is also the first new major release under Zimbra’s new owner Synacor, so this release is a bit of a bellweather indicator for how Synacor is managing development versus the previous owner Telligent. What’s In 8.7? First, bug… Read more »

Zimbra and Exchange Email HIPAA HITECH Compliance Overview

Not a week goes by that we don’t get asked: “Can you host HIPAA-compliant email for us?”  The answer is always “Yes, but…” which is not always the welcomed response, but it’s the truth. The real truth is that, first and foremost, the Covered Entity is ultimately responsible for compliance.  This is not because our lawyers have added a clever clause to our contract absolving us of such responsibility, it’s because that’s the law.  And… Read more »