Group items tagged

Yet those data centers, according to EPA figures cited by NIST, consume 1.5% of all electricity generated in the United States (compared with 0.6% worldwide in 2000). Globally, IT produces 2% of CO2 emissions.

Businesses that go with cloud computing could improve sustainability in two ways. First, companies maximize servers by sharing them, so fewer machines are chugging away. Second, on-demand usage means that firms needn’t consume way above their needs during slow times in order to be ready for busy times.

The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.

The news of the breach comes at a time when there is more emphasis - and billions of dollars in federal funding - to develop protocols for electronic medical records, with information being shared among providers, insurers, and consumers.

Paul Stephens, director of policy for the Privacy Rights Clearinghouse, said that data breaches in the finance and retail sectors tended to involve more people, but that health data are very sensitive and may also contain payment information.

“The IT industry had this nagging question – as more and more services move to the cloud, do they consume more or less energy?” Bernard said. “This study found that you can migrate existing infrastructure to the cloud and see not only growth in productivity but a reduction in energy consumption for those services.”

The study was aimed at understanding how the cloud performs differently from an on-premises environment, said Josh Whitney, corporate sustainability strategy lead with WSP. Using a methodology aligned to the Global eSustainability Initiative (GeSI) standards, Accenture and WSP compared the energy use and carbon emissions per user for Exchange Server 2007, SharePoint Server 2007, and Microsoft Dynamics CRM with their cloud-based equivalents: Exchange Online, SharePoint Online and Microsoft Dynamics CRM Online. The results suggest that for widely deployed and commonly used applications such as e-mail, content sharing and customer relationship management, the cloud can enable significant reduction in carbon emissions.

“The findings are actually pretty impressive,” Whitney said. “I think this study provides further reinforcement of the benefits of the cloud beyond the bottom line. It provides one of the first quantitative and measurable analyses of the impact that cloud computing can have directly compared to a traditional deployment of IT within a company.”

"Three-fourths of businesses are deleting files, reformatting or destroying drives, or 'do not know' how they are erasing sensitive data. Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.

"Surveying more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer.

Only 19 percent of businesses deploy data eraser software and fewer, 6 percent, use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all of their data had been wiped.

But it's not just cloud computing that is driving a movement toward "decreased IT hardware assets," in Gartner's words. Virtualization and employees running personal desktops and laptops on corporate networks are also reducing the need for company-owned hardware.

Gartner's prediction was part of a release Wednesday that highlights nine key predictions that will affect IT organizations and users this year and beyond.

Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.

The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.

The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.

Having just reached a settlement with the Commission in which the company is required “to take several steps to make sure it lives up to its promise in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established,” Facebook is changing the privacy setting of its users in a way that gives the company far greater ability to disclose their personal information than in the past. With Timeline, Facebook has once again taken control over the user’s data from the user and has now made information that was essentially archived and inaccessible widely available without the consent of the user.

The impetus is on the user to edit their privacy settings in order to tweak their Timeline to only show stuff that they want it to show.

EPIC goes on to argue that since Timeline contains new categories like “Health and Wellness,” it is ripe to be used by companies mining for medical data

Content, for now, is meager. A list of tips for individuals to secure their personal computers is found in the website's resources page as well as links to Langevin's and McCaul's press releases regarding cybersecurity in the site's media center.

The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.

some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”

“We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  "At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted.  Instead we found enormous vulnerabilities.  The protection of patient data should be at the forefront of their efforts."

ey findings of the research: Data breaches are costing the healthcare system billions.  The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually.  The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.  The average organization had 2.4 data breach incidents over the past two years.  Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.Healthcare organizations are not protecting patient data.  Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent).  Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.Protecting patient data is not a priority.  Seventy percent of hospitals stated that protecting patient data is not a top priority.  Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft.  A majority of organizations have less than two staff dedicated to data protection management (67 percent).HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records.  The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.  The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," said Rick Kam, president and co-founder of ID Experts.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls.

The law was written in response to the theft of information on more than 45 million credit card accounts from TJX Companies in 2007

The law is designed to ensure “the security and confidentiality of customer information,” based on current industry standards, focusing on threats that can or should be anticipated. The regulations take into account the size of a business, the amount of resources available to it, the amount of personal data held and the sensitivity of the data. It covers paper and electronic records and requires physical and IT security.

"A manufacturing company isn't going to have the same checklist as a service company or retailer," Golden says. "They're too different. But there is a consistent set of things to look at. Some of them are specific to cloud providers; a lot of them are the same kinds of things you had to look at in outsourcing or any other service provider contract.

How responsive is the cloud company?

Some providers may be more responsive at the beginning of a relationship than later, so checking with other customers on that point is important as well, Golden says.