Wednesday 20 May 2009

Alcatel-Lucent Expands Encryption, VPN Capabilities of OmniAccess 3500 Nonstop Laptop Guardian

Alcatel-Lucent (Euronext Paris: ALU) (NYSE: ALU) today announced new data encryption and virtual private network (VPN) features for its OmniAccess 3500 Nonstop Laptop Guardian (NLG) laptop security and management system that improve the security of data residing on laptops.

Invented by Bell Labs and incubated by Alcatel-Lucent Ventures, the OmniAccess 3500 NLG, is the first comprehensive solution that reduces laptop security breaches, delivering 'always-on' connectivity for visibility and control over laptops on a 24/7 basis -- even when the laptop is turned off.

The features are available in a new release of the OmniAccess 3500 software and include:

--  Full hard-disk encryption integration framework -- All full disk
encryption (FDE) vendors are now able to integrate with the OmniAccess 3500
NLG. This will enhance vendor encryption solutions with the capability to
remotely manage encryption keys and provide a second-factor of
authentication when the laptop is turned off or is offline. Keys and second-
factor authentication are stored on the NLG card and can be remotely
deleted to make the hard disk inaccessible in case of a lost or stolen
laptop. This capability closes an important security loop, as laptop data
can not be accessed without the management controls enforced by the
OmniAccess 3500 NLG. Together with NLG's GPS location capabilities --
security and manageability are now upgraded.

-- Industry first Active Smartcard for Windows and pre-boot
authentication -- Many FDE solutions require a Smartcard to be used for
encryption keys -- a solution that can't be updated over a network. The NLG
now emulates a Smartcard, but allows IT administrators to create,
invalidate, revoke, and reissue the Smartcard or its PIN securely over the
air and on the fly for faster response and lower administration costs.

-- SSL VPN access -- This capability gives NLG users another secure
option for using a VPN while visiting a customer or partner location. In
addition to the built-in IPSec VPN, NLG now supports secure switch over to
web-based SSL VPN if used by customers' IT. This capability keeps the
always-on VPN solution that defines the NLG solution intact, while allowing
end-users the freedom to use SSL when needed.

-- Multiple user support -- This option allows multiple end-users to
share a single NLG-protected laptop, without compromising security.

-- Mid-range gateway -- Alcatel-Lucent has scaled the back-office NLG
gateway to fit the needs of companies with up to 500 NLG users. This new
server supports Business Partner and carrier demand to provide a cost-
effective solution for these mid-sized companies.

"NLG continues to innovate in the space of mobile security. The interactive Smartcard capabilities are truly unique in the market," said Tom Burns, COO of enterprise activities for Alcatel-Lucent. "Our customers are reacting very positively to the NLG and we believe these new features help to ensure that the NLG remains the most comprehensive endpoint security solution on the market. With our new mid-range gateway (at a reduced cost), we have put the product within reach of mid-sized customers and have dramatically increased our addressable market."

"With these and previous new feature developments in the OmniAccess 3500 NLG, Alcatel-Lucent has elevated NLG's attractiveness," states Michael Suby, Director of Stratecast (a Division of Frost & Sullivan). "These enhancements deliver to enterprises what they need the most: flexibility to tailor security technologies to meet their unique device and information protection objectives."

With this solution, IT departments are able to enforce policies for compliance, protection and recovery of stolen devices, and deliver patches and upgrades to an increasingly mobile workforce anytime, anywhere, thereby increasing productivity and efficiency. In addition to other channel partners, Alcatel-Lucent is working with Sprint to deliver the OmniAccess 3500 NLG as part of a complete wireless enterprise solution.

Availability

OmniAccess 3500 Nonstop Laptop Guardian solution includes PCMCIA cards for laptops and a management server. The product is packaged with 3G services and sold through wireless service providers and Alcatel-Lucent Business Partners. Nonstop Laptop Guardian is currently available through Alcatel-Lucent channels in North America, including Sprint, and will launch in Europe in Q3 2008.

About the OmniAccess 3500 Nonstop Laptop Guardian

The core technology of the OmniAccess 3500 NLG consists of a secure, always-on computing system that is available for IT even when the laptop is turned off. Residing on a 3G broadband PCMCIA data card which includes a separate secure operating system and battery, which operates with any broadband network, including 3G, Ethernet or WiFi. When a laptop is connected to a network, the card seamlessly transitions connectivity to the corporate network through automatic VPN capabilities, ensuring that all traffic, regardless of data connection type, passes directly through the corporate network's protections, filters and policy managers before accessing the Internet.

Sunday 10 May 2009

MoD Data Security Report Released

Four MoD laptops were stolen between 2004 and 2008According to a investigation carried out for the Ministry of Defence by Sir Edmund Burton, new recruits to the armed forces belonging to the so-termed “Facebook generation” failed to take adequate data security measures.

MoD Laptop Thefts

Sir Edmund, Information Advisory Council Chairman, was asked to look into the issue of security following the theft of a number of MoD laptops, of which one occurred at the beginning of 2008.

In a stark report, Burton asserted that the MoD’s Cold War data security ethics had disappeared, with “little awareness” of the importance of security within its employees.

Consequently, a significant event involving security had, he said, been “inevitable.”

The 2008 laptop theft occurred from a vehicle parked in Edgbaston, Birmingham, UK. On it were records relating to 600,000 service personnel and armed forces applicants.

It was subsequently discovered that, between 2004 and 2008, a total of four laptops had been stolen in similar circumstances.

MoD Data Protection Act Obligations

Combined, said Sir Edmund, the losses pointed to a “failure of supervision”, with a “very limited understanding“ of the ministry’s obligations in connection with the Data Protection Act.

"During the Cold War, awareness of real security was ingrained in individuals and organisations", the report stated. "Audit, inspection and compliance regimes were rigorously underpinned by codes of discipline.

"These well-developed processes and procedures have not been translated, effectively, into the information age.

"Generally, there is little awareness of the current, real, threat to information, and hence to the department's ability to deliver and support operational capability.

"Consequently, there can be little assurance that information is being effectively protected."

New Military Recruits

Sir Edmund highlighted the “Facebook generation” that new recruits belonged to.

Young British military personnel, he said, were accustomed to the “rapid and often uninhibited exchange of information."

“At work, this behaviour must be tempered by common sense and sound judgment, informed by data protection practice, and the particular concerns of MoD work.

"However, returning to the strict information control of the type applied to paper documentation of 15 or more years ago is not considered practical in the modern working and cultural environment."

Personal Record Access

The MoD, said Burton, had sought to implement up-to-date working methods, especially within Personnel, with better access to personal records.

However, "one consequence of embracing this new data sharing culture has been a decline in overall departmental security practice.”

Senior officials, Sir Edmund wrote, "shared a concern that the younger generation of MoD staff are not inculcated with the same culture of protecting information as their counterparts from previous generations."

In all, 51 suggestions for improvement were listed, among them, the setting-up of a “coherent system of censure and punishment" for those responsible for losing or compromising the security of personal information – a system flexible enough to apply to different severities of loss.

Source – Armed Forces International’s Political Correspondent

Friday 1 May 2009

Bosses' insolvency data is stolen

Laptop
Police are investigating the burglary, which occurred on 28 August

A laptop computer containing personal details of 385 former directors of insolvent companies has been stolen, the Insolvency Service has said.

It has written to those it believes may have been affected by the theft of equipment from its Manchester offices.

One of four laptops stolen from the government agency contained information on the directors from 122 firms.

This loss is the latest in a long line of cases where confidential information has been lost or stolen.

Greater Manchester Police are investigating the burglary, which happened on 28 August.

Those affected by the theft include former company directors, insolvency practitioners and people who were named in documents, including creditors, complainants, investors and employees.

The Insolvency Service said 385 ex-company directors had been affected and also about 150 people with a connection to the firms.

Information on the company directors included name, address, date of birth and occupation. No bank account details were held.

In relation to the creditors, complainants and employees, the data included name, address, and bank account details in a small number of cases.

Telephone helplines

A spokeswoman for the Insolvency Service, which investigates corporate failures to see if particular company directors were at fault, said none of the insolvent companies concerned was a "household name".

She said most of them were "small and medium-sized companies".

Several dedicated telephone helplines have been set up and anyone who has concerns should go to the Insolvency Service website to find the appropriate contact number.

A statement from the Insolvency Service said: "The information consisted of documents sent to the Insolvency Service by insolvency practitioners who act as administrators, receivers or liquidators of insolvent companies.

"The documents, which are required to be sent by law, included information about the activities of company directors which the insolvency practitioner considers may give cause for concern."

Earlier this month, the government confirmed that a portable computer hard drive holding details of up to 5,000 justice system employees had been lost in July 2007.

In August, Home Office contractor PA Consulting admitted losing a computer memory stick containing information on all 84,000 prisoners in England and Wales.

And in June, a senior intelligence officer from the Cabinet Office was suspended after documents were left on the seat of a commuter train from London Waterloo.

The seven-page file, classified as "UK Top Secret", contained a report entitled "Al-Qaeda Vulnerabilities" and an assessment of the state of Iraq's security forces. A passenger later handed the file to the BBC.