I once again had the pleasure and privilege to attend the RSA Security conference in San Francisco, CA. https://www.rsaconference.com/events/us18. The conference keynotes, sessions and sidebar conversations were a good opportunity to see what the hot topics in security are. I attended a broad selection of sessions. Here are five diverse observations that I came away with:
Back in November of last year, I was part of a conference call with a European customer who needed some high level reassurance from us. As part of that request, they mentioned that our customer portal could not help them properly manage support tickets. Thus, I hijacked the call and started a GoToMeeting session from my desktop. I gave them the opportunity to walk me through exactly what they found problematic about our customer portal. For the next 20 minutes they did a masterful job of highlighting what areas of the customer portal simply weren’t working for them. And If put myself in their shoes, I could see that they were not only right, but it was likely that other customers felt this way and had never said anything to us.
With this knowledge, I did something radical, which was to hold many meetings over the next two months where I would bring a proof of concept to the table, and have the customer critique it. This helped us to get to where we are today. Which is, to announce the release of Phase One of our enhanced customer portal.
One of the things that is unusual about me is the fact that I like to take customer support calls. Now you might find that weird as I do run a global support organization, and presumably I have better things to do than to take tech support calls when I have a staff that I have hired to do that for me. However, I feel that in the interest of making my support organization better, I need to be on the phones from time to time, digging into cases that get submitted via our customer portal, or by e-mail. Here’s why:
Canada’s economy is built upon the success of our citizens, their ingenuity and innovations. WinMagic CEO, Thi Nguyen-Huu speaks of his passion for innovation in building WinMagic, its comprehensive data security solutions, and the value that we bring to our customers in this video produced by Collins Barrow, one of Canada’s largest associations of chartered accounting firms, in celebration of Canada’s 150th birthday!
Recently I was on a call with a customer where one of my Team Leads and the Support Agent did most of the talking. Part way through the call, the customer asked me why I wasn’t saying anything. My response was that both my Team Lead and Support Agent had a plan that made sense and could speak to that plan. On top of that they had the ability to make decisions and adjust the plan without running it by me. Finally, I had complete confidence and faith in their abilities. The fact that I was willing to put that much faith in my people and give them that much latitude was surprising to the customer. And it’s likely surprising to you as well. But I see making the people who report to me as independent as one of the keys to having a world class support organization. To that end, here’s what I do to encourage independence within the Tech Support organization at WinMagic.
As an enterprise, you should not need an occasion to ensure that your security practices are up-to-date, fine-tuned and resilient. However, when immersed in the day-to-day it’s easy to overlook or neglect some of the standard best practices to securing your environment. The first signs of spring seem to trigger an inherent need to clean, and it’s no longer isolated to the garage or the cottage. It’s easy and worthwhile to apply the concept of spring cleaning, an annual event, to getting your security house in order too.
Here’s a 6 point checklist to get you started!
Throughout our 20 years of experience in the endpoint encryption market, who do you think our biggest competition would be? Symantec? McAfee, maybe? Wrong, and wrong again. Native crypto solutions like BitLocker and FileVault 2 dominate the endpoint encryption market. After all, why wouldn’t they? They’re free, they’re integrated into the operating system, and they do their job well. But are they really our competition?
From May 17th to 19th, I had the pleasure of attending the Fifth International Cryptographic Module Conference (ICMC 2017) with my colleague, Alexander Mazuruc. Alex usually attends this conference which focuses on cryptographic modules and FIPS 140 type issues, but this year there were 8 tracks on related subjects such as Quantum-safe crypto (yes, that is a thing), and Common Criteria. The conference had about 35 different sponsors including the Trusted Commuting Group. Overall I found the conference very informative and a good place to network in the community.
As data privacy concerns and supporting regulations escalate, are companies really prepared to ensure protection of their customers’ personal identifying information (PII) and to quickly and accurately report a breach should one occur? WinMagic recently conducted a survey of IT decision makers in the U.S., UK, France and Germany to assess their companies’ capabilities in these areas – and the findings should raise some red flags.
As we evolve more and more to complete self-contained services like the mainstream Cloud services of Microsoft, Amazon, IBM and Google, I often express concerns about the Cyber aspects being coupled. Enterprises and users are, if they haven’t already, getting more and more comfortable with giving up their physical/virtual servers, applications and storage but are not, and should not, be comfortable giving up control of their sensitive data. The shared responsibility models of Cloud Services Providers (CSPs) delineates between the physical aspects (network, disks, memory, etc.) and the responsibility of what resides in the storage and computer.
Since I became Senior Manager of Technical Support at WinMagic about seven months ago, my mandate has been to take the support organization here to the point where they were consistently delivering an exceptional customer experience. To do that, I needed to build a solid foundation using the skills and observations that I have acquired from elsewhere. My first step in this was to audit the technical support team and identify areas where improvement was needed or more focus needed to be applied. Through observation, looking at the metrics that were being gathered, and even learning the product so that I could take customer calls in the interest of seeing firsthand what customers experience was, I was able to come up with these key building blocks as part of my foundation for exceptional customer experience. Since February 1st, we’ve been tracking these key items:
I have written about the security implications of using sleep with encrypted drives in the past and have offered both short term and longer term solutions that would allow users to use sleep under some conditions and not risk (too much) a data breach. Today I am writing to offer another, common sense, alternative: Just don’t use sleep because you don’t really need it.
I’m passionate when it comes to coaching and developing a Tech Support team. Because when you make a sincere effort to coach and develop Tech Support agents, it results in a more engaged agent who delivers world class support. One who will go above and beyond not because they feel they have to, but because their efforts are validated by those that they report to and by the customers they assist. This is important because a Tech Support team talks to customers more often than any other part of an organization such as WinMagic which makes what they do very crucial to the success of that organization. I use a number of tools to make sure my coaching is effective as possible.
Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it. But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.
Today’s IT leaders have to ensure that desktops, laptops, and tablets are secure, which is not any easy feat when they all run on different operating systems – and that is just the beginning. As most organizations move to the cloud, there is a new set of security considerations to tackle. An organization needs to ensure that every confidential piece of data is protected no matter where it resides.
There are many Encryption Challenges in the Tech world today. We know that encryption is one of the fastest emerging data security options today. An increasing number of organizations worldwide are adopting encryption to address the growing concerns of data safety and data privacy for compliance regulations. Data Encryption is a time-tested tool that can severely hinder attackers in their goal to steal confidential user and customer data, trade secrets, and more. In addition, to the complex regulations, the increasing adoption of new technologies such as mobility, cloud and virtualization have also found the need for encryption more than ever before.
If you have been following our blogs you know that the ideal FDE architecture has two main components. The actual encryption component is a separate layer from the key management. The encryption can be done by the OS (e.g. BitLocker for Windows or FileVault2 for Mac), by Self-Encrypting Drives (SEDs) or by ISVs such as WinMagic’s FIPS140-2 validated software cryptographic engine.
When you move into a new place, one of the first things you do is change all the locks. It’s important to your sense of security that you control who has access to your home. Changing the locks just makes logical and practical sense. This same logic should also be applied to your business thinking when you are looking to secure your sensitive information in a new environment or an environment you don’t fully control.