Proofpoint: Security, Compliance and the Cloud

34 posts categorized "Security"

July 16, 2014

How big of a threat is intellectual property theft?

While digital solutions like email, mobile devices and the cloud have greatly benefited most businesses, they also raise the specter of intellectual property theft. In order to safeguard mission-critical assets at all times, companies should adopt enterprise security solutions from Proofpoint to make sure their intellectual property is never leaked out or stolen.

In a recent speech to filmmakers, media professionals and other businesspeople, Vice President Joe Biden said that intellectual property theft is a multibillion-dollar issue, according to The Hollywood Reporter. As the Internet rose in prominence, however, the threat landscape changed dramatically. For example, Biden said that instead of bringing a camcorder into a movie theater, someone can get an illegal recording of that film much more easily online. This is just one example of how it has become easier than ever for criminals to pilfer intellectual property.

While exact numbers related to the overall costs of IP theft are not known, most estimates corroborate the figure Biden noted. A May 2013 report from The Commission on the Theft of American Intellectual Property estimated that the United States loses more than $300 billion a year from this issue, and numbers cited by the National Crime Prevention Council put potential losses at up to $5.5 trillion.

Although IP theft is often considered a victimless crime, the NCPC noted that it is typically anything but that. The crime inhibits many companies' ability to grow and hire, and often businesses need to recoup related losses by charging consumers more for their goods or services.

"The effects of this theft are twofold," The IP Commission Report stated. "The first is the tremendous loss of revenue and reward for those who made the inventions or who have purchased licenses to provide goods and services based on them, as well as of the jobs associated with those losses. American companies of all sizes are victimized. The second and even more pernicious effect is that illegal theft of intellectual property is undermining both the means and the incentive for entrepreneurs to innovate, which will slow the development of new inventions and industries that can further expand the world economy and continue to raise the prosperity and quality of life for everyone."

How can companies stem the IP theft tide?
The situation relating to IP today may seem dire, but companies can take steps to significantly insulate themselves against this threat. In particular, by adopting a best-in-class suite of cybersecurity solutions from Proofpoint, businesses will be able to keep their trade secrets, patents and other pieces of intellectual property safe from harm.

For example, Proofpoint Enterprise Archive allows organizations to keep a thorough record of all online messaging, and Proofpoint Enterprise Privacy secures email and other forms of communication that may contain sensitive information. To keep threats like malware on the outside looking in, businesses can use Proofpoint Enterprise Protection.

Only by leveraging a comprehensive and powerful data security and privacy suite will businesses be able to safeguard all of their intellectual property. As the IP threat environment grows larger and more potent, Proofpoint's solutions will become even more vital and mission critical for organizations operating in a wide variety of industries.

July 09, 2014

A CISO, GC, and Records Manager Walk into a Bar…


A CISO, GC, and Records Manager walk into a bar.

The CISO says, “Can you believe a guy just tried to sell me a tool that can guarantee when intellectual property is about to leave my network?”

The GC says, “That’s hilarious, I just talked with a man who told me his software can tell me exactly where the smoking guns are amongst my entire corpus of data.”

The Records Manager says, “That’s odd because I just read about a solution claiming it can scan all my files and classify records according to my file plan.”

 The trio quickly realized they were all talking about the same solution. Of course, such “all in one” claims will cause many of us to drop to the floor, rolling with laughter. Yet, the statement above - while not remotely imaginable even a few years ago - today, is not that far off.


 CISO have no problem getting attention. Every hour, each day is another headline that keeps them up at night. Most recently, Goldman Sachs accidentally sent highly confidential information about its brokerage clients to a Google account, immediately going into damage control, requesting Google to block access to the email and to delete it. This type of exposure will continue to increase as the amount of sensitive information increases; as the number of locations sensitive information is stored in increases, and as the number of channels through which sensitive information can be passed increases.

 Breaches are happening every day around the world.

 GC’s have a sleep schedule similar to the CISO. However, their greatest challenge is identifying, controlling, and sifting through gigabytes of business documents typically associated with eDiscovery and large scale investigations. Doing so with a defensible process only adds to the Sominex bill.

 The sheep counting culprit is not only the amount of unstructured corporate information, (growing by at least 60% per year per IDG by 800% over the next 5 years per Gartner), but that information increasingly exists in new, often unmanaged data types such as social media, IM, and mobile.

 Records managers face a more insidious threat in that co-workers often choose the path of least resistance when it comes to records management, and this means any remotely complex policy will be casually ignored or circumvented. The consequences are tangible and often quantifiable when the company is in a regulated industry such as healthcare.


 Speaking to Jason R. Baron, former law of records management Jedi of NARA and now Of Counsel at Drinker Biddle & Reath LLP, he described the solution (and problem) of records management, in the most elegant fashion. Paraphrasing, there are two requirements for records management to work: 1) Simpler policies, 2) Machine assistance.

 While Jason is doing great work in helping firms simplify policies, it will be up to technology firms to ante up with usable, workable, and scalable machine assisted technologies to address the second requirement.

 Considering Jason’s points and listening to customers talk about their concerns around security, privacy, compliance, and records, it’s clear to me that there is an Informational Convergence taking place where corporate information, regardless of its business use or risk profile, is increasingly in need of a common, firm wide classification. This means centralized classification that can be shared across all groups, stakeholders, or leaders; be they CISOs, GCs, or records managers.

 Impossible?  Conventional wisdom divides departments into distinct groups possessing their unique view of information and what it means. The joke works because CISOs think differently from GCs who in turn differ from records managers. Or do they? The tenth time I heard a CISO ask if our DLP technology could be used to help their current records classification efforts I raised an eyebrow. Once ten records managers asked about the possibility of flagging records for security violations, I realized that the market is ignoring conventional thinking.

 The Informational Convergence of Information Governance (IG) provides a holistic view across every information-driven department. Each department is asking for the same thing in their own way and soon companies will realize this. As thought leading technology firms, we need to enable them.

 An equally important side effect to Informational Convergence is the need for IG platforms to support more sophisticated and cloudy ecosystems. Business relevant, cloud-based repositories are also corporate content containers and exposure points. Their rising popularity demands that the most advanced IG platforms support them as well as conventional repositories. Solutions like Box, Dropbox, or OneDrive, contain records, legal content, and represent risk like any other repository.


There are actually several punch lines to this joke. The saddest version is that no one knows what the records manager thinks about the solution because they forgot to invite him to the meeting. As noted above, this only makes everyone’s job harder because proper records management helps everyone in the end.

 I’ll also note that some to whom I’ve told this story have immediately declared it a lie. That it’s all just a dream. Not because the notion of Informational Convergence is too complex to conceive. No. It’s because no one would ever believe these three individuals would be caught socializing.

- Stephen Chan


Stephen Chan Blue Bckgnd

Stephen leads products for the Information Governance team at Proofpoint. Successfully merging 15 years of expertise in the areas of e-discovery, compliance, and records management together with their most relevant technologies, Stephen drives thought leadership in the industry and has advised the SEC and Global 1,000 organizations. Prior to Proofpoint, Stephen was co-founder of several enterprise and consumer software firms, served as primary investigator on two government funded research projects, and has been published in over twenty magazines and books. Stephen is a graduate of the University of California at Davis and Harvard University.

Linkedin_icon Twitter-icon1  

July 01, 2014

Why All Libraries Need Robust Cybersecurity Solutions

As libraries transform from places to check out books into a critical digital resource for many people, these public services need to adopt best-of-breed cybersecurity solutions from Proofpoint to ensure that public computers remain safe and usable.

Libraries have always been a source of learning within communities, but now a lot of that education happens online instead of from books or periodicals. For many individuals today, the public library is their go-to option for getting online, checking email and browsing the Web. According to the latest statistics from the Pew Research Center, among those in the United States over the age of 16 that use the Internet at a library, 63 percent were browsing the Web for leisure and 54 percent said they checked email there.

In addition, numbers from the American Library Association just how critical these public services are for many people today. More than three-fourths of libraries provide Wi-Fi access, and 98.7 percent of them offer Internet access at no charge. Furthermore, not only does the average library now have around 11 computers per each facility, but more than 71 percent of libraries say they are the only source of free Internet access in their general vicinity.

But, too often, this rise in Internet usage at libraries does not accompany increased cybersecurity. The ALA noted that many of those who use library computers are not tech savvy, which means that they could inadvertently be introducing malware onto the library's network. Considering how many people are using these machines, libraries need to take every step possible to ensure that one lapse in judgment does not compromise the assets of hundreds or thousands of people.

"Think about it: Your constituents, volunteers, and donors entrust their personal information with you," TechSoup contributor Zac Mutrux wrote. "If you're not taking steps to secure your data, including using antivirus and anti-spyware software, their information may not be safe. Information security breaches can have major legal and financial ramifications."

Case study: South Dakota Library Network
For libraries that often strapped for cash, trying to keep their IT assets safe from the myriad threats that abound in cyberspace can seem like an insurmountable task. Users can accidentally click on a bad link in an email, and malware has become especially adept at duping unsuspecting people. Libraries may think that the only effective response to these issues is unobtainable to them, but the South Dakota Library Network shows that libraries can have all of their major cybersecurity needs covered with a suite of solutions with Proofpoint. Now, the South Dakota Library Network is able to effectively eliminate spam, encrypts emails, protect the network against viruses and ensure that all of their compliance needs are met.

"The Proofpoint Messaging Security Gateway has worked exactly as we've needed it to, eliminating all types of spam messages and detecting a wide variety confidential information with very high accuracy," said Sean Crooks, systems administrator with South Dakota Library Network. "As an added bonus, the appliance truly runs itself, requiring less than an hour of my time per week for administration."

June 04, 2014

New cybercrime survey highlights need for data loss prevention

06042014_keyThe amount of information companies store online increases everyday and its leading to an surge in cybersecurity incidents, creating a need for stronger data loss prevention solutions. A recent PricewaterhouseCoopers survey underscored the rising discrepancies between the number of cyber incidents and the extent of the data loss prevention techniques put in place by vulnerable organizations.

"Despite substantial investments in cybersecurity technologies, cyber criminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetize," said U.S. Secret Service Criminal Investigative Division special agent in charge Ed Lowery.

Fifty-nine percent of those surveyed said that cybersecurity was more of a concern this year than it had been in the past, but less than half of all respondents had implemented a plan for responding to threats.

Perhaps because of a lack of preparedness, 77 percent of participants said they experienced a security incident in the last 12 months, and 34 percent said this year brought an increase in the number of security events from the previous year. According to the report, organizations experienced an average of 135 security events in the past year. Not all of those surveyed were able to estimate the cost of a security breach on their organization, but for those who could, the average annual monetary loss was $415,000.

According to PwC's Annual Global CEO Survey, 69 percent of U.S. executives are concerned that cybersecurity issues could curtail their organizations' growth. Despite the fear, many businesses still don't take steps to secure many new types of technology.

"Cybersecurity for disruptive technologies remains inadequate when considering Bring Your Own Device, cloud, [and] Software Defined Networking are always put in place first and then secured later," said vice president and publisher of CSO Magazine Bob Bragdon.

Three thousand organizations reported that they were not aware of any breach of their cybersecurity until they were notified by the FBI, according to the cybercrime survey.

"The United States faces real [cybersecurity] threats from criminals, terrorists, spies and malicious cyber actors," said FBI director James Comey. "The playground is a very dangerous place right now."

Protecting enterprise documents
There are a variety of data loss prevention solutions that companies can employ to better protect against cyberthreats. Proofpoint's digital asset security provides document fingerprinting that allows unstructured data to be accurately detected. Specific folders containing sensitive enterprise documents can be monitored and managed. The documents within the selected folders are fingerprinted and can be recognized either partially or fully by the program, whether in the original file format or not.

March 17, 2014

Office365 and eDiscovery? The confusion continues…



Speaking to many customers considering Microsoft Office365 and its new features for eDiscovery leads me to one and only one conclusion: the confusion continues.

Articles published by Microsoft and others that have seen preview of the technology reinforce this point. (See here, referencing a Microsoft webinar where “no specifics were provided”). Hmmm.

Those looking for a simple, straight forward answer as to whether Office365 alone is sufficient to address one’s eDiscovery burdens will be greatly disappointed. No one likes to see a response of “it depends” to a simple RFP question. But, it depends. So, here are 5 simple questions to ask yourselves to determine whether Office365 could be sufficient to address your specific demands.

First, a simple question – do you work for a financial services provider? If yes, stop here. Office 365 and Exchange 2013 do not address requirements outlined by SEC 17a3-4 that outline how data must be stored immutably, or supervisory review requirements under FINRA. You should be engaging with archiving or data storage providers to address these requirements.

1. Do you need to conduct real-time, iterative search against multiple matters concurrently? Office 365 relies upon a batch-based searching process that is not designed for  large scale search – nor unlimited search against concurrent matters. IT must break up requests into multiple smaller searches, introducing multiple points of failure and unknown performance. Limits of 2 concurrent searches is difficult if you have (hmmm) 3 time sensitive matters.

2. Do you need to conduct keyword search against an entire enterprise or large department? Again, the number of mailboxes that can be searched is limited (and continues to be changed by Microsoft – is it 50 mailboxes? 500?). Not ideal for investigative purposes where a set of keywords are known, but the custodian scope/scale is not yet defined.

3. Do you need to search against non-Microsoft office content types? On average, organizations deal with 400+ different attachment types within email alone, and must be able to capture and extract text of these file types prior to sending to a storage environment in order to search and retrieve later. Office 365 cannot help you here.

4. Do you have strict retention and enforcement mandates? Within Office365, email is archived only after a configured time period (default is 2 years). Users can delete or otherwise do as they chose beforehand. In fact, per Microsoft’s own documentation: “Important   MRM doesn’t guarantee retention of every message. For example, a user can delete or remove a message from their mailbox before the message reaches its retention age; MRM isn't designed to prevent users from deleting their own messages.”

5. Do you need it now? Short term, inflexible discovery demands are challenged when all content sources must be within Exchange 2013 to be useable. And, when Microsoft lacks tools to migrate data from earlier versions of Exchange and third party archives that leverage the accepted industry standard approach of journaling. And, when IT command line tools must be used when tasks exceed the existing features – such as creating and managing multiple retention policies through Microsoft’s rolling hold features. And, when archived data needs to be manually segregated for ethical wall or local data privacy adherence. And, when non-Microsoft content must be manually collected, searched, and processed through other systems.

Like with any other early stage software, it is easy for technologists to give the “yes, it can be done” or “yes, on our roadmap” response question to address functional requirements that today do not exist in the product. But, is this adequate to address the immediate, real-time, and unpredictable nature of eDiscovery that your company faces?

“It depends”, as they say.

January 23, 2014

Top 5 reasons Why Your eDiscovery Tool May Not be Sufficient for Information Governance

With LegalTech New York (#LTNY14) fast approaching, I find it a bit odd that to see some of same vendors at LegalTech as at ARMA and MER. With technology that, hmmm, looks pretty much the same at both. This raises some interesting questions about how eDiscovery tools may or may not address information governance (IG) objectives. Some use cases appear more plausible than others – for example, applying advanced analytics to the task of migrating a legacy information repository to enhance visibility into the contents of those repositories (e.g. what is duplicative, what is aged, transitory, etc.).  But, attempting to point predictive eDiscovery tools at raw content sources in order to implement policies for information tracking and control is a bit more daunting – especially for those experiencing unrelenting data growth and explosion of content in unmanaged locations (as would be the case for most corporations today).

So, here are the top 5 reasons why eDiscovery tools may not be sufficient to address your short term information governance objectives (noting that capabilities evolve over time. M&A happens, product portfolios expand, OEM deals are forged, etc.):

  1. Volume: Most analytically driven eDiscovery tools have been well designed to plow through, analyze and accelerate review of clean, contextually specific data sets – let’s say a matter involving 20 custodians and 100 GB.  But attempting to apply that same technology to plow through a billion items (as many corporations can easily accumulate) is more complex than just adding more processing power or spending additional time to train the system to produce a sufficient indexing rate. Data repositories tend to contain information that is highly duplicative, poorly indexed – and growing at a rate of 44x over the next several years per IDC. Analytically driven eDiscovery tools can enhance visibility (after being properly resourced with processing power and $$), but do little to address the high priority of gaining control over unchecked data growth

  2. Context: eDiscovery tools operate best with a defined context of a matter or investigation, but there is no easily discernible context around the word ‘windows’ when pointing at an information repository. In fact, defining and separating the ‘high value’ from the ‘digital ROT’ within a typical IG initiative is often the product of input from legal, regulatory, IT, and business unit representatives melding their own definitions of information value and risk. IG is more than just improving eDiscovery efficiency and reducing expense by looking at upstream data patterns. And using analytics when context has been separated from content makes the technological challenge exponentially more challenging to produce measurable results.

  3. Wild Data: Organizations today are struggling not only with the absolute growth of information, but also the fact that material information is increasingly being created (and is uniquely maintained) in unmanaged locations (e.g. social media, IM, networked fileshares, mobile, nomadic SharePoint sites, etc.).  While it is true that eDiscovery today continues to be dominated by email, patterns of everyday business communications are changing dramatically as can be noted by actions from various regulatory entities including the SEC, FINRA, and FFIEC.  eDiscovery tools work well in processing centrally stored data, but collecting and moving information from unmanaged locations is rarely practical or without risk. Technologies to enable management in-place are emerging, but few have yet achieved significant market presence.

  4. Control: Many effective IG initiatives have focused not just on producing critical content when required, but understanding how information moves throughout its life cycle so that organizations can be proactive in managing information risks.  Enhanced visibility from analytics tools is helpful to understand where the eDiscovery needles exist in the data haystack – but do little to understand how the pins, needles, and other sharp objects move within and across haystacks in order to determine how to best define policies and procedures to manage information risk and enhance control.

  5. Cloud: It appears that much of the interest in the application of eDiscovery analytics to IG is due to failed enterprise content management implementations. Information life cycle management was a good idea, but ultimately failed because of poor user acceptance and on-premise technology design that became too expensive and complex to manage as data grew. Hence, the appeal of cloud-based information repositories that take advantage of shared resources and scale-on-demand benefits that are not attainable behind the firewall. To date, it does not appear that any leading eDiscovery analytics tool has been designed for the cloud (which is significantly different from simply offering a hosted version of the same on-premise technology through a service provider). Consequently, companies must deploy more servers requiring more storage and IT overhead – which appears to be a repeat of same failures of the 1990s. This will no doubt change – but evidence of leadership on this front is still scant.


eDiscovery and Information Governance will continue to become more tightly intertwined over time as more companies realize that the ‘keep everything forever’ strategy is not sustainable. Focus is beginning to shift from optimizing review efficiency to enhancing insight into data repositories so that value can be separated from junk earlier. But you should take care in ensuring that your short-term IG risk reduction goals can be delivered with the capabilities offered today by the eDiscovery tool providers.


December 16, 2013

FFIEC Raises the Bar on Social Media and Regulatory Compliance

On Wednesday, the Federal Financial Institutions Examination Council (FFIEC) issued its long awaited guidance "Social Media:  Consumer Compliance Risk Management Guidance", covering the use of social media within financial services. The guidance applies to banks and nearly every other financial entity that fall under the regulatory umbrellas of the Office of the Comptroller of the Currency (OCC), FDIC, NCUA, and Consumer Financial Protection Bureau (CFPB).

While the guidance imposes no new obligations upon firms, it does a very thorough job of highlighting the plethora of existing regulations whose rules should be considered in assessing the risks of using social media for firm business. Amongst these include:

Applying to Deposit and Lending:

  • Truth in Savings Act/Regulation DD
  • Fair Lending Laws: Equal Credit Opportunity
  • Fair Housing Act
  • Truth in Lending Act/Regulation Z
  • Real Estate Settlement Procedures Act
  • Fair Debt Collection Practices Act
  • FTC Section 5 on Unfair, Deceptive, or Abusive Acts
  • FDIC requirements on Deposit Insurance

Applying to Payment Systems:

  • Electronic Fund Transfer Act
  • Check Transactions rules

Applying to Data Privacy:

  • Children's Online Privacy Protection Act
  • CAN-SPAM Act
  • Gramm-Leach Bliley Act (GLBA)

On the GLBA point, the FFIEC noted specific relevance when social media has been integrated into the over-all customer experience. In this case, firms should clearly disclose the use of social media within its privacy policies as required under GLBA.

Most importantly, the ruling outlines the compliance, operational, and reputational risks associated within social media, and encourages the use of risk management programs to assess the potential exposure to the firm. Components of this program should include:

  • Design with participation from stakeholders from compliance, technology, information security, legal, human resources, and marketing,
  • A governance structure with clear roles and responsibilities
  • Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws and regulations
  • A risk management process for selecting and managing third-party relationships in connection with social media
  • An employee training program that incorporates the institution's policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party
  • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws and regulations, and incorporation of guidance as appropriate
  • Periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

The net effect of the FFIEC should be to encourage firms to think holistically about social media as an integrated component of its information risk management strategy. As a component of this strategy, firms should also evaluate available technologies that allow for the proactive capture and secure storage of social media content - as is provided today for email, instant messages and other mature communication technologies.

The business use of social media is undeniable - and the FFIEC guidelines clearly demonstrate that regulated firms should take proactive steps now to ensure issues with existing regulations are avoided.

November 25, 2013

Social Media and Compliance: Salesforce Chatter

We just returned from the Financial Services track at Dreamforce, where many speakers  touched on the topic of Archiving for Chatter – and its potential regulatory implications.  This led to many interesting discussions at our booth, with some of the common themes and conclusions summarized here.

  1. The most frequently asked question/comment: “We would like to enable Salesforce Chatter, but our compliance team is concerned about the implications. What can we do?” Not surprisingly, many of the Dreamforce attendees we talked to had recognized the business value of leveraging their investment in SFDC to drive collaboration and productivity via Chatter (or, perhaps, are being pressured by SF users to enable this feature). The reasons are clear within financial services: enabling better customer service, improving communication flow with independent agents, and in sharing account information with peers. But, simply turning that feature on led many into conversations about internal policies pertaining to social media, supervisory obligations addressed under FINRA’s 11-39 guidance on social media, and storage requirements within financial services outlined by SEC 17a3-4. Conclusions: 1) Chatter is easy to enable? Yes. 2) Opening a new collaboration channel within financial services raises regulatory compliance questions? UNEQUIVALLY YES.
  2. Compliance teams are becoming more active in decisions regarding use of Chatter. Again, not surprising, as firms have become accustomed to since FINRA 11-39 in 2011, and as more have acknowledged the futility of blocking social channels including LinkedIn and Twitter. Today, this involvement is moving beyond the yes/no of enabling access toward the issues of social media policy refinement, in determining what specific social media channels can be utilized, which features within those channels are usable by investment professionals whose actions are regulated under FINRA and NASD rules, and how firms intend to monitor, supervise and report on those activities. Simply turning on the capability is the starting point – looking at how you may enable selective access to those users whose activities need to be archived and reported is where many companies appear headed.
  3. Salesforce Communities creates additional risk. As firms iron out plans to enable Salesforce Communities, it’s important to consider regulatory compliance as part of the discussion. Salesforce Communities enables firms to expose parts of their Salesforce environment to the outside world; creating a collaboration portal for customers, vendors or partners. The Chatter feed is an integral component of Communities and, without Chatter, the benefits of enabling Communities diminish. Similar to “internal” Chatter communications, it’s important to ensure that your archiving solution supports the capture of Chatter content that is authored within Communities as well. Moreover, if your firm creates multiple Communities, your archiving solution should be able to capture Chatter content only from the Communities that you specify, thereby eliminating unnecessary noise from your archive.
  4. Archiving of social media goes beyond basic storage. For many, envisioned processes  for manual collection and basic store/retrieve Chatter content would be - in most cases – woefully inadequate. SEC Rule 17a3-4 in particular contains a number of specific provisions about information storage locations being “WORM-like” and actively managed to ensure information retains its integrity. Simply moving captured Chatter content to a network storage location – or copying to DVDs and sending to giant records warehouses via couriers in small vehicles – may not be meeting the risk profiles of your compliance executives.
  5. Firms are seeking leverage across other information sources.  Enabling the capture and archival of Chatter content is not unique discussion. Firms have already been through this with email. But, firms are reluctant to deploy yet another single-purpose repository to manage that information. In fact, most of the attendees we talked to are seeking to aggregate Chatter with other captured social media content – and leverage their existing processes and technology in place that is used for email. This leverage brings familiarity and comfort to compliance teams – and higher likelihood that SFDC teams can roll-out Chatter faster  with fewer compliance obstacles.

Proofpoint, with its Archiver for Chatter solution, can help organizations address these challenges, with a proven track record of capturing and managing content for many leading financial institutions that need to adhere to SEC, FINRA, and other emerging regulatory requirements. For more information about our Social Platform for Archiving solution, please visit



October 09, 2013

Free RSA® Security Expo 2014 Passes, Courtesy of Proofpoint: Use Code SC4PROOFB


It might seem like the far future, but RSA Conference 2014 is only a few months away and registration is now open!

Proofpoint will be exhibiting at the RSA Conference 2014, to be held February 24 thru February 28, 2014 at Moscone Center in San Francisco.

If you'd like to attend the RSA Conference 2014 expo (exhibits), you can get a free exhibits-only pass (which RSA calls an "Expo Pass") courtesy of Proofpoint by using code SC4PROOFB or EC4PROOFE when you register.

To register for your free RSA exhibits pass, please visit the following URL and enter code SC4PROOFB during the registration process:

Proofpoint will be at RSA 2014 in a big way, with booths in both the South (booths #1527 and #520) and North halls (booth #3615).  Since you won't be able to miss us, we fully expect you to stop by, meet the friendly Proofpoint staff, and take a moment to learn about our latest cloud-based solutions for threat management (including email security and targeted attack protection), compliance (data loss prevention, email encryption), enterprise information archiving & governance, and secure communications.

I also expect we'll be doing our traditional information security survey and we'd love to have you take a few minutes to participate. (If you're interested in the findings from the 2013 survey, you can find them here:

See you in San Francisco next February!

RSAC 2014 Briefing Center invite - fixed - Proofpoint

July 10, 2012

Mobile Privacy Standards to be Discussed this Week

Increase-in-use-of-smartphones-making-their-security-more-vulnerable_16000464_800778764_0_0_14000264_300In this digital age, our smartphones tend to know more information about us than say, our great Aunt Suzie. From your name and location to the interests of you and your closest friends; all of this information is readily available to advertisers and marketers the moment you accept the terms and agreements of certain mobile applications.

The accessibility of such data has sparked a continued dispute between consumer groups and online marketing firms over the access of user information via mobile applications.

On July 12, the National Telecommunications and Information Administration (NTIA) will host the first of several meetings in an effort to develop new codes of conduct for handling private consumer data on the internet and on mobile networks. The meeting will focus primarily on mobile application security and provide a chance for industry stakeholders to voice their concerns regarding access to private consumer data.

The upcoming meetings stem from a Consumer Privacy Bill of Rights released by the Obama Administration in February of this year. Instead of calling for new privacy standards, Obama’s Bill of Rights calls for a multi-stakeholder process to develop general rules and regulations. The process has generated skepticism about whether this system will incorporate the desires of all publics fairly, most importantly the consumers.

The start of the NTIA meetings could not come soon enough. Recent episodes of mobile applications illegally downloading user information has heightened the need for defined mobile privacy standards. The issue of mobile security now goes beyond simply the applications to also include the advertisements shown within them.

As we watch to see if an outcome can be achieved at the NTIA meetings, it will be interesting to see how these standards will reflect on the corporate side of the equation. Right now, companies must decide for themselves which security features to implement for their employees. This increasingly means creating mobile security applications that encrypt, archive, and protect company data on an employee's smartphone will likely become a corporate necessity.


Blog Search

Email Security Gateways, 2012

Magic Quadrant


What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption