|
ESG Releases Market Report: SaaS-based E-mail Archiving Momentum Continues
March 9, 2010 - by Adam Bullock
From defining the necessity of e-mail archiving- answering the why and how- to explaining the advantage of a hosted solution to make the case for SaaS, Brian Babineau uses reporting data to analyze where the market is headed. Taking the information from current research, he addresses message archiving roadblocks companies are facing, and finally looks to the future of SaaS-based e-mail archiving.
Visit the Smarsh white paper resource center to download "Market Report: SaaS-based E-mail Archiving Momentum Continues" from the Enterprise Strategy Group.
Adam Bullock is the digital media specialist for Smarsh and veteran blogger. In previous stops in his professional career, Adam has spent time with an Internet marketing firm as a project manager as well as a leading domain name registrar.
Related Products:
You Need To Be Compliant With Massachusetts Data Protection Law 201 CMR 17.00 by March 1, 2010
February 24, 2010 - by Adam Bullock
 Taking the name of the law at face value, at first glance it would appear that 201 CMR 17.00, an update to the Massachusetts Data Protection law, would only apply to Bay Staters. It's vital to understand, then, that the law ( with a March 1, 2010 compliance deadline) applies to any business that owns or licenses personal information about a resident of Massachusetts.
Massachusetts 201 CMR 17.00 applies to any company that exchanges personal information of a Massachusetts resident.
This regulation establishes minimum standards to be met in connection with the safeguarding of personal information in both electronic and paper records. What classifies as personal information according to this law? A Massachusetts resident’s first name and last name, or first initial and last name, in combination with any one or more:
- Social security number;
- Driver’s license number;
- Financial account number or credit or debit card number with or without CVV2 code;
- State-issued identification card number.
The heart of this legislation is to put standards in place to protect the privacy of individuals. Companies are required to develop, implement and maintain a comprehensive information security program that contains technical and physical safeguards. Without running through the multiple stipulations ( you can read the legislation in .pdf form here), the computer system security requirements include "encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly."
The state suggests that violators of 201 CMR 17.00 could expect a fine of up to $5,000 for each breach as well as being forced to pay the victim's restitution. The compliance deadline for the Massachusetts data breach law is March 1, 2010. Do you have an encryption solution in place to transmit the personal information of Massachusetts residents?
Adam Bullock is the digital media specialist for Smarsh and veteran blogger. In previous stops in his professional career, Adam has spent time with an Internet marketing firm as a project manager as well as a leading domain name registrar.
Related Products:
Osterman Research Survey Confirms Client Satisfaction with Hosted Email Archiving
February 17, 2010 - by Adam Bullock
 An overarching theme from Osterman Research's Results of a Survey on SaaS-Based Archiving, sponsored by Smarsh, is that the satisfaction level among businesses using hosted email archiving is very high. The survey found that only 1.5% of respondents who currently use a hosted email archiving platform indicated that they would definitely or likely switch to an on-premise archiving solution during 2010.
Results illustrate that decision makers involved in SaaS deployments chose to go the SaaS route for a number of reasons. The top five reasons are:
- Functionality of the product/solution
- Meeting regulatory compliance obligations
- Legal obligations to preserve data (E-discovery)
- Managing email storage more efficiently
- Ongoing cost of the solution (operating expenditure vs. capital expenditure)
The survey also measures decision-makers’ satisfaction levels with their service/vendors in 14 different categories, and most SaaS vendors are meeting and exceeding the expectations of their customers. Categories cover a wide spectrum of topics, such as the overall value of the service/vendor, to the satisfaction of a vendor’s uptime, as well as the confidence in a vendor’s ability to meet emerging needs.
Adam Bullock is the digital media specialist for Smarsh and veteran blogger. In previous stops in his professional career, Adam has spent time with an Internet marketing firm as a project manager as well as a leading domain name registrar.
Related Products:
FINRA Tackles Social Media Compliance with FINRA Regulatory Notice 10-06
January 25, 2010 - by Adam Bullock
 The Financial Industry Regulatory Authority (FINRA) has issued guidance to securities firms and brokers regarding the use of social networking Web sites. The details are found within the FINRA Regulatory Notice 10-06, which addresses the recordkeeping, supervision and responsibility of firms' access and use of social networking websites like Facebook, Twitter and LinkedIn.
In the Notice, FINRA emphasizes that each firm must develop its own procedures and policies and mentions that some technology providers have systems that enable the ability to retain records of communication made through social networking sites. While FINRA does not endorse any particular technology, using this kind of system is critical for firms communicating via social media. FINRA states "every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications as required by Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110."
FINRA Regulatory Notice 10-06 works to clarify situations that may arise from the use of social networking websites. The notice goes into detail on how social media communication affects record-keeping, suitability and supervision requirements, and works to provide definition for elements unique to the medium. For example, if a customer or other third-party posts content on a social media site established by the firm or its personnel, does FINRA consider the third-party content to be the firm's communication with the public under Rule 2210? Generally no, but under certain circumstances they can become attributable to the firm. It depends on whether the firm has involved itself in the preparation of the content and explicitly or implicitly endorsed or approved the content. And while FINRA doesn't mandate monitoring of third-party posts, it does offer best practices on page 8 of the .pdf document.
Social media archiving from Smarsh gives securities firms and brokers the ability to be compliant with FINRA's guidance. Messages and "tweets" are preserved and indexed, and an audit trail captures data on every visual inspection. Customizable organization usage reports and evidence of supervision/policy enforcement can be produced on-demand in seconds.
Adam Bullock is the digital media specialist for Smarsh and veteran blogger. In previous stops in his professional career, Adam has spent time with an Internet marketing firm as a project manager as well as a leading domain name registrar.
Related Products:
Postcards on Encryption
Could you imagine putting your social security number on a postcard and dropping it in the mailbox? If you're working with customer information and not using any kind of email encryption, you can be legally responsible if those details are intercepted. Read about Smarsh's intuitive secure messaging solution, smarshEncrypt, and how it can make communication for your company easier and secure.
September 15, 2009 - by Adam Bullock
You may have heard that sending an email is like sending a message on a postcard that anyone can read while in-transit. As explained in Osterman Research's The Critical Need for Encrypted Email and File Transfer Solutions white paper, this doesn't even begin to describe the process accurately. During transmission, the email is copied to at least two servers, and oftentimes, many more than that.
And that's really the problem when it comes to transmitting sensitive information via email. Could you imagine putting your social security on a postcard and sending it off? Or your credit card number?
Would you trust putting your customer's financial details on a postcard and sending it? Horrifying, right?
And it's with that thought in mind that email encryption is so critical. When a smarshEncrypt message is sent, the receiver receives an invitation to securely access the message. The sender and receiver can can communicate confidentially in a completely private area.
(Protip: a pretty nifty trick is to use smarshEncrypt as a secure file-transfer system.)
As more people start to rely on email as their primary form of communication, laws and mandates are being enacted that have a direct influence on how sensitive content is handled. As stated in the same Osterman Research report, by the end of 2008, 44 U.S. states had enacted data breach notification laws. And with legislation like the Gramm-Leach-Bliley Act and Regulation S-P, if your company collects any kind of non-public consumer information, email encryption should be a priority at the top of your to-do list.
If you have any questions, would like to comment, or contact me directly, drop me an email at abullock[@]smarsh.com or follow me or the company on Twitter. Subscribe to the blog, too, using your favorite RSS reader or subscribing via email.
Adam Bullock is the digital media specialist for Smarsh and a veteran blogger. In previous stops in his professional career, Adam has spent time with an Internet marketing firm as a project manager as well as a leading domain name registrar. | 
Smarsh is hosting the recently-released white paper from the Enterprise Strategy Group titled "
View All Industry News
