Resource

SysCloud Release Notes – Q1, 2017

FERPA, CIPA & HIPAA Compliance Guide

You might’ve heard acronyms like CIPA, HIPAA and FERPA – but what do they mean? They’re different types of compliance regulations that organisations must follow to make sure that student and staff personal data is safe and confidential.  

Insider Threats: A Guide to your Cloud Apps Security

Introduction Cloud Applications like Google Apps, Salesforce, Box, and Microsoft Office 365 are making productivity and collaboration easier and more effective without the need for big upfront investments in infrastructure and resources. Furthermore, these Cloud Apps are highly secure and have multiple levels of redundancy which are always on and safe. For organizations using Cloud Apps, the only threats remaining are from insiders i.e their own users. Why? There are 2 main reasons: Attackers do not get in by penetrating or breaking down network firewalls but via weak trusting employees e.g. phishing. Some employees (users) may indulge in activities which are damaging to the organization. Insider Threats and their Impact on Businesses Data breaches, when reported in the media, cause irreparable damage to the business involved in terms of reputation and customer’s trust. Additionally, legal obligations may mandate public disclosure of such a leak. Furthermore, the breached data may be…

Read more

Syscloud Drive Encryption

How Compliance to PCI Can Be Achieved in Google Apps

What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help What is PCI compliance? PCI compliance refers to a set of security standards created by the payment card industry (PCI) for organizations that handle payments from the major credit card companies, including VISA, Mastercard, American Express, Discover, and JCB.  The PCI Data Security Standard (PCI DSS) was created by the PCI Data Security Council, an organization established by the major credit card companies themselves in 2006 but which operates independently of these companies.  The purpose of the PCI DSS is to prevent data loss and credit card fraud that could result from leaked data. Critical Requirements of PCI As currently configured, the PCI DSS includes six so-called “control objectives”, which are implemented through one, two, or three specific…

Read more

Export Reports

How Compliance to PCI Can Be Achieved in Google Apps

Topics covered What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help What is PCI compliance? The PCI Data Security Standard (PCI DSS) was created by the PCI Data Security Council, an organization established by the major credit card companies (VISA, Mastercard, American Express, Discover, and JCB) in 2006 but which operates independently of these companies. PCI DSS provides the baseline technical and operational requirements which are designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Depending upon the volume of transactions processed by organizations, either they are required to: Undergo evaluation by a QSA…

Read more

Top 3 critical security mistakes when configuring a Google Apps domain

When the wrong users can access sensitive files, one unhappy worker or spear phishing attack could lead to a breach. Also, lost or stolen phones become disastrous when the phone has access to critical data. Google Apps domain management offers granular controls for enterprise data security, but too many admins rely on default settings. Refining your domain configuration will help you prevent these three Google Apps security oversights. 1. Not Harnessing the Power of Organizational Units With organizational units, you can restrict Apps access and limit functions like mobile device access and remote Gmail access. Instead of creating organizations first and then assigning people, let user requirements dictate which organizations you create: Start with a master list. List each person’s name, job title, the Apps they must access based on job title and each person’s authority level. Group similar personnel into organizations. Create organizations in a way that makes sense…

Read more

Top 2 Threats Facing Organization’s Cloud / SaaS Data

It is not about protection from data loss or leaks from Google itself, it’s about the end user errors. If a user deletes or exposes a key file from Google Drive accidentally or on purpose, and there is no backup or cloud security to recover files, that could be a disaster for the reputation of the firm and irrecoverable loss of revenue.

SOX Compliance in Google Apps

Topics covered What is SOX compliance? Importance of Compliance to SOX Can companies requiring SOX compliance use Google Apps? SOX compliance failures in the news Five requirements of SOX that are easier to comply with using Google Apps What is SOX compliance? SOX refers to Sarbanes-Oxley Act of 2002, which established a broad set of new corporate accounting and accountability laws, primarily in response to a series of financial debacles caused by purposely misleading accounting practices by large companies. The most famous example – which many people older than thirty years of age will remember – is the Enron scandal of 2001, in which the worlds largest energy company and the seventh largest company in the United States (Enron) was discovered to have hidden tens of billions of dollars in financial losses from investors. The revelation of this and many other fraudulent practices by corporations purposely meant to mislead the…

Read more