Getting Help with PCI Compliance
August 5, 2010
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is required of any company accepting payment card transactions or storing payment card data. It is also rapidly becoming a defacto industry standard required of other businesses whose customers are concerned about information theft.
Launched to protect credit card information taken by merchants and ecommerce sites, PCI compliance is now showing up as a requirement in RFPs from corporations outsourcing data to SaaS/Cloud Computing companies.
For large transaction volumes or large data sets, an on-site audit by a certified Qualified Security Assessor (QSA) is usually required (learn more). Others can complete a Self Assessment Questionnaire, but may need the assistance of a QSA to accurately assess their situation and close any compliance gaps (learn more).
The costs of getting it wrong can be huge if your company suffers a data breach. Costs for PR, legal, IT forensics and damage to customer relationships can dwarf the costs of creating a secure data environment and processes.
We recommend getting help from a certified QSA even if you are not required to do so. They know the detailed requirements and alternate solutions to your gaps. While many security companies focus on large clients with large security budgets, boutique security firms such as Moyo Group can be of great value to midsize companies with modest budgets. Working with a QSA who also has IT architecture and operations experience will provide much more bang for your buck.
For further information or to arrange a free assessment, contact Marc Manuel at 408-550-8066, mmanuel@moyogroup.com.
Is your IP walking out the door when employees leave?
April 21, 2010
The CEO of an internet marketing company recently called me with an urgent concern. An employee defected to a competitor and he was suspicious about the theft of valuable intellectual property. The company has a large software development staff and has developed significant proprietary IP.
We checked email logs and discovered that a number of email messages with large attachments were sent by this employee just prior to giving notice. However, the employee had deleted the email messages just after sending them. By the time the system was backed up in the evening there was no record of the email details. The company was left without proof that IP was stolen, but it sure looked suspicious. It also became clear that employees knew how to cover their tracks and send information out of the company without getting caught.
It occurred to me that this must be happening all the time, especially now that employee turnover is rising with the recovering economy. What can companies do to protect themselves from this mis-use of IP?
We made the company aware of cost-effective solutions they could put in place quickly to address these concerns.
- Email archiving – copies of all messages are kept off site for an extended period – these are streamed to an archive, rather than just having a daily snapshot taken with the backup system.
- Data Leakage Protection – This is a low cost way to encrypt specified directories and prevent IP from being sent out via email, FTP, or memory sticks without explicit permission. An audit trail of all activity on these files is kept.
- Directory permissions – employees are given access to information on a need-to-know basis. Group directory policies are clear and automatically enforced by role.
- Security Policies
- Password policies – no security policy will work if passwords are shared between people freely or if they are easy to guess.
- Confidential information policies – employees need to know what is confidential and what the company expects. Lawyers often say that courts will not protect your rights if you have not taken reasonable efforts to do it yourself.
- IP tracking policies – All new and existing sensitive content is marked as such and subject to encryption and special tracking rules by the security system.
- Employee Communication – Employees are made aware of company policies and that measures have been put in place to prevent unauthorized copying or sending of IP. They also know that all activities related to these files are tracked, keeping honest people honest.
Management now knows that reasonable efforts have been put in place to safeguard their IP. They have peace of mind knowing that disgruntled employees are restricted from misusing company information and that employees cannot accidentally violate these policies.
If you’ve found interesting solutions to security concerns we’d love to hear from you. We are always looking for cost-effective solutions for our clients.
Congratulations to Cleantech Open Winners
January 11, 2010
As a sponsor for the Cleantech Open organization, Moyo Group congratulates the California category finalists and National Prize winner of the 2009 business competition. The following companies were honored at the annual awards gala at San Francisco’s Masonic Center. We look forward to their success and helping them on their way.
EcoFactor – National Prize Winner
SaaS application for managing residential energy consumption over the web. www.ecofactor.com
Micromidas – Air, Water and Waste Category
Conversion of biomass into biodegradable plastics. www.micromidas.com
Alphabet Energy – Energy Efficiency Category
Commercializing a disruptive, low-cost thermoelectric technology that captures wasted industrial energy and converts it into electricity.
www.alphabetenergy.com
tru2earth – Greeen Building Category
Manufacturing roofing materials made from recycled PET (water/soda bottle) plastic that are energy-efficient and cradle-to-cradle recyclable. www.tru2earth.com
Armageddon Energy – Renewables Category
Manufacturing a packaged retail residential rooftop solar energy system that is attractive, affordable, and easy to install.
www.armageddonenergy.com
FuelSaver Technologues – Transportation Category
Shape-changing technology that increases fuel efficiency in long-haul vehicles such as tractor-trailer trucks and buses.
www.fuelsavertechnologies.com
Trends in SaaS ERP
November 25, 2009
Just like biological evolution, the market for Enterprise Resource Planning (ERP) applications experiences long periods of slow change interspersed by abrupt radical changes. We’re now experiencing one of those tectonic shifts in offerings that give customers a completely new set of alternatives. This can appear as just a choice between software-as-a-service (SaaS) and traditional client-server applications, but there are more differences worth considering than just the pay-as-you go acquisition model.
Functionality – Finally! For years choosing a SaaS application meant making serious compromises on functionality. They simply weren’t complete yet compared to traditional client-server pacakges. This is now changing as new vendors are rapidly adding complete functionality that rivals the old stand-bys.
Modern Architecture Means Ease of Modification – Even some “SaaS” packages remain hard to modify, discouraging changes that make the application fit a specific business. Packages built on modern toolsets are now archtected in layers that allow you to customize the screens, reports and workflow easily (without a programmer) without paying a large penality in support costs downstream (think SF.com).
Deployment Options – Companies longed for SaaS to avoid the burden of upgrading and supporting applications and their IT infrastructure. Now they can be surprised at how difficult it is to get their data from some SaaS vendors when they want to leave. How about some flexibility? Some vendors are responding with the option to transition from one model to the other with no penalty. More
Performance – SaaS can mean slow performance that may work for an executive checking a dashboard, but doesn’t cut it for an accountant entering data. Modern toolsets allow vendors to build web based applications that respond quickly as a locally run program.
So, check out your new options if you are in the market for a new ERP system. You may have more favorable choices than you expect.
Surviving the Downturn – CEOs and CFOs are Invited to Hear Experts on Managing Through the Downturn
March 10, 2009
|
Date: Thursday, April 9th, 2009 Check-in / Breakfast: 7:30AM-8:00AM Event: 8:00-10:00 AM Event Location: SVB Financial Kellogg Auditorium Santa Clara, CA 95054 |
Surviving the Downturn
Practical Tips for Operating in the Recession
You are invited to an exclusive educational event covering the pressing issues affecting venture-funded companies in 2009. CEOs and CFOs are invited to hear experts on managing through the downturn.
Join us for the Fourth Annual Competition kick-off. Our Alumni showcase will be followed by presentations from Mayor Chuck Reed, Co-Chairs Marc Gottschalk and Michael Santullo, and Scott Sandell of New Enterprise Associates, one of the world’s largest investors in early stage clean technology. We will also be announcing the prize package for this year’s Regional Semifinalists and National Winners – our largest total prize package ever. Be the first to hear all the details.
Location:
San Jose City Hall Rotunda
200 East Santa Clara Street
San Jose, California
Instant IT: Flexible. Virtual. On-Demand.
March 5, 2009
Instant IT provides emerging companies with a complete, dedicated, multi-server IT system for an affordable, fixed monthly fee. Instant IT allows companies to have all the necessary components of a full IT infrastructure, without spending precious capital during the early months of business. Instant IT is hosted in an enterprise-class data center with redundant power and cooling, unlimited bandwidth, and support 24 hours a day, 7 days a week.
Virtual technology is now considered common practice in large enterprises and has been adopted by all of Fortune 100 companies. With Moyo Group’s VirtualIT, emerging companies can now lower IT costs dramatically and reduce the demand on IT staff.
Moyo Group has helped more than 500 organizations develop a solid IT infrastructure to support them through periods of rapid growth and changing business needs. Our infrastructure professionals specialize in the tools and technologies most relevant to emerging companies.
Security Services
March 5, 2009
Our security experts protect your systems around the clock
Emerging companies face the same threats as large corporations, but often lack in-house security expertise. Our approach to assessing vulnerabilities, implementing solutions and providing ongoing support delivers a secure infrastructure that is both risk-appropriate and affordable.
Subscribe by Email
Click here for our LinkedIn Company profile
Moyo Group Company Blog 