Articles about Compliance

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

Feature "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS. Find that machine, open the command prompt and pretend to do something important. "I'll be watching you." Gatford instructed your reporter to visit the burger barn because he …
Darren Pauli, 08 Dec 2016
EU egg timer, photo via Shutterstock

In EU, Veritas: Post-Symantec firm flogs data protection 'safety' to biz

Veritas has announced a major release of NetBackup, v8.0, and says it's ready to help businesses respond to the 2017 EU General Data Protection Regulations. The firm has been spun out of Symantec, energised under new ownership and management to develop and sell its products into today's heterogeneous and hybrid on-premises/ …
Chris Mellor, 05 Dec 2016

Brexit means Brexit: What the heck does that mean...

Apparently the Brexit result has caused some IT leaders to look at repatriating data to the UK to “comply with data protection laws and especially GDPR”. But wait a minute – this seems to be more about a lack of understanding of data protection laws. Again. Earlier this year I wrote about emotional knee-jerk reactionism being …
Frank Jennings, 02 Dec 2016

AWS CTO: 'I truly hated the relationship with software tool vendors'

AWS re:Invent Amazon Web Services turned its focus to developers in day two of its re:Invent conference in Las Vegas, kicking out a handful of new features designed to make life easier for those who develop and maintain cloud applications. CTO Werner Vogels said that the features, ranging from new analysis utilities to storage management …
Shaun Nichols, 01 Dec 2016
ISIS fighters

Still too much discretion when it comes to that 'terrorism' stuff, repeats David Anderson QC

There is still too much discretion in what the State is talking about when discussing terrorism, according to the outgoing independent reviewer of terrorism legislation. Seeking to limit the growth of public suspicion regarding the State's increasing investigatory powers, it is still necessary to establish a proper definition …
Man shouting the news from a rolled up newspaper

HPE: We're 'opening floodgates' for Synergy orders... a year after launch

Hewlett Packard Enteprise's composable infrastructure is going into mainstream distribution in January, a year after the covers were first lifted off the machine – with some added fluffy white stuff and hyper-converged extensions. Synergy was made public at HPE's Discover event in London in December 2015. It offers IT bosses a …
Paul Kunert, 29 Nov 2016
Lord_Of_the_Rings_ring

Scality reinvents the RING, adds extra Amazon S3 polish

If you're in the object storage game, you'd better ensure your kit has Amazon S3 functionality and security. Storage software flogger Scality is no fool and says it has improved both with its latest RING 6.4 version. Giorgio Regni, CTO at Scality, claims: "We designed Scality RING 6.4 to be the most secure object storage ever …
Chris Mellor, 29 Nov 2016
handcuffs

No super-kinky web smut please, we're British

Film censors in the United Kingdom will be able to ban Brits from accessing websites that stream especially kinky X-rated videos, if a proposed change in the law gets up. The Digital Economy bill, which is due to penetrate the statute books in early 2017, is set to include a provision that will allow the British Board of Film …
Iain Thomson, 24 Nov 2016

Twitter to crack down on spies wielding its APIs

Twitter will begin clamping down on unauthorised police surveillance of its users. Data and enterprise executive Chris Moody (@chrismoodycom) did not specify the action Twitter would take against developers who use its APIs for commercial spying services, other than saying it would crack down "soon". Moody's warning comes in …
Darren Pauli, 24 Nov 2016
shutterstock_213172012

Contracts trading personal data for digital content: Rights to remedy, redress required

Opinion Consumers should not have had to actively provide their personal data in return for digital content to be supplied to them to benefit from consumer protection rights relating to the supply of that content, a committee of MEPs has said. A new directive on contracts for the supply of digital content was proposed by the European …
OUT-LAW.COM, 18 Nov 2016
Google  security engineer Darren Bilby. Image: Darren Pauli, The Register.

Antivirus tools are a useless box-ticking exercise says Google security chap

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks …
Darren Pauli, 17 Nov 2016

Commish urges UK.gov to mean it when it talks about transparency

If the government wants to be transparent then it ought to make transparency a statutory requirement for its CCTV-wielding authorities, according to the Surveillance Camera Commissioner (SCC). The third annual report (PDF) of the incumbent SCC, Tony Porter, was laid before Parliament this morning. Among its polite …
whitehall_648

UK.gov has 18,000 IT contractors on its books due to dearth of skills

The government currently employs 18,000 digital contractors and 12,000 "in-house" tech folk, according to a leaked draft outline of the Government Digital Transformation Strategy seen by The Register. A lack of digital skills in government has repeatedly been named as the main obstacle against digital transformation. Billions …
Kat Hall, 14 Nov 2016
Office war photo via Shutterstock

Slacker or Team playa? Microsoft's Mr Business takes on messaging's corporate raider

The early days of the internet provided ways to chat, bicker and "collaborate" with others in the world, and decades later we're still working on making that experience better. IRC (Internet Relay Chat) ruled the roost for many years but never really found a place in the enterprise world. It isn't complicated to use yet …
Adam Fowler, 11 Nov 2016

Facebook 'fesses up to WhatsApp privacy blunder in UK

Facebook has “agreed to pause using data from UK WhatsApp users for advertisements or product improvement purposes” after a previously-announced probe by the Information Commissioner’s Office. UK information commissioner Elizabeth Denham writes that eight weeks ago she kicked off an investigation into WhatsApp, because “I don’ …
Simon Sharwood, 08 Nov 2016

Web security still outstandingly mediocre, experts report

Black Hat EU Cross-site scripting (XSS) vulnerabilities continue to dominate the list of most common vulnerabilities found in real-world tests. In more than a third (37 per cent) of cases, a website vulnerable to XSS is also vulnerable to a more critical flaw such as SQL injection or improper access control, according to web security …
John Leyden, 07 Nov 2016

Think GitHub and Git but for data – and you've got FlockerHub and fli

Flocker is a mouthful. It's an open-source container data volume orchestrator, which means it helps migrate data when containers shift hosts. It makes data volumes portable within clusters. Two years into its life, it's spawned a hosted service called FlockerHub. Its creator, ClusterHQ, describes it and its command line …
Thomas Claburn, 03 Nov 2016
cable

Salesforce backup = Druva

Druva has added Salesforce data backup to its cloud-to-cloud backup portfolio. Salesforce users can use Druva inSync to protect their Salesforce data against loss, and be okay with legal holds and compliance monitoring of that data. They get time-indexed snapshots, direct access and visibility of Salesforce data down to the …
Chris Mellor, 03 Nov 2016
man in suit clutches briefcase full of cash. Photo by Shutterstock

HMRC to create new compliance team focused on 'gig economy' workers

A new compliance team which will address the "risks" associated with the changing nature of employment is to be established within HM Revenue and Customs (HMRC). Financial secretary to the Treasury Jane Ellison confirmed the measure in a letter to Frank Field, the Labour MP who chairs the House of Commons Work and Pensions …
OUT-LAW.COM, 27 Oct 2016
Bob_Hammer

Hammer hopes to nail software-defined future for Commvault

Commvault has software-defined storage and business process automation in its future, as it announces a $600,000 net loss on revenues of $156.3m in its latest quarter. The firm is hoping this sets it up for a sustained turnaround. This was the second quarter in its fiscal 2017, and it ended on September 30. The revenues were …
Chris Mellor, 26 Oct 2016
Security guard watches footage from hundreds of camera. Photo by Shutterstock

Surveillance by consent: Commissioner launches CCTV strategy for England and Wales

“There is a gap between what exists and what should exist,” according to the UK's commissioner responsible for ensuring that surveillance cameras are protecting members of the public, rather than spying on them. Tony Porter, who sees that public authorities follow the government's rules on operating surveillance cameras, on …
Privacy image

Gartner's seers pass judgement on storage industry leaders

Gartner has published a distributed file systems and object storage magic quadrant with the top three suppliers being Dell EMC, followed by IBM and Scality. The research consultancy defines distributed file systems and object storage as "software and hardware solutions that offer object and/or scale-out file technology to …
Chris Mellor, 21 Oct 2016
Sanjay Mirchandani at PuppetConf 2016

Puppet shows its hand: All your software is belong to us

Special report In an episode of Seinfeld from 1996, George is shocked when he discovers his former boss, Mr Wilhelm, has joined a cult, the Sunshine Carpet Cleaners. “Most of the world is carpeted,” Wilhelm intones, vacuum in hand. “And one day, we will do the cleaning.” In sunny San Diego, California, on Thursday, executives from Puppet, …
Thomas Claburn, 21 Oct 2016
Screengrab of a control room in new Royal Navy aircraft carrier. One of the screens sports unmistakable Windows XP desktop

Britain's fight to get its F-35 aircraft carriers operational turns legal

An earth-shaking blow has been struck in the never-ending battle to get Britain’s F-35 fighter jets and the Queen Elizabeth class aircraft carriers to sea: Whitehall has asked the Americans for legal help. Rather than getting help on kicking contractors’ backsides into gear so Britain actually has enough jets to send HMS Queen …
Gareth Corfield, 20 Oct 2016
Comically sad tearful man doing fake-looking wail of despair. Photo by Shutterstock

Data Domain explodes into floods of cloud tiers

Dell EMC has extended its data protection products with more scalable Data Domain software, Azure support by Networker and extended cloud tiering. We're told Data Domain's deduplicating backup software is now available on Dell's PowerEdge servers. But it was before. What's different? It is now qualified in reference …
Chris Mellor, 19 Oct 2016
Goofy

EMC Dell deal: ECS object store gets new server, storage hardware

Dell DMC has updated its ECS object storage product, adding support for PowerEdge servers, bigger disks, and claiming a 60 per cent cost advantage over public cloud alternatives like Amazon. The company claims that, with ECS, business can embrace cloud-native applications also optimise their existing, traditional IT …
Chris Mellor, 19 Oct 2016
Bank vault

It's good to talk, UK banks told after massaging cyberattack figures

Top techies at British banks are being encouraged to share information about cyberattacks following revelations that the financial sector is under-reporting breaches to regulators. According to the UK's Financial Conduct Authority, only five attacks were reported in 2014, a figure that has soared to 75 so far this year. But …
John Leyden, 18 Oct 2016
casino_security_648

In 2020, biz will chuck $100bn+ at protecting itself online

Security spending is predicted to grow from $73.7bn in 2016 to $101.6bn in 2020, according to analysts. This compound annual growth rate of 8.3 per cent, more than twice the rate of overall IT spending growth, will be increased security spending in healthcare as well as continued strong demand in banking and government. The …
John Leyden, 14 Oct 2016
Mist and condensation, image via Shutterstock

Big Mickey Dell is wrong: Cloud ain't going to eat all of IT

Storage architect Public cloud will not consume all of IT. At least that’s what Michael Dell is claiming. In his opinion, cloud will become just another form of computing and a choice will be made by users to do cloud on-premises or rent from a cloud provider. Bearing in mind Dell is in the hardware business, we can hardly expect a comment …
Chris Evans, 12 Oct 2016

Twitter yanks data feeding tube out of police surveillance biz

Updated Twitter has suspended its commercial relationship with a company called Geofeedia – which provides social media data to law enforcement agencies so that they can identify potential miscreants. The social media company announced the change through its Policy account on Tuesday morning following the publication of a report by …
Thomas Claburn, 11 Oct 2016
The box atop a wooden pallet

Inside the Box thinking: People want software for the public cloud

Analysis On-premises file sync and share and collaboration is yesterday's story. The future is the public cloud with dedicated software service suppliers, like Box. File sync, share and collaboration is not a feature, but a product, best expressed as a service (SaaS) through Box's three data centres and the public cloud, and not …
Chris Mellor, 10 Oct 2016

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

After being pinged by Mozilla for issuing backdated SHA-1 certificates, Chinese certificate authority WoSign's owner has put the cleaners through the management of WoSign and StartCom. Mozilla put WoSign and StartCom on notice at the end of September. As part of its response, the company has posted around 200,000 certificates …
cloud

Secure cloud doesn’t always mean your stuff in it is secure too

IPExpo “Picking a secure cloud partner is not as trivial as it may seem. Don't assume that because the cloud is secure, your business within the cloud is secure,” Unisys’ chief trust officer Tom Patterson said today. Alongside Patterson and giving a joint keynote speech about lowering costs and risks in the cloud this morning was AWS …
Gareth Corfield, 06 Oct 2016

What's not to love about IoT – you can spy on customers as they arrive

IPExpo Siloed databases will be the downfall of your Internet of Things venture, warned Avaya’s chief technologist Jean Turgeon on stage at IPExpo Europe today. Turgeon’s talk, titled IoT: Forget the hype, this is reality, didn’t really live up to the promise of its name, though he did make a few good points in amongst the subtle …
Gareth Corfield, 05 Oct 2016
a chart

Drop, no, wait, deploy Anchore: Security code plunges into containers

Schrödinger's cat, as described in a famous thought experiment formulated to explain the indeterminacy of quantum states, sits in a steel box, at once alive and dead. It's conceit that depends on the opacity of the box. Such blindness is anathema in the information technology industry, where compliance rules demand knowing …
Thomas Claburn, 05 Oct 2016
Virtual servers

HPE, Samsung take clouds to carriers

HPE and Samsung are getting together to give carriers a shove towards a more cloudy future. The two companies have announced a tie-up with a focus on network function virtualisation (NFV) and virtual network functions (VNF). The two are part of a whole, but subtly different: NFV refers to taking carrier-grade applications ( …
Man on bicycle talks on mobile on busy Brussels street. Photo by Alredo Cerra via Shutterstock

ICO boss calls for EU-style data protection rules post-Brexit

The UK’s new information commissioner reckons that a post-Brexit Britain should adopt data protection laws similar to those of, er... the EU. Elizabeth Denham made the comments during her first speech (transcript here) as UK information Commissioner at an event in London last week. Denham said the EU’s General Data Protection …
John Leyden, 03 Oct 2016
Watson Power7 cluster. Pic: IBM

Regulatory compliance problems? Promontory, my dear Watson

Never mind cancer research or climate change: IBM is finally bringing its Watson AI technology to bear on one of the real challenges still facing human civilisation – regulatory compliance. Big Blue has announced plans to snarf up Promontory Financial Group, a risk management and regulatory compliance consultancy, and combine …
Dan Robinson, 03 Oct 2016
Watson Power7 cluster. Pic: IBM

IBM gobbles up Promontory

Seeking yet another market to wedge its Watson analytics system into, IBM has acquired compliance specialist Promontory Financial Group. Big Blue says it will be integrating Watson with Promontory's risk management and compliance consulting services in hopes of creating a system that can proactively seek out and alert …
Shaun Nichols, 30 Sep 2016
Robot drives a car. Conceptual illustration from Shutterstock

Upstart bags $2.5m to help put the brakes on self-driving car hackers

Israeli car security startup Karamba Security has banked $2.5m in fresh investment, which it plans to use to extend its technology to autonomous vehicles. The tech will be geared towards protecting engine control units (ECUs) in robot cars from hackers and malware infections. Miscreants typically infiltrate a vehicle by first …
John Leyden, 30 Sep 2016
Crown courtroom. Pic: Shutterstock

Ex-army sergeant pleads guilty to using private browsing mode

A disgraced former Territorial Army sergeant convicted of making indecent images of children has pleaded guilty to using private browsing mode on his iPhone and iPad. Paul Martin McGarrity, a 56-year-old of Mirabel House, Wandsworth Bridge Road, Fulham, appeared at Hammersmith Magistrates’ Court this morning to be sentenced, …
Gareth Corfield, 30 Sep 2016

NHS trusts ‘complacent’ on cloud app security risks

Almost half of NHS Trusts make no attempt to monitor cloud app usage, according to the results of a Freedom of Information request. The same FOI by cloud security firm Netskope also revealed that fewer than one-fifth of NHS Trusts have visibility into all cloud app use, leaving sensitive data vulnerable to both risky apps and …
John Leyden, 30 Sep 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

VESK coughs up £18k in ransomware attack

Exclusive Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week. VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am. This virus was a new strain of the Samas DR ransomware, …
Kat Hall, 29 Sep 2016

Google, Dropbox the latest US tech giants to sign up to the Privacy Shield

Internet giant Google has signed up to the Privacy Shield, a framework designed to facilitate the transfer of personal data between the EU and US by businesses. Data storage and software provider Dropbox has also self-certified under the Privacy Shield. The companies are the latest major US technology businesses to sign up to …
OUT-LAW.COM, 28 Sep 2016

Microsoft hails pointless Privacy Shield status for its cloud services

Microsoft has issued a missive congratulating itself as the first global cloud service provider to get with the new EU Privacy Shield Framework agreed with the US, which must mean your data is safe in its hands, right? Sadly, the Privacy Shield Framework, like the Safe Harbor agreement that preceded it, relies on US companies …
Dan Robinson, 28 Sep 2016
Destry_rides_again_DO_NOT_USE

Violin hunts for elusive key to regrowth

Analysis The elusive hunt for renewal and regrowth at Violin Memory has moved into a new phase – with a product launch holding up sales, sales leadership change, and the CEO focusing on finding funding for the future. Violin has cleverly managed to avoid falling off a cliff despite falling sales revenues and investor despair. It …
Chris Mellor, 26 Sep 2016
Paul Winchell and dummy

Turnbull's Transformers delete GitHub repo for federated ID project

What is going on at the Digital Transformation Office (DTO)? When The Register reported our concerns with the DTO's federated identity project, we asked the DTO's media office for responses and received none. The DTO isn't responding to the Australian Privacy Foundation's concerns with the project, the APF claims. It has, …
Red Hard Hat photo via Shutterstock

Big biz happy to whip out credit cards for pay-as-you-go – Red Hat

Analysis Linux and open-source cloud supremo Red Hat is looking at adapting its licensing to please enterprise customers who want greater flexibility in the way they pay for software and services, including a possible pay-as-you-go model. The move was mooted by chief executive Jim Whitehurst during a conference call for Red Hat’s Q2 …
Dan Robinson, 22 Sep 2016
A cursor hovers over a Run/Save/Cancel dialog menu.

Are you sure you want to outsource IT? Yes/No. Check this box to accept Ts&Cs

Migrating to an outsourced IT service including cloud is a great opportunity to outsource responsibility for IT and employees while simultaneously increasing efficiency and decreasing cost. At least, that’s the theory. The reality can be a lot more sobering. The SSP outage should serve as a reminder that while cloud can be …
Frank Jennings, 21 Sep 2016

Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett. The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations …
John Leyden, 21 Sep 2016