Spring World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 29, Issue 1

Full Contents Now Available!

Jon Seals

Innovative new functionality incorporated in Zylpha's acclaimed legal document bundling technology, slashes the time taken to prepare bundles. Of particular note is a new Email feature, which Zylpha (www.zylpha.com) believes is a first in the market. This ensures that relevant email messages can be effectively and easily recorded and managed within any of a practice's bundles. The ability to include email attachments along with the original emails is also incorporated. This is a major leap forward over the market status quo, where ineffective text-only email storage systems require the preparation of separate document files for each attachment. This greatly reduces the time taken to include significant quantities of emails and attachments within bundles.


Also included within the new Zylpha functionality is a Core Bundling feature. This makes it simple to add a document to a bundle's index without it physically being present in the bundle when produced. This enables the system to create both a core bundle and tailored bundles all from the same set of documents and with the same index and pagination. As the time previously taken to create numerous separate bundles is now eliminated, huge efficiencies and time-savings are possible.


In order to meet the highest practice compliance directives, documents can be excluded from the bundle but retain their original page number on the main index in the Core Bundle. To make it easy to identify which documents are excluded, users can choose how they want to indicate its exclusion by using either a symbol, a strike through or by greying them out. Users can also include informative text at the bottom of the index to explain why certain documents have been excluded from the Core Bundle for specific recipients.


The new functionality within Zylpha's Electronic Document Bundling System is also fully integrated within a range of leading Case Management Systems including: LexisNexis SolCase and Visualfiles, Microsoft Sharepoint, Worksite, Envision and more. There are also plans, in the near future, to deliver further integrations with leading Local Authority Case Management Systems.


Zylpha's CEO Tim Long is confident that new functionality could have a significant impact on the market for legal document bundling. In his view, "These new additions to our electronic document bundling functionality really are a significant step forward. The new email functionality completely outclasses anything else on the market. And instead of painstakingly producing numerous bundles for all the parties involved in a case, the new functionality enables a Core Bundle to be tailored without changing the pagination or indexing.


"In a world where legal cost reduction and innovation are trending, the new Core Bundling functionality ticks both boxes. Indeed, with the savings it will make in terms of time speed and cost, we expect our document bundling solution to continue to transform current working practices. And, from our current pre-launch discussions with partners and clients we are confident that demand will be high and we expect to be able to announce some high profile practice converts in the near future."


About Zylpha www.zylpha.com
Headquartered in Southampton Zylpha is an innovative specialist offering tools for the legal profession including:

  • Secure electronic document production and delivery.
  • Court Bundling.
  • Integration with the MOJ Portal.
  • Links to agencies for AML and Identity Verification.

The company, which was founded by Tim Long its CEO, has won widespread acclaim in both the legal and local government sectors for its systems that transform secure communications for court and case management bundles.

Over two thirds of IT professionals surveyed say they need to invest in new technologies or services to help prepare their business for the impact of GDPR



LONDON, UKIpswitch™ released the results of a European survey that polled 300 IT professionals* to see how their businesses were preparing for the new European Union (EU) General Data Protection Regulation (GDPR). The regulation is designed to unify and simplify data protection across 28 EU countries and includes severe penalties for non-compliance of up to two percent of a company’s annual global turnover. The GDPR draft has been passed by EU Parliament and is due to become law by the end of 2015. It is expected to impact any organisation which collects, stores, processes and shares personal data on employees, customers or partners.


The Burden of GDPR

Over two thirds (68 per cent) of IT professionals say that keeping up to date with changing data protection regulatory requirements is a financial burden on their business. British businesses feel most strongly about this (77 per cent), compared with 66 per cent in France and 61 per cent in Germany.


69 per cent of IT professionals believe they will need to invest in new technologies and services to help them prepare for the impact of GDPR. 62 per cent think they will need to invest in encryption technologies, 61 per cent in analytic and reporting technologies, 53 per cent plan to invest in perimeter security technologies and 42 per cent in file sharing technologies.


Over half (51 per cent) report that their business has already allocated training budget to help staff understand and comply with GDPR. However, just under a third (30 per cent) have not. Almost one fifth (19 per cent) have no idea whether training budget has been allocated. Businesses in France report the most instances of training budget having been allocated, (56 per cent), compared to 49 per cent in Germany and 48 per cent in the United Kingdom.


Exactly half of IT professionals also say they have allocated internal training resource to help staff understand and comply with the new regulation. However, almost one third, (32 per cent), have no internal resource allocated for this yet. The United Kingdom is the least prepared here, with 40 per cent having made no provision compared to their German (33 per cent) and French (24 per cent) counterparts.


Awareness of GDPR and Data Use

Whilst over two thirds (69 per cent) of IT professionals acknowledge that GDPR will impact their business, almost one fifth (18 per cent) still have no idea whether changes in the regulation will apply to them. This is despite confirming that they do store and process personal data.


These numbers are however an improvement on awareness of the regulation at this time last year, when a GDPR compliance survey conducted by Ipswitch revealed that more than half (56 per cent) of respondents could not accurately identify what ‘GDPR’ meant.

Overall, 90 per cent of those surveyed said that their businesses store personal data, 86 per cent process personal data and over a third (40 per cent) share data externally. 62 per cent of those that share personal data use email to do so. A quarter are using portable storage such as USBs or CDs, almost a quarter (22 per cent) use the postal system and 43 per cent use cloud based file sharing websites.


David Juitt, chief security architect at Ipswitch, commented, “It’s encouraging to see that there is far greater awareness of the changes than at this time last year. Just over half of businesses are starting to prepare with training courses for staff. However, whilst IT professionals recognise the need to align data protection regulation to keep up with modern data sharing practices and the globalisation of data, it is clear that compliance comes at a price for most. Whilst many are trying to prepare by organising training and assigning resource, there’s clearly a very large expectation of a need to invest in technologies including managed file transfer systems like Ipswitch MOVEit™ that meet stringent security and compliance requirements.”


The Ipswitch MOVEit™ managed file transfer system helps IT teams support GDPR requirements in the following ways:

Protecting Personally Identifiable Information (PII)

  • Support for secure open standard transfer protocols
  • End-to-end encryption, guaranteed delivery and non-repudiation
  • Automated file management policies

Managing PII

  • Automated file exchange
  • Managed ad hoc exchange
  • Policy based file access and data loss protection (DLP)

Managing System Exposure

  • High availability and disaster recovery
  • Monitoring and reporting for auditing and forensics
  • Trading partner provisioning and management

*The 2015 GDPR Ipswitch survey was conducted by technology research firm Vanson Bourne during July 2015 and polled 300 IT professionals. Survey responses include 100 responses from the UK, 100 responses from France, and 100 responses from Germany.


About Ipswitch

Ipswitch helps solve complex IT problems with simple solutions. The company’s software is trusted by millions of people worldwide to monitor networks, applications and servers, and transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America. For more information, visit www.ipswitch.com.

Ipswitch and MOVEit are registered trademarks of Ipswitch, Inc. in the U.S. and other countries. All other trademarks are the property of their respective owners.

WinMagic survey reveals businesses struggling to catch up to cloud storage revolution



  • 65% of employees don’t have or don’t know the company policy on cloud storage
  • 1 in 10 employees who use cloud storage services at least once a week have no confidence in the security of their data saved and accessed from the cloud
  • Cloud storage use varies widely - 41% use cloud services at least once a week, whilst 42% never use these services at all
  • 1 in 20 employees who use cloud services at least once a week, do so despite these services being restricted by their company


LONDON – UK companies are placing themselves at risk of cyberattacks and data breaches as a result of rampant use of cloud storage services and unclear or non-existent corporate policies according to research released today by WinMagic Inc. The survey, conducted by CensusWide, of 1,000 office workers in organisations of 50 or more employees revealed widespread, and often unilateral employee use of cloud storage services could be leaving businesses with poor visibility of where their data is stored, placing potentially confidential data at risk.


WinMagic, a leading full disk encryption software provider, revealed that over 41 percent of employees use cloud storage services at least once a week. Despite this widespread adoption by workers across the UK, just 35 percent of employees used a company sanctioned service, whilst 43 percent were unaware of their employer’s policy on the use of these services. In addition, of those that use cloud storage at least once a week, 1 in 10 have no confidence in the security of their data.


Darin Welfare, EMEA VP at WinMagic, said: “This survey highlights the challenge businesses face when managing data security in the cloud. IT teams have had to cede a level of control as employees have greater access to services outside corporate control and this research indicates that IT must take additional steps to protect and control company data in this new technology landscape. The wide range of employee adoption of these services also means an additional layer of complexity when devising corporate policies and education programmes for the use of cloud storage services.”


Employees are increasingly accessing work documents and services outside the office, particularly among regular users of cloud storage. The survey revealed 70 percent of employees who use cloud storage at least once a week will also use work equipment at home at least once a week, significantly higher than the UK average of 47 percent.


The WinMagic survey highlights a clear disparity between employee use of cloud services and company IT policy, which suggests that businesses must increase focus on devising clearer security policies and better staff training programmes in order to minimise the risk for the business.


Darin Welfare added: “One of the key steps that any organisation can take to mitigate the risk from the widespread use of unsanctioned cloud services is to ensure that all company data is encrypted before employees have the opportunity to upload to the cloud. In the eventuality that the cloud vendor does not adequately put in place control mechanisms and procedures to ensure security across their infrastructure, sensitive and valuable corporate data is still encrypted and cannot be accessed and understood beyond those who have the right to. This approach provides the company with the assurance that the IT team is in control of the key and management of all company data before any employees turn to cloud storage services.”


The survey also revealed:

  • Half (50%) of respondents use personal equipment to access work information and services at least once a week
  • 47 percent of employees use company-issued equipment at home at least once a week

Darin Welfare concluded: “This survey should serve as a wake-up call for IT teams to focus resources on crafting the stringent security policies, and employee education programmes that will help the business stay secure. It also indicates that this is not something that is only down to employee behaviour. Businesses need better training for all staff on the potential dangers of cloud services. Businesses must catch up with the employee cloud revolution or risk potentially catastrophic data loss.”



Research Methodology

The research was conducted by Censuswide, with 1,000 office workers in companies with 50+ employees aged 16+ between 20.08.15 - 24.08.15. Censuswide abide by and employ members of the Market Research Society which is based on the ESOMAR principles.


About WinMagic, Inc.

WinMagic provides intelligent key management for everything encryption, with robust, manageable and easy-to-use data security solutions.

WinMagic’s SecureDoc secures data wherever it is stored, providing enterprise grade data encryption and key management policies across all operating systems. SecureDoc is trusted by thousands of enterprises and government organizations worldwide to minimize business risks, meet privacy and regulatory compliance requirements, while protecting valuable information assets against unauthorised access.


For more information, please visit www.winmagic.com.

WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac and SecureDoc Central Database are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2015 WinMagic Inc. All rights reserved.

New Channel Partners Join Commtech in Offering Transporter Private Cloud File Sync and Share (FSS) Appliance to Business Customers Across UK and Ireland
SANTA CLARA, Calif. – Connected Data today announced further expansion across the European market, signing three new strategic channel partners: Blue Profile, NDC and Virtek. The new partners will provide Connected Data's Transporter for Business, private cloud file sync and share (FSS) appliances to their respective network of customers across the UK and Ireland.  Today's announcement comes fast on the heals of having recently announced its first new Value Added Distributor (VAD) in Europe, Commtech, just last month.
"We carefully select partners with proven capability in taking emerging technologies to market," said Russell Johnson, COO of Connected Data.  "These strategic partnerships continue to show our commitment to delivering private cloud file sync and share solutions across Europe, helping us to offer a secure alternative option to popular public cloud services."
Launched earlier this year, Transporter for Business appliances offers businesses a file sync and share (FSS) solution that is 100 percent private and secure, a feature that was singularly important across the varying sectors covered by the new resellers.
For Blue Profile, the IT infrastructure and security specialist, which provides solutions across a broad range of leading industries in the market, the issue was to find its customers a solution that gave them 100 percent control over data locality. 
Wayne Kenward, Director at Blue Profile commented, "Everyone has heard of Dropbox, but we wanted something innovative and different, we were looking for a more secure option that could guarantee security, data control and location control but still offer all of the major benefits of a public cloud solution.  Transporter for Business fits this need."
Virtek, which specializes in virtualization, cloud services and data storage for SMBs, has a strong customer base within the financial, legal, retail and gaming sectors. 
"These organizations need a high level of visibility over their data, as well as being able to remain compliant within industry regulations," said Jason Clark, Director at Virtek. "The Transporter for Business is an appliance so all the data is stored on premise, which allows organizations to have full control over security and location, while providing easy mobile, multi-device access and addressing the security challenges posed by the public cloud." 
Data security is also a prime focus for new value added reseller (VAR) and consultancy NDC.  "Everyone thinks about the Firewall when it comes to network security but sometimes overlook the impact that data loss causes not only financially but also the damage to branding and reputation. Prevention of data breaches to an organization should be as paramount of a concern as the securing of the physical infrastructure," said Nat Dowling, Co-Founder at NDC.  "Connected Data's Transporter addresses data loss protection by offering truly secure FSS."
NDC specializes in leading edge and next generation solutions and has the full range of Transporter for Business in their portfolio, as well as offering packaged solutions combing the Transporter with both NetApp and Fujitsu products.
Tweet this: .@Connected_Data Expands European Presence - Partners with Blue Profile, NDC and Virtek http://www.connecteddata.com/transporter-media/press-releases/
About Connected Data
Connected Data, the creator of Transporter, the world's first private cloud storage appliance, is focused on changing the way consumers and businesses manage their files. Transporter appliances allow customers to securely sync, access, share and protect data at a fraction of the cost of fee-based cloud services. The fast-growing Transporter network includes over 35,000 users managing more than 20 Petabytes of storage all over the world. Connected Data is privately funded and based in Santa Clara, Calif. For more information, visit www.connecteddata.com.

Plan B Disaster Recovery has announced it will be launching a brand new disaster recovery service at IP Expo on the 7th and 8th October. The company is extending its daily tested and guaranteed disaster recovery service to improve recovery points so customers can benefit from instant recovery with zero data loss.

Plan B Disaster Recovery will become the first cloud DR provider to offer zero data loss in addition to daily tested, guaranteed recovery. “The secret is in our auto recovery and testing regime” says Tim Dunger, Managing Director of Plan B Disaster Recovery.” For over 7 years we have been the only company to fully test a customer’s disaster recovery solution to application level every day – in advance of a failure. This has meant we have the fastest recovery times and the only service that comes with a money back recovery guarantee. We are really excited to add zero data loss to this so we can offer customers the holy grail of disaster recovery. And because we automate our fix-up and testing process we can make it affordable for all businesses.”

Plan B will offer this service to virtualised customers, using continuous replication to achieve zero data loss. Businesses that want to reduce the worry of coping with an IT failure can outsource the full end-to-end service to Plan B who will manage the replication, auto recovery, daily testing and recovery process. “Replication products require a lot of maintenance and management, so outsourcing the management of this and overlaying our daily testing service will give our customers more time to focus on their live systems while we worry about their DR. They will also have the reassurance of knowing their recovery will be instant, simple and without any data loss.” says Tim.

Plan B will be discussing their new service with customers at IP Expo where they will be on stand JJ3. Anyone looking at reviewing their IT disaster recovery is encouraged to visit their stand or contact Plan B Disaster Recovery directly.


About Plan B www.planb.co.uk

Plan B Disaster Recovery Ltd is a specialist cloud Disaster Recovery Company that offers the fastest return to service time of all cloud DR providers. Pioneers of pre-recovery, Plan B is the only provider to recover IT systems in advance every 24 hours and test them, offering the benefits of:

  • Guaranteed recovery success

  • Near instantaneous recovery times

  • Simplicity of recovery in the event of a disaster

With the use of automation, pre-recovery is available at a price comparable to traditional disaster recovery methods, meaning a hot standby equivalent has now become affordable to the SME market.

Plan B’s pre-recovery solution has been rated as excellent by ZDNet and is recommended by PC PRO. The company was awarded the CIR award for Specialist Company of the year.

Commonly observed practices threaten to undermine trust for core enterprise applications



PLANTATION, Fla. - Thales, leader in critical information systems and cybersecurity, announces the publication of its 2015 PKI Global Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals an increased reliance on public key infrastructures (PKIs) in today's enterprise environment, supporting a growing number of applications. At the same time, however, there is a general lack of clear PKI ownership, as well as a lack of resources and skills to properly support them. Current approaches to PKI are fragmented and do not always incorporate best practices, indicating a need for many organizations to apply increased effort to secure their PKI as an important part of creating a foundation of trust.


More than 1,500 IT and IT security practitioners were surveyed in ten countries: United States, United Kingdom, Germany, France, Australia, Japan, Brazil, Russian Federation, India and Mexico, with the aim of better understanding the use of PKI within organizations.


News facts:

  • The most significant challenge organizations face around PKI is the inability of their existing PKIs to support new applications (63 percent of respondents said this).
  • Only 11 percent of respondents say there is accountability and responsibility for PKI and the applications that rely upon it.
  • A large percentage of respondents said they had no revocation techniques.
  • Cloud-based services are the most significant driver for PKI-based application adoption.
  • The level of visibility, influence and/or control over the applications that consume certificates managed by their PKI is minimal.
  • There is a significantly higher use of weaker security techniques like passwords (53 percent) than there is of strong authentication mechanisms such as Hardware Security Modules (HSMs) (28 percent).
  • The top three places where HSMs are deployed to secure PKIs are issuing certificate authorities together with offline and online root certificate authorities.

Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, says:
"On average, companies today are using their public key infrastructure (PKI) to support seven different applications. While the results of this study demonstrate some use of best practices, including strong authentication and hardware security modules, they also reveal that lower security options like passwords are still prevalent - which is concerning in light of the increased dependency on PKIs today."


John Grimm, senior director, Thales e-Security, says:
"An increasing number of enterprise applications are in need of certificate issuance services, and many older PKIs are not equipped to support them. As organizations undertake a PKI upgrade cycle to support new applications and capabilities, many will look to improve the trust of their PKI by using HSMs to protect private keys for offline root certificate authorities as well as online issuing certificate authorities. Thales has decades of experience providing HSM-based PKI solutions, and runs a dedicated PKI Consulting Service to help businesses design and deploy world-class self-managed PKIs that build trust at the infrastructure level."


Download your copy of the new 2015 PKI Global Trends Study


To learn more about Thales PKI Consulting Services, visit www.thales-esecurity.com/pki-experts


For industry insight and views on the latest key management trends check out our blog www.thales-esecurity.com/blogs

Follow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTube


About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.


About Thales e-Security
Thales e-Security is a leading global provider of trusted cryptographic solutions with a 40-year track record of protecting the world's most sensitive applications and information. Thales solutions enhance privacy, trusted identities, and secure payments with certified, high performance encryption and digital signature technology for customers in a wide range markets including financial services, high technology, manufacturing, and government. Thales e-Security has a worldwide support capability, with regional headquarters in the United States, United Kingdom, and Hong Kong. http://www.thales-esecurity.com/


About Thales
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 61,000 employees in 56 countries, Thales reported sales of €13 billion in 2014. With over 20,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its unique international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe's leading players in the security market. The Group's security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France, the United Kingdom and The Netherlands.

CAMBRIDGE, Mass. – Permabit Technology Corporation, the industry leader in data reduction technology, today announced Mainline Information Systems, Inc., headquartered in Tallahassee, Florida, has joined the company’s partner network of solution providers, value-added resellers and distributors, bringing Permabit’s Albireo SANblox™ appliance to the IT marketplace. 

Mainline is an information technology solutions and IT consulting firm with more than 500 employees nationwide, providing information technology solutions throughout the United States, Puerto Rico and Brazil, and will provide its customers with Permabit SANblox data reduction appliances as an integral part of its storage solution offerings.
Permabit SANblox is a unique data reduction appliance for Fibre Channel-attached storage that pairs Permabit’s industry-leading deduplication index with its best in class HIOPS Compression™ technology. It delivers immediate data reduction for flash, hybrid and/or HDD storage products across a wide range of applications, including virtual server, VDI, copy data, database (OLTP and data warehouse), analytics and Big Data environments. 

SANblox can be deployed in a matter of hours for immediate storage savings in all-flash, hybrid, or HDD environments. With inline data reduction, storage savings from deduplication and compression are realized immediately, while increasing effective capacity and reducing costs. SANblox deployment flexibility also enables selective use of deduplication and/or compression on data stores, enabling users to choose the data reduction techniques that best meet their needs. 

“Mainline excels at guiding customers through the changing storage marketplace, and Permabit’s data reduction technology helps by enabling high performance, high capacity storage at dramatically reduced TCO,” said Scott Skidmore, Permabit Vice President of Sales. “We are thrilled to welcome Mainline to Permabit’s reseller and distributor network and are fully committed to their success.”

 “SANblox allows us to immediately deliver the industry’s highest performing, most scalable and lowest footprint data reduction to our customers with Fibre Channel SAN environments,” said Bob Elliott, Vice President, Storage Systems. “Customers who incorporate SANblox in their hybrid, disk and flash storage arrays can immediately increase their storage capacity and reduce their operating costs, with little to no impact on performance and minimal change to their existing environments.”

About Permabit
Permabit pioneers development of data reduction technologies. Our innovative data deduplication, compression and thin provisioning products enable the world’s leading storage OEMs to cut effective cost, accelerate performance, reduce time to market and gain competitive advantage. Just as server virtualization revolutionized the economics of compute, our data reduction technologies are transforming storage economics, today.
Permabit is headquartered in Cambridge, Massachusetts with operations in California, Texas, Florida, Korea and Japan. For more information, visit www.permabit.com.

For more information on SANblox for Enterprise IT, see SANblox.com

About Mainline 
Mainline Information Systems, Inc., headquartered in Tallahassee, FL., is an information technology solutions and IT consulting firm with more than 500 employees nationwide. Mainline has received many industry accolades, including VMware Global Desktop Virtualization Partner of the Year, Red Hat North American Partner of the Year, multiple IBM Leadership Awards and HP Specialist Partner designations. Mainline provides solutions throughout the United States, Puerto Rico and Brazil. The company may be reached by phone at 850-219-5000 and on the Internet at www.mainline.com.

Druva Mobile Forensics Automatically and Transparently Collects Data from Android Mobile Devices


SUNNYVALE, Calif. – Druva, the leader in converged data protection, today announced Druva Mobile Forensics for Android, a new capability that automatically and transparently collects data from an organization’s Android devices, allowing enterprise IT, information security and legal teams to easily facilitate compliance and eDiscovery requests. Druva’s latest mobile forensics capabilities address the mobile eDiscovery challenges of today’s borderless enterprise. Data is no longer centralized in a company’s data center -- thanks to mobility and the cloud -- and this “decentralized” data makes it difficult to manage, collect and protect corporate information. Druva Mobile Forensics allows for the proactive collection of data rather than its reactive collection, meaning companies avoid having to request devices or manually copy them. This lets organizations easily and unobtrusively collect data, monitor for data compliance and place legal holds on mobile data as needed for litigation requests and regulatory needs.

“Data sprawl and the vast amount of information stored on mobile devices make collecting this data – and ensuring that is it forensically sound – extremely difficult during litigation, investigation and compliance audits,” said Jaspreet Singh, CEO, Druva. “Druva is the only company in the data protection space enabling 100 percent data governance on Android devices while making data collection and monitoring automatic as well as transparent to end users.”

Druva, which recently launched Druva Proactive Compliance, has spearheaded a preemptive approach to address today’s data governance challenges within an increasingly mobile workforce. A company’s email server was once the main source of collected end-user data, but now mobile and text messages are an integral part of the eDiscovery process. In fact, almost 80 percent of business users use text messaging for business communications, according to a recent industry survey. Also, the rise of BYOD, the diversity of device models, carriers and the rapid innovation of mobile operating system platforms translate to headaches for security, compliance and legal professionals.


Traditionally, preparing and reacting to e-discovery requests has been about capturing email communications. Increasingly, enterprises are grappling with how to contain and manage mobile and social content,” according to Garth Landers and Jie Zhang, Research Directors, Gartner. “Mobile workers increasingly use SMS text, and file synch and share, and leverage a decentralized series of work processes and collaboration. This makes IT's role of collection, identification and preservation of relevant content during litigation burdensome and, often, incomplete.”i


Companies must have access to technology that enables centralized collection capabilities on mobile devices to overcome potential mobile eDiscovery and compliance hurdles. Druva Mobile Forensics is widening organizations’ data visibility footprint. Its proactive collection of data alerts the company to potential data risks posed by people storing sensitive information on Android devices (PHI, PII, PCI). Also, with proactive data collection, organizations are placed in a preemptive posture and are prepared to respond to a legal hold request. Companies can simply add a user to a legal hold within Druva, and their data is automatically preserved in a forensically sound manner.


Organizations cannot only collect and preserve text messages, but also mobile browser history, call logs, device information and more. Druva Mobile Forensics is part of the company’s governance capabilities for its #1 analyst-rated inSync converged data protection platform. The new forensic capabilities empower IT and Infosec teams to collect needed data while also respecting global data privacy regulations.


Druva Mobile Forensics automatically collects data, which can then be transferred to an eDiscovery tool for processing and review. Additional product capabilities include:

  • Data collection on Android with no end-user intervention

  • Additional settings for SMS, browser history, call history, app logs, call logs, deleted messages, device info, third-party app logs and allows for eDiscovery on this data or continuous monitoring for adherence to compliance policies

  • Easy, secure access to all collected data through inSync’s eDiscovery enablement interface

  • Capture of all meta-data associated with data stored on the device

  • Access to deleted messages and retention of critical meta-data associated with each file to ensure legal admissibility

  • Data collection according to the configured schedule

Druva Mobile Forensics for Android is currently available and included at no additional cost to inSync Private Cloud Elite and Cloud Elite customers.

To learn more about Druva Mobile Forensics, visit www.druva.com/insync.

About Druva
Druva is the leader in converged data protection, bringing data-center class availability and governance to the mobile workforce. With a single dashboard for backup, availability and governance, Druva’s award-winning solutions minimize network impact and are transparent to users. As the industry's fastest growing data protection provider, Druva is trusted by over 3,000 global organizations on over 3 million devices. Learn more at www.druva.com and join the conversation at twitter.com/druvainc.

i Gartner, “Managing E-Discovery in the Digital Workplace,” February 3, 2015

Time Warner Cable the First Company Globally to Self-Declare Conformity to ISO 22301

LOMBARD, Ill. – The international Consortium for Organizational Resilience (ICOR), an international non-profit professional development and credentialing organization, today announced that Time Warner Cable (TWC) has become the first company to achieve ICOR verification of self-declaration to ISO 22301 for TWC's  Business Continuity Management System. 

ISO 22301, developed by the International Organization for Standardization (ISO), is a standard that addresses business continuity management to help organizations be better prepared and more confident to handle disruptions of any type. The scope of the self-declaration is the entire organization. TWC is among the largest providers of video, high-speed data and voice services in the United States.  

With the establishment of ISO 22301 Business Continuity Management System Requirements in May 2012, organizations have been aligning their Business Continuity Management Systems (BCMS) to ISO 22301.  Some organizations seek third-party certification to demonstrate their conformance.   Self-declaration of conformance is also allowed.


ICOR created a third path to declaring conformity that includes a verification of the self-declaration made by the organization. Upon meeting the requirements, ICOR issues a verification symbol for use by compliant organization.  (see above)
Randy Dougherty, Vice President for Management Systems, the American National Accreditation Board (ANAB), said, "I am very pleased that TWC has become the first organization to achieve the ICOR verified self-declaration of conformity to ISO 22301.  This is a positive achievement demonstrates that TWC has implemented a  business continuity management system capable of prompt recovery in the event of a disruption.  This also positions TWC toachieve an accredited certification to ISO 22301 and participate in the DHS/FEMA PS Prep program. 
The ICOR program was developed with input from industry, certification bodies and ANAB an accreditation body that certifies organizations for preparedness, business continuity, resilience and emergency response management systems based on ISO 22301, NFPA 1600 and ASIS SPC.1." 
"We're very proud to be the first company to complete the ICOR Verification of Self-Declaration process to ISO 22301," said Brian Allen, TWC's GVP and Chief Security Officer. "ISO 22301 provides us the framework to be even better prepared to handle disruptive incidents, ensuring efficient responses and effective business continuity. At TWC, contingency planning is critical to our operations so it's essential to continue efforts to enhance our strong business continuity program."
About the Self-Declaration Verification Process
ICOR created a third path to declaring conformity that includes a verification of the self-declaration made by the organization.  ICOR's Verification Program was developed in collaboration with The American National Accreditation Board (ANAB), the British Standards Institute (BSI), third-party certification bodies, and representatives from FEMA and DHS in the United States.  This process is intended to support and promote eventual third-party certification by providing organizations a tool to improve their Business Continuity Management (BCM) programs and to conform to ISO 22301 requirements.  Learn more
About ICOR - - Embedding culture and systems of organizational resilience
ICOR (www.theICOR.org) headquartered in Lombard, IL USA, is an international non-profit professional development and credentialing organization that provides professional development, certification, thought-leadership, and the latest in research and industry trends in the disciplines that support building a more resilient organization. ICOR addresses the evolving needs of business, government, non-governmental agencies, and society to improve their resilience and viability as an organization and as a member of a larger community.  
For more information, contact:
Lynnda Nelson, ICOR
PO Box 1171
Lombard, IL, 60148 USA
Tel: +1 630-750-0910
Web: www.theICOR.org  

OWINGS MILLS, Md. – With regulatory oversight more serious than ever, Star Compliance Services has developed a new program – Compliance Shield – to help health care providers assess their compliance and fix outstanding issues before they threaten to derail operations. The problem is far from theoretical: The Tampa Bay Times reports that stronger enforcement is already underway in Florida, where scores of hospitals and clinics have fallen into the crosshairs of state auditors.

Of the 100 healthcare organizations being audited in Florida, 31 missed a deadline to certify their compliance with Medicaid reimbursement practices, and the remainder provided unsatisfactory responses to the state's Health Care Administration Secretary Liz Dudek. Even the prestigious Cleveland Clinic Florida is on the list. According to the Miami Sun-Sentinel, escalating costs and surging enrollment have forced the state to take a long, hard look at how hospitals are billing for Medicaid expenditures.

"Major compliance areas today include not only HIPAA, but also OSHA, Medicaid/Medicare, Stark Law, the False Claims Act, and Fraud, Waste and Abuse," explains Chief Compliance Officer Gregory Ewing. "Enforcement has increased to the point that neglecting compliance, even for a moment, is a non-starter. Our various tools, services and products, including the Compliance Starter Toolkit helps organizations be proactive and avoid the consequences of non-compliance, which can include everything from fines and penalties all the way to federal prison time."

"Given the heightened regulatory scrutiny, health care providers should assess their level of compliance and remediate any findings identified through their assessments." The Compliance Starter Kit is a toolkit that provides HIPAA and Compliance checklists which allow health care providers to determine their levels of compliance and identify opportunities for improvement.  Another Star Compliance Services product, Compliance Shield, provides an assortment of tools, including training webinars, compliance document reviews, consulting hours and discounts on future additional hours. For those health care providers that require additional services, professional auditors from Star Compliance Services can conduct a risk assessment and carefully investigate its clients' policies and procedures, with the goal of identifying every possible area of weakness or non-compliance. Clients can be confident that Star Compliance Services incorporates only the most current and relevant regulatory standards. Following the risk assessment, Star Compliance Services provides a set of customized recommendations to correct issues. In addition, the company offers practical advice on how to maintain compliance over the long term. 

Star Compliance Services' products and services are not one-size-fits-all approaches; instead, the tools and programs are tailored to meet the individual needs of private practices, institutions and other healthcare organizations. In addition, the expert team at Star Compliance Services can develop an approach that's affordable and practical for any client.

For private practices and other healthcare organizations keen on deploying an in-house compliance program, Ewing and his team offer some timely, targeted advice. First, all policies and procedures should be available in writing to every stakeholder. If an organization can afford to hire a full-time compliance officer, that is likely the ideal solution, but many cannot swing an investment of that size.

To ensure that a successful in-house compliance program can be sustained, ample resources must go toward education and training. Likewise, ongoing monitoring is necessary to spot potential problems before they erupt into a full-blown compliance issue.

Ewing concludes: "Health care provider groups and offices cannot overlook compliance, but all the recent changes have left many feeling overwhelmed. That's why we created Star Compliance Services – to meet a serious and significant need in the healthcare delivery pipeline."

Star Compliance Services is perhaps best known for its series of informational seminars and the resulting positive feedback from these events has Ewing and his team's expert assistance in high demand.

About Star Compliance Services

Star Compliance Services is the host and organizer for Medicaid and Medicare compliance seminars and webinars in Texas and the Washington D.C. Capital Region and a repository of knowledge and trends on the evolving issue of regulatory compliance in the wake of the Affordable Care Act.