A Peek into Google’s Data Centers

Google is normally very secretive about its data centers. They recently posted a new video on its enterprise blog that gives a glimpse into the inner workings of its facilities. The video emphasizes security and environmental best practices.

Google Data Centers
Some highlights from the video:

  • Google builds its own customer servers.
  • Google uses its own custom, stripped down version of Linux. It uses only a minimum set of packages.
  • The facilities are hyper secure – vehicles can’t enter without authorization, and iris scanners are used at some locations.
  • Google rigorously tracks all hard drives that come into the facility.


Visa Launching Contactless Mobile Payments for iPhone

Paying for purchases at the checkout counter by waving your iPhone in front of a payment terminal will soon be a reality, thanks to a new partnership between Visa, Inc. and DeviceFidelity. They have teamed to launch a mobile payment technology for iPhone 3G, iPhone 3GS, and (one would assume) iPhone 4.

According to a press release, the new Apple-certified technology combines a protective iPhone case with a secure memory card that will host Visa’s contactless payment application, Visa payWave.

Introduced in September 2007, payWave allows cardholders to wave their cards in front of terminals in order to pay for purchases at point-of-sale. The technology is similar to MasterCard’s PayPass solution, which rolled out to select markets in 2005. This technology already works at over 32,000 retailers, notes the company’s corporate Web site, and the list is “rapidly growing.”

This mobile payment technology won’t be limited to iPhones. To use Visa’s technology on non-iPhones, users can insert the card into phone memory slots to transform them into mobile payment devices.

Considering that people often lose their mobile phones, the application is designed so that it can be password protected and uses “advanced security technology,” according to the release, to uniquely identify each transaction. If a phone is lost or stolen, the phone’s owner would simply call their provider, who could then immediately deactivate the account, just as they would do if a credit card was lost or stolen.

Insurance for Data Breach Expenses

The vast majority of insurance agencies do not have any insurance coverage for reimbursement of the costs incurred due to a client data breach. Here are just a few of the reasons why a Network Security and Privacy (NSAP) policy makes sense for insurance agencies:

  • Coverage for data and other non-physical perils is routinely excluded under Property policies.
  • The “intentional acts” exclusion found in a standard E&O policy might eliminate coverage if the breach was caused intentionally by an employee.
  • E&O coverage may not respond at all for acts that are outside the provision of professional services.
  • Liability arising out of the destruction of electronic data is not typically covered under the standard General Liability or Property policies.
  • Crime policies generally only cover theft of money, securities or other tangible property – not information theft or the destruction of electronic data.

Don’t be the cobbler with holes in his shoes! You need to take the appropriate risk management steps to protect the private client information contained within your electronic and physical files.

If that does not work, you will be glad you have separate coverage.

Microsoft: Frequent Password Resets are a Waste of Time

In a recent research paper, Microsoft principal researcher Cormac Herley asserted that security measures that are being recommended are a waste of time. He argues that security protocols that attempt to protect an individual or organization from the consequences of a security breach often exact a much steeper price—in the form of user effort and time expended.

While everyone knows that “123456” is not a good choice for a password, is it worth the effort to force users to change their passwords? “Most security advice simply offers a poor cost benefit tradeoff to users and is rejected,” said Herley. Following certain password rules “shields [users] from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort.” Herley contends that users who ignore security advice aren’t lazy or stupid; rather they’re acting rationally. Required security activities are complex, and the benefits are “largely speculative or moot.”

He particularly slams the common requirement that users change passwords at specified intervals. A hacker who steals your password is going to use it right away; he won’t wait two months. “Insisting that users choose a unique strong password for each [[account]] which they change often and never write down is clearly a large burden.

The study also says that teaching users to recognize phishing URLs is a losing proposition, not worth the time spent. Herley calculates that a task requiring one minute per day from every working adult in the United States costs about $15.9 billion per year. Unnecessary security advice “treats as free a resource that is actually worth $2.6 billion an hour.”

While he might have a point, don’t go changing all your passwords to “123456” just yet. Using different passwords for different accounts and Web sites really is beneficial, as is using complex, non-guessable passwords. You can cut down on the time and effort required by using a password manager and letting it generate strong passwords for you.

Artizan Internet Services Releases WebEngine 2.0

After months of development, Artizan launched WebEngine 2.0 for the insurance industry. This new engine helps agents improve their Web presence by increasing site traffic and searchability and using the latest tools in Web site design.

“When we first began speaking about this new engine and the whole emphasis of Search Engine Optimization (SEO) and social networks, there wasn’t much ‘buzz’ about it,” said Richard Roy, managing partner and president of Artizan. “Agents were still getting their bearings on the Internet and learning what they wanted to do within it. Today, being on the Web is no longer just a cool thing to do; it’s a vital part of conducting business.”

The new WebEngine 2.0 now includes:

  • Search engine optimized sites—All WebEngine 2.0 sites use the latest style-based designs, which increase the “content to code ratio.” Sites with higher content to code ratios are ranked higher by search engines than code-centric sites.
  • Dropdown menus—Dropdown menus are available to use throughout your site, not just on custom home pages. The new dropdown menu system was developed to be highly compatible with search engines.
  • Page-based meta tags—These tags are used by search engines to make decisions regarding keyword prominence and for the description that appears on the search results page. The ability to enter meta description and keyword tags for each page increases the searchability of a site on the Web.
  • Google Analytics integration—Page hits are automatically recorded and reported in WebEngine 2.0. For more in-depth reporting, sign up for a Google Analytics account. The Google code is automatically inserted into each page on your site with your account number.
  • WYSIWYG page editor—The new page editor in WebEngine 2.0 allows you to edit pages in a format that looks like the finished page. Similar to your favorite word processor, buttons exist for bold, italic, and underline text. You can change the font face and size of any text and perform most standard text formatting options easily.
  • Active dictionary—Displayed content will be compared against the site’s insurance terms, and any defined words will appear as links. Mousing over the links will display a dynamic pop-up containing the definition of the term. This feature can be customized to have definitions on all pages, no pages, or only selected pages.
  • Preview before publish—WebEngine 2.0 allows you to preview new pages or updates before publishing them to the live site.
  • Flash video upload—WebEngine 2.0 includes the ability to upload flash videos—similar to YouTube. Each video will appear as a WebEngine page.
  • Page-level security—Access can be restricted/changed for individual pages. This allows agencies to assign the responsibility of updating pages only to the department responsible for the content.
  • Automated sitemaps—XML and HTML sitemaps are created automatically. XML sitemaps are used by search engine spiders to navigate your site. (Spidering is how search engines [i.e. Google] search and catalog a site on a page-by-page basis, making your site easier to find.)
  • Self-updates—WebEngine 2.0 gives agents the ability to sign on and make Web updates themselves. However, if an agent prefers, Artizan offers support services to help with SEO and periodic updates.