Upload
brian-mckenna
View
212
Download
0
Embed Size (px)
Citation preview
ne
ws
5
Info
security To
day
September/O
ctober 2006
Microsoft has completed the
acquisition of Whale
Communications, first an-
nounced in May.The privately
held Israel-based SSL VPN vendor
was among the last of its breed
swimming independently. It has
been working closely with
Microsoft, especially since
December 2005 when it started
OEM-ing ISA Server.
Left in the SSL ocean — once
teeming with fish like Neoteris,
uRoam and Net6 — are Aventail,
Array Networks and Portwise.
The Whale purchase is one of
a slew of Microsoft acquisitions
seemingly governed by a strategy
of buying up security companies
specializing in a field where it is
not the dominant player.
The acquisition has been pre-
sented as a strengthening of
Microsoft’s ‘secure access plat-
form’.The company said, in a
statement:‘Whale’s best-of-
breed product line includes the
Intelligent Application Gateway,
which combines Whale’s secure
sockets layer (SSL)-based access
and application protection tech-
nologies with Microsoft
Internet Security and
Acceleration (ISA) Server’.
Steve Brown, director, product
management in the Microsoft
Security & Access Product group
said that Whale was “widely re-
garded as best of breed” in the
space, and the fact that it was a
Windows-based technology obvi-
ated the need to have developed
a homegrown SSL VPN product.
Long-time Whale customer,
Gary Cooper,Applications
Technical Architect at UK ener-
gy supplier E.on welcomed the
Microsoft acquisition.
E.on originally bought Whale’s
SSL VPN product in 2002 for its
“military grade ‘air-gap’” technol-
ogy that separated internal from
external networks, he said.As the
product moved from v2 to v3, its
application firewall and endpoint
detection features appealed.The
company has 18,500 workers,
70-80% of whom are regular IT
users. SSL VPN users are num-
bered in the thousands, but the
company also uses Check Point’s
IPSec technology for VPN access
for power usage.
“The main thing [about
Whale] was the ability to open
up applications to third parties
in a secure way. Being a utility
we have remote users in the
field who are not necessarily
our employees”, he said.
He also reported that E.on
found Whale technology useful
when insourcing call centres
back from India quickly and giv-
ing access to their helpdesk sys-
tem to O2, which manages their
mobile phone contract.
Cooper anticipates that
Microsoft will bring greater scale
and support to the Whale tech-
nology, especially in terms of the
management interface. He is also
interested to see how Microsoft
will develop the technology in
respect of secure remote access
via PDAs.
“We need to keep tabs on
how the technology develops for
enterprise. If it is built around
SMEs we could still work with
that because our volumes are not
in tens of thousands of users.
Had we been looking to scale up
before the acquisition we would
have reviewed the marketplace
again. But I am actually less wor-
ried now.There was a concern
before that Whale could just
have disappeared”.
In a statement,Bob Kelly, gen-
eral manager of Infrastructure
Marketing at Microsoft said:“We
are committed to the continued
investment and support of Whale
technology and its focus on opti-
mizing Microsoft and third-party
applications. SSL-based access
and application protection are in-
tegral parts of our secure access
road map.”
Microsoft plans to integrate in-
tegrate the Whale access and ap-
plication optimization technolo-
gies into its secure access plat-
form, including ISA Server. Steve
Brown said that the company an-
ticipates to grow the Whale user
base in line with the "double dig-
it, ahead of the market" growth
of the ISA server business.The
Whale user base currently stands
at 2 million.
The Whale acquisition fol-
lows Microsoft’s recent an-
nouncement of ‘Forefront’, the
new brand for its portfolio of
business security products.
Brown confirmed that the com-
pany is making a $15m invest-
ment in the portfolio over the
next year.
Microsoft is offering 25% off
the list price of $18,000 of the
Whale Intelligent Application
Gateway, and 25% off any add-on
modules.
Microsoft ingests WhaleBrian McKenna
UK plans prison terms for personal data abuseSA Mathieson
The UK government’s plan
to introduce imprisonment
for those found guilty of illegal-
ly buying and selling personal
data will not affect employers
or officers of an organization, as
long as they did not order or
encourage the breach.
On 24 July, the Department for
Constitutional Affairs (DCA)
opened a consultation on its plan
to introduce prison sentences of
up to two years for those breach-
ing the UK’s Data Protection Act
1998.The present maximum
penalty is an unlimited fine.
The change had been re-
quested in May by Richard
Thomas, the information com-
missioner (the UK’s statutory
data protection officer), in his
report to parliament ‘What
Price Privacy’? This complained
that the profits from abusing
personal data were so great that
the few fines issued were an in-
sufficient deterrent.
“Tougher penalties should not
be seen as a barrier to data shar-
ing in the public and private sec-
tor,”said Thomas, in a statement
last week welcoming the DCA’s
consultation.“However, it is im-
portant that the government and
other public bodies retain public
trust and confidence.”
In terms of how it affects or-
ganizations, the DCA consulta-
tion document says that an em-
ployee who sold what he knew
to be personal information from
his organization to a journalist
would be guilty of the offence,
but that his employer would not.
Rosemary Jay, a partner and
head of the information law team
at law firm Pinsent Masons, says
the proposed change will alter
only the punishments available
under the Data Protection Act.
“There are some offences where
an employer is vicariously liable
for what an employee does, and
this is known as strict liability,”
she says, including serving alco-
hol to children,but this will not
be extended to personal data
breaches by the DCA proposal.
However, Jay – who served as
the information commissioner’s
legal adviser from 1987 to 1999 –
says that employers having strict
liability for employees’breaches
of data protection law may be ap-
plied in future. She points out
that abusing personal data only
became illegal in the UK in the
mid-1990s, and that the penalties
have already been strengthened
once,when the Data Protection
Act was introduced.“I think this
is part of a process,during which
the surreptitious obtaining of in-
formation becomes less and less
acceptable,” Jay says.
DCA consultation, open until
30 October:
http://www.dca.gov.uk/con-
sult/misuse_data/cp0906.htm
Information commissioner’s
What Price Privacy? report:
http://www.ico.gov.uk/eventu-
al.aspx?id=17613
© SA Mathieson 2006.