Sphere 3D Corp. (ANY)

[derek32smith]

Encryption: why is it important?

During the Microsoft podcast Peter Bookman and John Morelli were asked about encryption and SSL certificates on Glassware. Frankly. they acted like pair of deer caught in the headlights. Any IT sales person should have been able to answer that question with specifics. I can assure you that any Citrix or VMware sales rep could easily answer those questions.

VMware, Citrix, Dell and others all offer encryption and data protection, and detailed information to inform potential buyers. Yet, the thought and technology leaders of Sphere could not answer a general question on encryption, other than to say "we can write that with our professional services"

Ok, perhaps Bookman was flustered, but surely John Morelli, the investor of the technology could have answered it. After all, he built it.

It is important to understand that end to end encryption and SSL certificates are "must have" requirements today. Without them, there is no way to ensure that data has not been taken or misused, or that it has been delivered to the proper server or end point device. All commercial internet or cloud based systems use encryption and SSL certificates to protect data. Any system that does not offer these capabilities is simply not a commercially viable technology solution. Would you buy from Amazon if they could not protect your credit card info? Not a chance!

In healthcare, HIPAA regulations require that data on the server, end point, and in-transit be encrypted. Otherwise, someone could easily steal the server or the laptop, smartphone or tablet, or steal it from the internet or while in transit over a WiFi connection. And the penalties and costs for a breach are huge.

Read this from the American Bar Association to understand the real and potential risks and costs for unencrypted PHI data in the US healthcare market:
http://www.americanbar.org/newsletter/publications/aba_health_esource_home/aba_health_law_esource_1110_barrett.html

"Mobile devices are particularly vulnerable to loss and theft because of their small size and portability. The most common form of security breach is the theft of mobile devices. A recent survey of 600 U.S. hospital executives, physician organizations, health insurers, and pharmaceutical/life sciences companies found that theft accounted for 66 percent of reported data breaches over the past two years.8 Mobile devices are typically small, light and highly visible to would-be thieves looking for an opportunity to take a phone left behind in a public space, such as at a restaurant."

and "It is important to provide physical safeguards to protect ePHI stored on and exchanged by mobile devices. In less than two years, from September, 2009 through May, 2011, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) reported “116 data breaches of 500 records or more from the loss or theft of a mobile device, exposing more than 1.9 million patients' PHI.”

[color=red][/color]

Also this from an expert on HIPAA and data protection: http://ww2.cfo.com/data-security/2015/03/calculating-colossal-cost-data-breach/

"If Anthem had done that two years ago, they might have avoided the recent mega-breach. The company had a wake-up call in 2013 when it was cited by Health and Human Services’ (HHS) regulators for not having completed a risk analysis after implementing a new consumer portal. It settled the case for $1.7 million. That’s a drop in the bucket compared with the costs of their 2015 breach involving 80 million people.

According to many media reports, Anthem will soon deplete its $100 million cyber-insurance coverage just to notify the victims and provide free identity-theft and credit monitoring."

So, lets agree that the scope and potential cost of data breaches and loss of PHI data is huge. This is why vendors and customers take it so seriously and invest large amounts of effort and money to ensure data protection via encryption and other techniques. It is not just a "nice to have" feature or something that can be flippantly ignored or shrugged off with "oh, we can write that later".

What do Sphere's competitors provide for data security? Consider this VMware white paper with over 20 pages of detailed information. This is just one of hundreds of references that VMware has about ensuring data security with its Horizon suite: https://www.vmware.com/files/pdf/techpaper/vmware-horizon-workspace-security-features.pdf

You can easily search Google for more info, and find it for Citrix, Dell and others.

But, you cannot find a single reference for encryption and data protection from Sphere regarding Glassware.