RIABiz

News, Vision & Voice for the Advisory Community

RIABiz

A war of words flares up between Andy Gluck and Joel Bruckenstein

On Financial Planning magazine's website, Bruckenstein questions Gluck's impartiality

Author Brooke Southall April 16, 2010 at 6:29 AM
Admin:
no description available
Joel Bruckenstein: Now this may come as a shock to readers, but I think it was rather reckless of Mr. Gluck to make such an outrageous statement.

Stephen Winks

Stephen Winks

April 16, 2010 — 1:50 PM

The security of client data is often assumed or taken for granted. Such an elevated discussion on data security makes us all want to ask questions and increase our criteria for “adequate” safety.

SCW

Peter Giza

Peter Giza

April 16, 2010 — 4:03 PM

Just a few of words on the subject of “security” in and out of the cloud:

1) ANY firm can be hacked this continues to be proved on a daily basis. Hacking doesn’t just include electronic exploits. It includes and many times combined with social engineering

2) If your firm has a link to the Internet then you are in the cloud and subject to rule #1

3) Greater than 60% of breaches come from within

4) People will trim hedges with a lawnmower (according to urban legend.) Technology is a tool. Used properly it can be of great benefit. Used improperly you can destroy your credibility. You cannot force sensible use. Yes you can try to enforce safety factors such as enforcing password updates and requiring minimum length and special character use. But what is really happening on the backend of the service? What other holes exist? What other windows can be left open by the user that could breach security?

It would be nice to hear from Google and Zoho. Let’s remember these are tools and tools can hurt you:)

Regards,

Peter Giza
RedBlack Software www.redblacksoftware.com

Brooke Southall

Brooke Southall

April 16, 2010 — 5:26 PM

Peter,

Thanks for your good insights and good humor.

I think my dad was the guy who used the mower on the hedges.

It would be nice to hear from Google and Zoho.

Brooke

Scott McKenzie www.cloudlogic.co.uk

Scott McKenzie www.cloudlogic.co.uk

April 16, 2010 — 6:35 PM

Key to Google Apps’ security is that it can’t be subjected to dictionary attacks which many corporate systems, even those that require complex passwords to be created, can be.

Nevin Freeman

Nevin Freeman

April 16, 2010 — 6:36 PM

Scott: This is an interesting point. Can you explain why that’s the case?

Scott McKenzie www.cloudlogic.co.uk

Scott McKenzie www.cloudlogic.co.uk

April 16, 2010 — 6:52 PM

CAPTCHA for one. After a few failed login attempts, Google Apps forces the user to read and type in some mangled text that only a human can read. This stops a hacker directing a program at the login screen that simply tries millions of character combos until it guesses the password. So even if the password is “password” unless the dictionary attack attempts that on the first few goes, it will fail to access the Google Apps account.

Nevin Freeman

Nevin Freeman

April 16, 2010 — 6:56 PM

Ahh, I see, makes sense. Thanks for the info; I think it’s definitely relevant to the discussion.

Anonymous

Anonymous

April 20, 2010 — 2:49 PM

Front page story in today’s New York Times: Cyberattack on Google Said to Hit Password System (http://www.nytimes.com/2010/04/20/technology/20google.html?hp)

Gabriel Cooper

Gabriel Cooper

April 15, 2011 — 8:39 PM

Understanding that the comments in this article are out of context, I wonder if the writers merely aren’t considering the whole realm of possibility that these services provide. I’d argue that a few key points make a world of difference.

1. Google Apps Premium provides single sign on to almost all Google Services, including Docs, and applies enterprise level security controls to the individual users. This includes password length restrictions, sharing controls, and options to tie login to local domains. Using Apps to access Google’s native services, or Marketplace services using sing sign on and/or integration, is an entirely different level of security control than simply signing up for a regular Google account.

2. Zoho is a Google Apps Marketplace service, allowing Google Apps administrators to integrate users’ access to Zoho within their Apps domain. Whether or not Zoho offers good administrative control over security policy is moot when it is used with Apps.

3. Enforced password policy is often a vital factor in security, but it is neither necessary nor sufficient to ensure appropriate security. Solid passwords tied to services that can’t detect automated intrusion attempts are almost meaningless in today’s world. Without good written policy controlling user behavior, strong passwords will end up written on post it notes in laptop bags anyway.

If the question being addressed in these comments is whether Google and/or Zoho office tools mandate sufficient security for the investment business, I don’t think that’s the real issue. Most tools don’t mandate sufficient security by themselves and any feature that increases mobility and access will increase the potential for breaches. I’d offer that the real question should be whether these systems offer a sufficient toolset for administrators to to use them in a balanced security plan… and how this factors into the comparison to products of similar price and functionality.

While certain aspects of Google Apps password control offer less than some competitors, like the ability to mandate character types instead of simply length, this doesn’t cripple the service by itself. If this is seen as a requirement for use there are ways to enforce it by tying external authentication to Apps or by applying good behavioral policy. These extra steps may or may not leave the product as the best choice for an application, but I don’t think it means that the product is unusable because it doesn’t include every security feature by default.


Related Moves

Orion names 'left-brained' Natalie Wolfsen as CEO to replace Eric Clarke, and AssetMark, which synchronized its announcement, hires Michael Kim as her replacement

Orion Chairman Charles Goldman again lures his protege to self-replace, while Michael Kim was 'integral to AssetMark’s record financial performance over the past several years'

September 8, 2023 at 11:58 PM

Broadridge CEO Tim Gokey gets Google Cloud's head of platform in his corner as he sets sights on wealth management cloud thunderclapper

Amit Zavery takes a Broadridge board seat as the New York firm--its shares skyrocketing in recent years--adds a wirehouse and makes wealth management a third pillar of growth

July 9, 2019 at 11:33 PM


Mentioned in this article:

Technology Tools for Today
Consulting Firm
Top Executive: Joel Bruckenstein



RIABiz Directory

The Industry Sourcebook for RIAs

   |    LISTING


RIABiz Directory sponsored by:

Directory Sponsor Logo