Spreadsheet security? What spreadsheet security!

ExSafe


Comment I have written before, and will say again, that Microsoft Excel does not have security. It does actually have some security features but most users don't know about them and, if they do, they are frequently not implemented.

In any case, as Microsoft has explicitly stated, the security features in Excel are not actually there to provide security but to make life simpler for users. For example, you can hide worksheets from users so as not to confuse them and you can apply what locking is available for the same reason: so that users just focus on what they need to do and not on other stuff.

All of that being the case, it is surprising that none of the established players in the enterprise spreadsheet management market have majored on providing spreadsheet security as a first and foremost requirement. Instead, the likes of Compassoft, Mobius, Cimcon and Prodiance have focused on control and compliance—no doubt because of the pressure to be able to sign-off against the requirements of Sarbanes-Oxley and similar regulations.

However, while I understand the short-term benefits of taking such an approach surely this is putting the cart before the horse: if your spreadsheets aren't fully secure then the ability to track changes to your spreadsheets is of only limited value. This is not to say, of course, that any of the aforementioned vendors do not provide some measure of security but shouldn't it be the cornerstone of any solution?

In fact, there is a new vendor to the market that is offering just that. The company is ROISoft and its product is ExSafe. It is based in Dublin, Ireland and started marketing its product around the end of last year though it has been acting in stealth mode until now. Nevertheless, it has already won a couple of major financial organisations on Wall Street as customers, in competition with more established suppliers in the market.

So, what has ExSafe got going for it? To begin with it has security at its heart and then has control and compliance built on top of that. Indeed, its control and compliance capabilities are probably not as extensive as some of its competitors—but its security is better.

Now, everybody who is anybody in this market provides role-based security, support for electronic signatures and locking down to cell level. But ExSafe adds a number of additional capabilities on top of these. For example, you can apply security at folder level and sub-folders can inherit those security characteristics so that you only have to apply changes at the sub-folder level, therefore making the administrator's task simpler.

Another thing that has particularly caught my attention is with respect to what happens when Excel crashes. The software automatically saves a temp file on your system. Anybody can come along and read this, yet has your spreadsheet management software (if you have one) any way of handling this? Certainly no vendor has previously mentioned this to me. But ExSafe automatically encrypts all secured ranges within temp files or .xls files, so that they cannot be read or used outside the ExSafe environment.

There is some other neat stuff: the way that you select groups of cells against which you want to apply security strictures is very simple, the discovery mechanism is clever and I like the fact that the software doesn't just track changes but also any attempted changes.

ExSafe may be new to the market but it is definitely a contender.

Copyright © 2007, IT-Analysis.com


Other stories you might like

  • Talos names eight deadly sins in widely used industrial software
    Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

    A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.

    The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things (IIoT) efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as well as custom applications and APIs, databases and edge systems.

    Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES are among the users of the OAS platform.

    Continue reading
  • Despite global uncertainty, $500m hit doesn't rattle Nvidia execs
    CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

    Nvidia is expecting a $500 million hit to its global datacenter and consumer business in the second quarter due to COVID lockdowns in China and Russia's invasion of Ukraine. Despite those and other macroeconomic concerns, executives are still optimistic about future prospects.

    "The full impact and duration of the war in Ukraine and COVID lockdowns in China is difficult to predict. However, the impact of our technology and our market opportunities remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the company's first-quarter earnings call.

    Those two statements might sound a little contradictory, including to some investors, particularly following the stock selloff yesterday after concerns over Russia and China prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

    Continue reading
  • Another AI supercomputer from HPE: Champollion lands in France
    That's the second in a week following similar system in Munich also aimed at researchers

    HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at building and training larger machine learning models to underpin research.

    Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is to be named Champollion after the French scholar who made advances in deciphering Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

    Champollion brings together HPC and purpose-built AI technologies to train machine learning models at scale and unlock results faster, HPE said. HPE already provides HPC and AI resources from its Grenoble facilities for customers, and the broader research community to access, and said it plans to provide access to Champollion for scientists and engineers globally to accelerate testing of their AI models and research.

    Continue reading

Biting the hand that feeds IT © 1998–2022