SOURCE: Co3 Systems

Co3 Systems

September 14, 2011 11:34 ET

Co3 Systems Launches Industry's First Solution for Data Loss Management

SaaS-Based Service Cuts Incident Response Process Time in Half, Vastly Reducing Costs; Company Led by Security Industry Veterans

DALLAS, TX and CAMBRIDGE, MA--(Marketwire - Sep 14, 2011) - IAPP Privacy Academy 2011 -- Co3 Systems, a pioneer in Data Loss Management, today announced the company and its service offering at the IAPP Privacy Academy in Dallas, TX. With massive data loss continuing to accelerate at alarming rates, and a regulatory environment that grows larger and more complex by the day, Co3 Systems offers an automated, repeatable way to prepare for data loss events, assess their potential impact, and generate and manage incident response plans more efficiently. As a result, businesses can cut incident response process time by as much as half -- vastly reducing the risk, expense, and resources associated with data loss events.

Co3 Systems is led by a team of security technology and service industry veterans, including CEO John Bruce and CMO Ted Julian. Bruce's executive leadership experience includes security companies such as Symantec, Counterpane (acquired by BT), and Authentica (acquired by EMC). Julian brings a wealth of experience from both the vendor and market analyst sectors in defining new markets. He led marketing at companies including, Arbor Networks, Application Security, Inc. and @stake (acquired by Symantec), and helped spearhead security practices with Forrester, IDC, and Yankee Group.

The issue of data loss is one that no organization can escape. From cyber-attacks, to access abuse, to human error, data loss is a virtual inevitability. It is an issue that is exacerbated by a growing universe of devices, web-based business and consumer applications, and extended partner supply chains. When data loss occurs, organizations are faced with an equally confusing and fragmented regulatory reporting process. Currently, 46 states, 3 Commonwealths and 14 Federal Agencies have legislation with differing deadlines and requirements -- and that doesn't take into account industry regulations such as PCI. With a process that fosters confusion, the imposition of fines for missed deadlines is common. Even for a modest incident of a few dozen records, these fines can easily surpass $100,000.

Liam Lynch, founder of LiamSoft Internet Security Ventures and a former chief security strategist at eBay emphasizes that manual processes cannot keep up with the pace of business reality: "The increased pace of data loss, growing complexity of the regulatory environment, and need to work across functions in the organization mean that spreadsheets just don't cut it as a data loss management strategy. Firms need not only a more purpose-built solution to manage data loss, but also one that both techies in IT and external legal council will use."

Virtually all of today's security solutions -- endpoint/network security tools, managed security services, etc. -- are focused on attack detection and loss prevention. Yet attacks continue to succeed with increasing sophistication and focus. Despite this, post incident solutions are few and primarily limited to attack forensics. As a result, managing data loss response and communication is a manual process of discovery, regulatory research, and coordination across multiple internal and external stakeholders -- law firms, insurance firms, consultants and accountants. In the assessment stage alone, in which the firm maps the data that is in jeopardy to the appropriate regulators and determines applicability and fines, takes weeks and results in extensive resource consumption and high costs.

"The security industry has always been about attempting to detect an attack before it does damage, or understanding how the damage was done, which leaves customers to figure out, 'o-k so what do I do now?'" said Chief Marketing Officer Ted Julian at Co3 Systems. "While some regulations provide leniency and time if controls like encryption are present or if law enforcement is involved, data loss must still be reported and the clock stops for no one. What Co3 Systems offers is the ability to accurately and efficiently plan for a loss event, and respond quickly and confidently to minimize fines and other variable costs that are controllable with access to the right information, and accountability in the process."

Delivered as a SaaS-based solution and designed for ease-of-use, Co3 Systems dramatically streamlines the incident response process for customers by providing actionable insight in less than 20 minutes. Early engagements suggest the time savings and resource focus alone can save as much as $50,000 per incident. The major aspects of the Co3 Systems solution comprise of the following:

  • Event Preparedness - organizational visibility to audit process effectiveness, refine controls/data inputs and historical information for reporting and monitoring. Co3 Systems also allows organizations to run hypothetical loss scenarios to better understand risks and vulnerabilities as well as simulations to gauge incident response preparedness
  • Data Event Analysis - through comprehensive and customizable forms, enables easy definition of breach scope and impacted data for analysis
  • Liability Assessment - immediate risk assessment and liability estimate incorporating all current applicable regulatory requirements, deadlines, and associated penalties
  • Incident Response - clear and actionable incident response workflow with the ability to create, assign, and track all tasks to completion

Co3 Systems' team and the delivery of the solution via SaaS also ensures that customers have the most up-to-date information regarding current and pending legislation with extensive links to source legislation, disclosure letter templates, contact information and policies -- all easily accessible at every step of the process. Co3 Systems also maintains a network of leading lawyers and other practitioners in the field to routinely share updates, interpretations, and best practices.

To learn more about the best practices lifecycle for data loss incident management and Co3 Systems' new data loss management SaaS offering, which automates this process, register for the upcoming webinar titled, "Tame Data Loss in 4 Easy Steps" scheduled for Wednesday, September 21, 2011 from 1:00 PM - 2:00 PM EDT. Register here.

Pricing and Availability
For a limited time, Co3 Systems is offering a free 90 day trial version via the company's website. The initial pricing for the service is $450 per month. After the first year, customers will choose between Silver or Gold service packages based primarily on the number of incidents they expect on an annual basis. See pricing details here.

About Co3 Systems
Headquartered in Cambridge, MA, Co3 Systems is an innovator in Data Loss Management. The company's SaaS-based offering enables organizations of all sizes to more efficiently prepare for, and rapidly respond to data loss events to minimize costs resulting from fines and optimize resources in breach response. With funding from Fairhaven Capital, the company's executive team and advisors comprise security expertise from organizations including, Symantec, McAfee, Counterpane, Authentica, Arbor Networks, Application Security, Inc., @stake, Verdasys, and InQTel. On the web at

Contact Information