https://www.deadamerica.website
@paulkatzoff
https://www.whitecanyon.com
Transcript Download
YouTube Video Here
Paul Katzoff
SUMMARY KEYWORDS
data, company,
device, computer, erase, wipe, people, protect, Paul, software, networks,
securely, temporary internet files, correctly, website, organization, data breach,
tool, information, security
SPEAKERS
Paul Katzoff,
Ed Watters
Ed Watters
00:00
Data
Security is a major thing in our modern world. But how many of us truly
understand how to protect and dispose of our information properly? Our next
guest, Paul, is going to help us understand that just a little bit better. We
need to understand the technological world that we live in. And we need people
like Paul to help us figure out these data security issues and fill the void.
Let's not waste any time and get into this terrific interview with Paul
Katzoff. To overcome, you must educate.
Educate not only yourself but educate anyone seeking to learn. We are all Dead
America. We can all learn something. To learn. We must challenge what we
already understand. The way we do that is through conversation. Sometimes we
have conversations with others. However, some of the best conversations happen
with ourselves. Reach Out and challenge yourself. Let's dive in and learn
something right now. Today, we have Paul
Katzoff with us. He is the CEO of White Canyon Software. Paul, let's start off
with letting people know who Paul Katzoff is. And how did you become the CEO of
white Canyon software?
Paul Katzoff
03:03
Ed, pleasure to be here. Pleasure to be on Dead
America. Thank you for having me. First off, I've been the CEO of White Canyon
Software for three years. As far as my education goes, I have an undergraduate
from BYU Hawaii, and then also my MBA from Utah State. As far as it How did I
get to this position? I think it goes to a lot of work. But also, you know,
working for a small company, I have the right educational background, but also
successful in the sales area, the support area, you know, running different
teams, things like that. So when the opening came up, they offered it to me, and
like anyone else out there, I happily jumped at the chance.
Ed Watters
03:51
Of
course, you know, it's unique, you started from the bottom, and you kind of
went up through the ranks. And that's a great way to learn the details of the
company. When you got out of college, I assume you didn't expect just to jump
into a CEO role.
Paul Katzoff
04:14
Right.
And I think sometimes in the MBA program, you kind of hope that happened to
you. And looking back, I think you realize just the amount of information you
have to learn post-college, you know, college is great. It gives you a great
framework. It gives you a great understanding of business. But when you get
into the real world and working day to day and how business happens between different
companies. It's a lot to pick up. So yeah, I started off at the bottom. There
was a little bit of humility to take a technical support role, but that was
back in "08" February "08",
right after the big crash. So I was happy with anything. Took the technical
support role, and I decided to actually apply everything I learned in my MBA
program into that role, and what happened is I was successful; I was organized.
I saw the big picture. And I got offered the support manager role, probably
nine months later, a year later, and moved into that role. And then once again,
I can apply those principles I learned in the MBA program to that position. And
it was really fun to kind of see the real-world real world application come
into play to me; that's where the education so beneficial. And of course, after
that, I moved into sales and on from there.
Ed Watters
05:37
lot of
hard work and dedication for sure. So, could you tell us what is white Canyon
software?
Paul Katzoff
05:46
Yes,
White Canyon Software is a data security company. So we securely erase IT
assets. So computers, laptops, desktops, servers, mobile devices, iPads,
phones, you name it, anything with a memory chip on it, or a data-bearing
device, we erase that, that device. And we've been in business for a good 22
years. So in the beginning, it was just, you know, workstations and servers
that was it, but that has really grown into a variety of data-bearing devices,
on the LAN side on the mobile device side, but also on the type of equipment as
well on there that says these now NVMe drives, there's a variety of
architectures out there that we have to work on. And so as it because, becomes
more complex, luckily, the industry it has grown and, and the demand has
increased to kind of to match that issue that's been coming up for a lot of
companies out there.
Ed Watters
06:48
It sure
has changed since Windows 95. That's for sure. Yeah. So data security, you
know, it's getting noticed a lot more. But yet a lot of us are oblivious to the
dangers that are associated with the data that we store on all of our devices.
How should we properly dispose of our old devices?
Paul Katzoff
07:14
Yes,
there's, there's some methods to properly dispose of our devices. But let me
talk first to the hubris of it, I think there's a an unfounded confidence that
I'm not going to be a target, or I'm not going to be affected. And or it
doesn't, you know, it's not that important to me, my data, my personal
information, the risk is too low, it's not worth the effort. And just so everyone
knows out there, there is a large volume of actors trying every day actively to
get your data and your personal information. And once they have it, it's not
just, you know, an inconvenience with credit card information. It's it's not
the the pain of having to get a new social security number. There's other
things out other actors out there looking to get your health, health insurance
information so that they can sell it and perform surgeries and other medical
procedures. Under your account. There's mortgage operators out there that
are actors hoping to kind of intercede
in the mortgage area and to gain some profit there. So to say, it's, you know,
what I come up with across quite a bit is it, you know, it doesn't really
affect me, or they're looking for the rich people, or they're going on to the
corporations. And the truth is, is we're just at the start of data security.
And it's going to get worse before we start protecting our information
correctly. Now, what you now to speak to what you say that, as far as erasing
data, erasing, the equipment, we have the best eraser with data eraser tool,
like our white drive product, there's quite a few out there that will securely
erase any device you have, whether it's an old laptop from college that you had
for 14 years, which my wife has in our desk thing, and I keep telling her we
need to erase and she goes Oh, there's data on there. And I thought, well, you
know, at some point before I leave this house, we got to erase the data on
there. There's phones, when you turn your phone into T Mobile, we recommend you
go and or securely erase that device yourself. You know, there's the peace of
mind and reassurance that you've done it correctly, the data is removed and now
you're safe. from, at least the data is still in that avenue.
Ed Watters
09:40
Okay, so
assuming that I'm done with my computer, and I want to ensure that the data is
erased. And I've ran this software that many companies out there not only
yours, but many companies provide These wipe software's. How do you know and
verify that your data is fully off of your device?
Paul Katzoff
10:11
Great
question. Great question. number of different methods, the basic would be like
a sector viewer. So if you got in our program, you can use a sector here within
it, or you can connect your drive to another computer and use a sector viewer
tool on that device. And you can go through sector by sector and see if there's
zeros or ones or whatever. And overwrite pattern you had on that device. A lot
of live software tools in the iPad space also have to have a very verification
tool or their drag tools that we call ours. And that's run on about 3% of
systems for really big refurbishers out there. For a big factor for getting
that done is it has to be a third party, or separate tool from the eraser
program. And it goes through and verified that the erase was proper, all the
data has been removed. So there's lots of different ways to do it. You can even
use a data recovery tool if you want to use that. That's not so exact, but it's
also a good way to spot check as well.
Ed Watters
11:19
Okay, so
I noticed your software says that it's EAL 2 plus certification. What does that
mean?
Paul Katzoff
11:33
Great
question. So the EAL 2 plus is a certification by Common Criteria. And what
Common Criteria is, is that they are a group of countries that kind of came
together and they said, Hey, you know, we're all certifying the same products,
how about we have a set certification process, and then anything that's
certified between our countries will then become kind of commonly certified
between all of us. So right now, there's 27 countries that take part in this,
the U.S. is one of those and common criteria is one of the five, the EAL 2 plus
sorry, is one of the five levels. And it's actually the highest you can get at
this point, unless Common Criteria changes their objectives and their their
setup on their side.
Ed Watters
12:22
Okay, so
your software is used throughout our government to ensure that our government
facilities are using the proper wipe tools on their hard drives. We hear a lot
of controversy within, you know, the Hillary Clinton email scandal, and all
this about was, was her emails properly wiped? So are we secure as a nation
using throughout our government, these proper wipe tools?
Paul Katzoff
13:03
regulations
have been put in place now for each agency. That wasn't the case. 10 years ago,
15 years ago, there wasn't a set standard for that every device had to be
securely erased before it left that agent here before it is reallocated to a
different federal employee. That is now the case, whether it's being correctly
implemented in each agency is kind of an unknown. On our side, we work with the
DHS, the NSA, the VA, you name it on those three digit acronyms. They use our
wipe track tool for their eraser process. So as far as the data on the federal
side, they have kind they have had to come to a new stage of data is managed
correctly and securely. And we even have the solar winds, data breach or cyber
security breach recently that, you know, exposes a different avenue, which is,
you know, access and who has global access to each computer as well. So,
Ed Watters
14:07
you
know, we think about wiping our drives when we get rid of our computer. But a
lot of the times we see you've got this detailed layout on your website about
deleting temporary internet files. I had no clue what the dangers of these
temporary internet files are. Could you talk a little bit about that for us?
Paul Katzoff
14:37
Yeah,
temporary internet files are created by each browser you have. So whether
you're using Chrome, Firefox, Edge, even good old Internet Explorer, it will
create temporary internet files on your computer which are kind of caches of
information. And this the information stored in these internet files is a wide
variety. They don't store your credit card information because that's inserted
and is a variable that can't be read. But it does keep track of where you've
been, you know how long you were at those websites. The content on those
websites does keep some of your keystrokes as well. There's quite a bit of
information, these browsers are storing just on your on your hard drive of your
laptop, and it just sits there. And at some point, it will get overwritten. But
in most cases, it will sit on your computer for years without you having any
idea it's there.
Ed Watters
15:32
Yeah, so
with that being said, I want to segue into what we are going through right now,
with this pandemic, we have a lot of people that are working at home. Also we have a lot of children receiving
laptops, from our schools. How are we ensuring this data is safe when it's so
spread out like that?
Paul Katzoff
16:05
There
is, those are two big giant issues that are coming up the work from home
movement First off, we have to applaud our IT managers and IT departments, you
know, within the U.S. just being able to allow employees to work from home and
then gain access to company networks. Now in doing that, they may have created
a vulnerability where where employees at home, are accessing computer
organization networks, or their their company's networks, from an unsafe
computer, or from their home computer or their personal laptop or personal
desktop. And possibly, they are downloading company files onto this home
computer. The question that comes up is how is this personal computer
protected? Is there a password on there? Is there antivirus software on there?
Is there an intrusion detection method on this laptop or device as well. The
other issue that pops up there as well is organizations have spent millions of
dollars on their network millions of dollars of protecting their networks, you
know, in their offices, and then all of a sudden, all your employees at home
are at home on their home networks. Now, you know, is there a a password to
join these networks to what the encryption level on these these networks? Can
they get hacked, and therefore hack the personal computer the employee is using
to access your network, and then VPN into your network and gain access. We have
moved quickly to get everyone working from home and to keep business going. For
the same time we've opened a major vulnerability into our corporate networks,
and hopefully one that we can clean up before it gets exploited.
Ed Watters
18:03
Yeah,
because there's a lot of bad players and actors out there that want to exploit
anything they can, especially from America. And I notice on your website, which
is filled with information for people, by the way, I love It's packed full.
There you talk about seven drive retirement security gaps. Could you touch on
that for us a little bit?
Paul Katzoff
18:33
Absolutely.
So on the drive retirement side, you know, there are a number of different ways
companies try and do this, right? They want to manage their devices, they want
to, you know, create a process to manage them. But in doing this, there's
always not always. But they have come up with many different little kind of
avenues that that our, our companies or our clients forget. And so these seven
security gaps are ones that they need to be aware of. The first one is that
inadequate reporting, okay. If you're liable for data, or if you get stuck with
a potential data breach, it's your responsibility as an organization to provide
proof that you erased all your IT assets. You mentioned earlier, Ed, that
there's lots of wipe software programs out there there are and there's a lot of
free ones. There's a lot of Linux based ones, you name it, they're out there.
But do they provide the reports that prove that your organization has erased
their IP assets correctly, their data bearing devices?
Ed Watters
19:43
Yeah,
that's, that's interesting. So you also talk about people being fined for
allowing these data breaches to actually occur by letting their laptop slip out
without the data being properly wiped.
Paul Katzoff
20:01
Absolutely
the on the HIPAA side, which is the Health Information, Privacy Act, this HIPAA
law put keys into letting private health information out or PHI, out of your,
your organization. And there's actually fines attached to it. And if you go to
the Department of HHS into the Office of Civil Rights, you can actually see the
fine amounts. And they they total somewhere around $50 to $60 million in fines
per year, that are charged to companies that don't protect PHI or private
health information correctly. And so HIPAA was given keys to the idea that you
can't let things out of your organization. And we feel with the California data
privacy law, and the future federal data privacy law, there's going to be more
keys out there to protect data, and which is a good thing for most consumers or
for all consumers we feel.
Ed Watters
20:56
Last
season, I talked with Greg Edwards, and he has a company CryptoStopper, and
they prevent ransomware attacks. Well, our hospital recently got...