Dead America

https://www.deadamerica.website

@paulkatzoff

https://www.whitecanyon.com

Transcript Download

YouTube Video Here

Paul Katzoff

SUMMARY KEYWORDS

data, company,

device, computer, erase, wipe, people, protect, Paul, software, networks,

securely, temporary internet files, correctly, website, organization, data breach,

tool, information, security

SPEAKERS

Paul Katzoff,

Ed Watters

Ed Watters 

00:00

Data

Security is a major thing in our modern world. But how many of us truly

understand how to protect and dispose of our information properly? Our next

guest, Paul, is going to help us understand that just a little bit better. We

need to understand the technological world that we live in. And we need people

like Paul to help us figure out these data security issues and fill the void.

Let's not waste any time and get into this terrific interview with Paul

Katzoff.  To overcome, you must educate.

Educate not only yourself but educate anyone seeking to learn. We are all Dead

America. We can all learn something. To learn. We must challenge what we

already understand. The way we do that is through conversation. Sometimes we

have conversations with others. However, some of the best conversations happen

with ourselves. Reach Out and challenge yourself. Let's dive in and learn

something right now.  Today, we have Paul

Katzoff with us. He is the CEO of White Canyon Software. Paul, let's start off

with letting people know who Paul Katzoff is. And how did you become the CEO of

white Canyon software?

Paul Katzoff 

03:03

Ed,  pleasure to be here. Pleasure to be on Dead

America. Thank you for having me. First off, I've been the CEO of White Canyon

Software for three years. As far as my education goes, I have an undergraduate

from BYU Hawaii, and then also my MBA from Utah State. As far as it How did I

get to this position? I think it goes to a lot of work. But also, you know,

working for a small company, I have the right educational background, but also

successful in the sales area, the support area, you know, running different

teams, things like that. So when the opening came up, they offered it to me, and

like anyone else out there, I happily jumped at the chance.

Ed Watters 

03:51

Of

course, you know, it's unique, you started from the bottom, and you kind of

went up through the ranks. And that's a great way to learn the details of the

company. When you got out of college, I assume you didn't expect just to jump

into a CEO role.

Paul Katzoff 

04:14

Right.

And I think sometimes in the MBA program, you kind of hope that happened to

you. And looking back, I think you realize just the amount of information you

have to learn post-college, you know, college is great. It gives you a great

framework. It gives you a great understanding of business. But when you get

into the real world and working day to day and how business happens between different

companies. It's a lot to pick up. So yeah, I started off at the bottom. There

was a little bit of humility to take a technical support role, but that was

back in "08" February "08", 

right after the big crash. So I was happy with anything. Took the technical

support role, and I decided to actually apply everything I learned in my MBA

program into that role, and what happened is I was successful; I was organized.

I saw the big picture. And I got offered the support manager role, probably

nine months later, a year later, and moved into that role. And then once again,

I can apply those principles I learned in the MBA program to that position. And

it was really fun to kind of see the real-world real world application come

into play to me; that's where the education so beneficial. And of course, after

that, I moved into sales and on from there.

Ed Watters 

05:37

lot of

hard work and dedication for sure. So, could you tell us what is white Canyon

software?

Paul Katzoff 

05:46

Yes,

White Canyon Software is a data security company. So we securely erase IT

assets. So computers, laptops, desktops, servers, mobile devices, iPads,

phones, you name it, anything with a memory chip on it, or a data-bearing

device, we erase that, that device. And we've been in business for a good 22

years. So in the beginning, it was just, you know, workstations and servers

that was it, but that has really grown into a variety of data-bearing devices,

on the LAN side on the mobile device side, but also on the type of equipment as

well on there that says these now NVMe drives, there's a variety of

architectures out there that we have to work on. And so as it because, becomes

more complex, luckily, the industry it has grown and, and the demand has

increased to kind of to match that issue that's been coming up for a lot of

companies out there.

Ed Watters 

06:48

It sure

has changed since Windows 95. That's for sure. Yeah. So data security, you

know, it's getting noticed a lot more. But yet a lot of us are oblivious to the

dangers that are associated with the data that we store on all of our devices.

How should we properly dispose of our old devices?

Paul Katzoff 

07:14

Yes,

there's, there's some methods to properly dispose of our devices. But let me

talk first to the hubris of it, I think there's a an unfounded confidence that

I'm not going to be a target, or I'm not going to be affected. And or it

doesn't, you know, it's not that important to me, my data, my personal

information, the risk is too low, it's not worth the effort. And just so everyone

knows out there, there is a large volume of actors trying every day actively to

get your data and your personal information. And once they have it, it's not

just, you know, an inconvenience with credit card information. It's it's not

the the pain of having to get a new social security number. There's other

things out other actors out there looking to get your health, health insurance

information so that they can sell it and perform surgeries and other medical

procedures. Under your account. There's mortgage operators out there that

are  actors hoping to kind of intercede

in the mortgage area and to gain some profit there. So to say, it's, you know,

what I come up with across quite a bit is it, you know, it doesn't really

affect me, or they're looking for the rich people, or they're going on to the

corporations. And the truth is, is we're just at the start of data security.

And it's going to get worse before we start protecting our information

correctly. Now, what you now to speak to what you say that, as far as erasing

data, erasing, the equipment, we have the best eraser with data eraser tool,

like our white drive product, there's quite a few out there that will securely

erase any device you have, whether it's an old laptop from college that you had

for 14 years, which my wife has in our desk thing, and I keep telling her we

need to erase and she goes Oh, there's data on there. And I thought, well, you

know, at some point before I leave this house, we got to erase the data on

there. There's phones, when you turn your phone into T Mobile, we recommend you

go and or securely erase that device yourself. You know, there's the peace of

mind and reassurance that you've done it correctly, the data is removed and now

you're safe. from, at least the data is still in that avenue.

Ed Watters 

09:40

Okay, so

assuming that I'm done with my computer, and I want to ensure that the data is

erased. And I've ran this software that many companies out there not only

yours, but many companies provide These wipe software's. How do you know and

verify that your data is fully off of your device?

Paul Katzoff 

10:11

Great

question. Great question. number of different methods, the basic would be like

a sector viewer. So if you got in our program, you can use a sector here within

it, or you can connect your drive to another computer and use a sector viewer

tool on that device. And you can go through sector by sector and see if there's

zeros or ones or whatever. And overwrite pattern you had on that device. A lot

of live software tools in the iPad space also have to have a very verification

tool or their drag tools that we call ours. And that's run on about 3% of

systems for really big refurbishers out there. For a big factor for getting

that done is it has to be a third party, or separate tool from the eraser

program. And it goes through and verified that the erase was proper, all the

data has been removed. So there's lots of different ways to do it. You can even

use a data recovery tool if you want to use that. That's not so exact, but it's

also a good way to spot check as well.

Ed Watters 

11:19

Okay, so

I noticed your software says that it's EAL 2 plus certification. What does that

mean?

Paul Katzoff 

11:33

Great

question. So the EAL 2 plus is a certification by Common Criteria. And what

Common Criteria is, is that they are a group of countries that kind of came

together and they said, Hey, you know, we're all certifying the same products,

how about we have a set certification process, and then anything that's

certified between our countries will then become kind of commonly certified

between all of us. So right now, there's 27 countries that take part in this,

the U.S. is one of those and common criteria is one of the five, the EAL 2 plus

sorry, is one of the five levels. And it's actually the highest you can get at

this point, unless Common Criteria changes their objectives and their their

setup on their side.

Ed Watters 

12:22

Okay, so

your software is used throughout our government to ensure that our government

facilities are using the proper wipe tools on their hard drives. We hear a lot

of controversy within, you know, the Hillary Clinton email scandal, and all

this about was, was her emails properly wiped? So are we secure as a nation

using throughout our government, these proper wipe tools?

Paul Katzoff 

13:03

regulations

have been put in place now for each agency. That wasn't the case. 10 years ago,

15 years ago, there wasn't a set standard for that every device had to be

securely erased before it left that agent here before it is reallocated to a

different federal employee. That is now the case, whether it's being correctly

implemented in each agency is kind of an unknown. On our side, we work with the

DHS, the NSA, the VA, you name it on those three digit acronyms. They use our

wipe track tool for their eraser process. So as far as the data on the federal

side, they have kind they have had to come to a new stage of data is managed

correctly and securely. And we even have the solar winds, data breach or cyber

security breach recently that, you know, exposes a different avenue, which is,

you know, access and who has global access to each computer as well. So,

Ed Watters 

14:07

you

know, we think about wiping our drives when we get rid of our computer. But a

lot of the times we see you've got this detailed layout on your website about

deleting temporary internet files. I had no clue what the dangers of these

temporary internet files are. Could you talk a little bit about that for us?

Paul Katzoff 

14:37

Yeah,

temporary internet files are created by each browser you have. So whether

you're using Chrome, Firefox, Edge, even good old Internet Explorer, it will

create temporary internet files on your computer which are kind of caches of

information. And this the information stored in these internet files is a wide

variety. They don't store your credit card information because that's inserted

and is a variable that can't be read. But it does keep track of where you've

been, you know how long you were at those websites. The content on those

websites does keep some of your keystrokes as well. There's quite a bit of

information, these browsers are storing just on your on your hard drive of your

laptop, and it just sits there. And at some point, it will get overwritten. But

in most cases, it will sit on your computer for years without you having any

idea it's there.

Ed Watters 

15:32

Yeah, so

with that being said, I want to segue into what we are going through right now,

with this pandemic, we have a lot of people that are working at home.  Also we have a lot of children receiving

laptops, from our schools. How are we ensuring this data is safe when it's so

spread out like that?

Paul Katzoff 

16:05

There

is, those are two big giant issues that are coming up the work from home

movement First off, we have to applaud our IT managers and IT departments, you

know, within the U.S. just being able to allow employees to work from home and

then gain access to company networks. Now in doing that, they may have created

a vulnerability where where employees at home, are accessing computer

organization networks, or their their company's networks, from an unsafe

computer, or from their home computer or their personal laptop or personal

desktop. And possibly, they are downloading company files onto this home

computer. The question that comes up is how is this personal computer

protected? Is there a password on there? Is there antivirus software on there?

Is there an intrusion detection method on this laptop or device as well. The

other issue that pops up there as well is organizations have spent millions of

dollars on their network millions of dollars of protecting their networks, you

know, in their offices, and then all of a sudden, all your employees at home

are at home on their home networks. Now, you know, is there a a password to

join these networks to what the encryption level on these these networks? Can

they get hacked, and therefore hack the personal computer the employee is using

to access your network, and then VPN into your network and gain access. We have

moved quickly to get everyone working from home and to keep business going. For

the same time we've opened a major vulnerability into our corporate networks,

and hopefully one that we can clean up before it gets exploited.

Ed Watters 

18:03

Yeah,

because there's a lot of bad players and actors out there that want to exploit

anything they can, especially from America. And I notice on your website, which

is filled with information for people, by the way, I love It's packed full.

There you talk about seven drive retirement security gaps. Could you touch on

that for us a little bit?

Paul Katzoff 

18:33

Absolutely.

So on the drive retirement side, you know, there are a number of different ways

companies try and do this, right? They want to manage their devices, they want

to, you know, create a process to manage them. But in doing this, there's

always not always. But they have come up with many different little kind of

avenues that that our, our companies or our clients forget. And so these seven

security gaps are ones that they need to be aware of. The first one is that

inadequate reporting, okay. If you're liable for data, or if you get stuck with

a potential data breach, it's your responsibility as an organization to provide

proof that you erased all your IT assets. You mentioned earlier, Ed, that

there's lots of wipe software programs out there there are and there's a lot of

free ones. There's a lot of Linux based ones, you name it, they're out there.

But do they provide the reports that prove that your organization has erased

their IP assets correctly, their data bearing devices?

Ed Watters 

19:43

Yeah,

that's, that's interesting. So you also talk about people being fined for

allowing these data breaches to actually occur by letting their laptop slip out

without the data being properly wiped.

Paul Katzoff 

20:01

Absolutely

the on the HIPAA side, which is the Health Information, Privacy Act, this HIPAA

law put keys into letting private health information out or PHI, out of your,

your organization. And there's actually fines attached to it. And if you go to

the Department of HHS into the Office of Civil Rights, you can actually see the

fine amounts. And they they total somewhere around $50 to $60 million in fines

per year, that are charged to companies that don't protect PHI or private

health information correctly. And so HIPAA was given keys to the idea that you

can't let things out of your organization. And we feel with the California data

privacy law, and the future federal data privacy law, there's going to be more

keys out there to protect data, and which is a good thing for most consumers or

for all consumers we feel.

Ed Watters 

20:56

Last

season, I talked with Greg Edwards, and he has a company CryptoStopper, and

they prevent ransomware attacks. Well, our hospital recently got...