Information Security

Blumenfeld & Maso has several years of experience designing enterprise systems with very high information security requirements. Information security is about protecting data, and our skills and experience mean we know how to design and develop with these information security aspects in mind:

• Authorization. Ensuring only those allowed to see data have access to the data while under control of the system.
• Categorization and classification. Designing different authorization requirements and use cases based on the nature of the data itself.
• Confidentiality. As opposed to authorization, this means protecting the data from unauthorized copying while in transit or otherwise out of control of the system.
• Auditing. Tracking which users accessed what data. This is a key component to system design, for without it you cannot audit and track the flow of protected data.

Like some of our Information Security clients listed below, your company may have sensitive industry information, financial information, or other types of data that requires string protection. Contact us. We know how to protect data.

At Experian Corp., Blumenfeld & Maso supplied technical leadership to help guide the transition of a major B2B credit reporting system from mainframe/CACS to J2EE. Information security was not just an important project focus; it was more than "mission critical"; for Experian information security is a matter of federal law.

Each piece of datum collected about a business entity must be individually tracked. What data each subscriber company can see is a function of who supplied the data originally, whether the data has been corroborated by additional sources, and how long the data has been in Experian's system. The information security requirements were extremely complex for this project. Blumenfeld & Maso supplied leadership and technical vision to get the job done.

Blumenfeld & Maso Principal Brian Maso was contracted to help research information security technologies and protocols as they apply to the US DoD PKI, for use in web services accessing and serving classified information. These designs went in to production, protecting sensitive data sharing applications between the US DoD and defense industry giants such as Boeing and Lockheed-Martin.

Cardinal Health is a major player in the automated inventory and dispensing of prescription drugs. These controlled substances must be protected in the hospital, pharmacy or health provider environments. When contemplating a re-write of some of their flagship applications, Cardinal Health called on Blumenfeld & Maso to help design and develop the security implementation. Cardinal's main requirement: a rock-solid security infrastructure, securing access to controlled medications. Our designs became a core part of the HelpMate mobile drug delivery system.

Blumenfeld & Maso was asked to analyze the information security surrounding the State of California's proposed Real Estate Document Recording law (2003 AS Bill 553). This law would allow title and escrow companies to record real estate documents electronically in California. The consequences of fraud are astronomical, so an extremely thourough, detailed and critical analysis of information security was required before the law could be passed and before software could be certified safe. Blumenfeld & Maso provided expert guidance to several key players in this arena.