SlideShare a Scribd company logo

Sherpa Short Story: Data Leakage at Gensui Imaging

Sherpa Software
Sherpa Software

Sherpa introduces its first short story! Grant Lindsay, Product Manager for Compliance Attender for Lotus Notes, takes us through a fictional scenario, where an employee of a major imaging company, leaks an upcoming merger. Based on real life situations, this story will explain how companies can stop email messages and capture them in a graveyard journal before any confidential information is released. Read the story to learn more!

Technology
1 of 8
Download to read offline
Data Leakage at Gensui Imaging A Short Story by Grant Lindsay Under the copyright laws, neither the documentation nor the software can be copied, photocopied, reproduced, translated, or reduced to any electronic medium of machine-readable form, in whole or in part, without the written consent of Sherpa Software Partners, except in the manner described in the software agreement. © Copyright 2011 Everest Software, L.P., d.b.a. Sherpa Software Partners, L.P. All rights reserved. Printed in the United States. Compliance Attender for Lotus Notes is the registered trademark of Sherpa Software Partners, L.P.
------------------------------------------------------- Part 1 ------------------------------------------------------- hat I am about to tell you must not leave this room.” It was Derek Reinholt's opening statement to “W his management team. Fourteen people sat around the conference room table as Derek stood by the whiteboard that was now doubling as a screen. He continued, “Sonia, can you get the lights, please?” The room dimmed and Derek began his presentation in the glow of the projector. The slides included the well-known review of how Derek had started Gensui Imaging with a college roommate during their senior year at Carnegie Mellon University and of how, over the intervening seventeen years, they had grown a part-time business into a successful digital image processing company. “You and your teams,” Derek said to his audience, “—in fact, all of our nearly 1,200 employees—have been instrumental in our phenomenal growth and global presence in our industry. And now,” he paused as a grin spread across his face, “Gensui Imaging is moving into a new chapter of its history.” The next slide showed an animation of the words “Gensui” and “Acme” gliding toward each other from opposite sides of the screen, overlapping in the center, and finally dissolving to re-form as “Gensui Acme Imaging.” Derek paused to scan the faces of his leadership team and said, “We're merging with Acme Co.” There was a collective gasp and then, quiet expressions of “wow” and “that's exciting” as the impact of the news sank in. A merger with Acme Co. would expand Gensui's market reach and solution offerings. That much was obvious. But, the potential of a merger with their largest client and the nation's number three video post-production shop was nothing short of electric. Alexandra Jennings, Gensui's Operations Manager, was in the room listening with growing excitement to Derek's disclosure of the new deal with Acme Co. Her brain was spinning with the possibilities. Beyond the obvious and short-term benefits of getting access to Acme's customer base and their brand recognition, there were the longer-term goals, as Derek was now showing on the screen, of moving into new and complementary markets and product lines. Wow, Alex thought, I have to tell, Ryan. Discreetly, Alexandra took out her company phone and tapped a quick email to her husband: “Big news at work about Gensui and Acme!! Tell you more later.” She touched the “send” button and returned her attention to the meeting. Derek was wrapping up by saying, almost as if on cue, “Remember, we need to keep this confidential until the joint press release next Monday. I will also be scheduling a meeting for the whole company at the same time to let everyone know. Thanks everyone.” As the lights came up and the meeting broke out into excited chatter, Alex felt a slight pang of guilt about her email, I only told Ryan, she thought. He's family and, besides, he won't care that much, anyway. He certainly won't tell anyone. Just in case, I'll email him to keep it confidential, she resolved, when I get back to my desk. Alexandra's husband, however, would never get those emails. ------------------------------------------------------- Part 2 ------------------------------------------------------- Three days before Derek's big meeting with his management team, Valerie Wright, the Email Administrator for Gensui, was at her desk, busy as usual. The home-grown support ticket system, built on IBM Lotus Notes and Domino, had several requests assigned to her and she was in the middle of an urgent one for the head of Legal. The support request application certainly made things run more smoothly, but the requests never seemed to end. That's when she noticed Peter Terrell, the Director of Information Systems and her manager, standing at the entrance to her cubicle. She removed one of her ear-buds to hear him. “Val, can I see you in my office, please? It will just be a few minutes.” | Page 2 of 8
“Ah, sure, Peter.” Her eyes drifted back to her screen. “Let me just get this restore started for Brian and I'll be right in.” A few minutes later, Valerie was standing by Peter's office door. “Come in, Val. Close the door, please.” She did so. “Have a seat.” Peter wasn't one for closed-door meetings, so she knew this conversation was going to be unusual. She hoped she wasn't in some kind of trouble. Peter began. “I need your help with something sensitive and very confidential.” “Sure.” Valerie relaxed. This wasn't about her. “What is it?” “We need to set up another filtering rule in Compliance Attender.” “Okay. Do you have the specifics?” “I do.” Peter smiled as he handed a sheet of yellow notepad paper to Valerie with his neat, block-letter writing on it. She let out an involuntary “hmmm” when she read the words “merger” and “Acme.” She looked up at Peter. “I think you can see,” said Peter, in a more serious tone, “that this must remain strictly confidential.” “Well, yeah!” Valerie looked at the sheet again for a few seconds, then said, “So, you want me to set up a Compliance Attender filtering restriction to stop any messages that have these keywords from being sent. Is that right?” “That's right.” “Sure. That's easy.” Then, Valerie added, “Do you want to capture these messages, too, or just stop them?” “We had better keep a copy of any of these potential leaks for review. Derek will want to see them.” “Okay. I'll set up a graveyard.” A thought occurred to her. “These keywords might produce more than a few false- positives. We should likely turn on reviewing for this graveyard.” Peter looked puzzled. “Refresh my memory.” “Well, you know that a graveyard is a repository for messages that get stopped by Compliance Attender, right?” “I remember that.” “Okay. So, we can set up any given graveyard with a review process that lets authorized users read those filtered messages and either confirm or over-rule the graveyard action. The approvers can either release the message, if it's a false-positive, or confirm the graveyard action, if it isn't.” “I see.” “And only the approvers (and the database Manager) can see the messages,” Valerie continued, “and, even then, only when they are in this pending state. So, its really locked down.” “That's important, here.” “Who should I make the approver?” “I guess that will be me,” Peter said. | Page 3 of 8
“And should I make anyone your back up, in case you can't get to a message to act on it in a reasonable time?” “Hmmm... let's put Derek, since, as of now, we three (and the lawyers) are the only ones in the company who know about this. But, let's give it a full 24 hours before we notify him.” “Can do.” “Do you need anything else to make this happen?” “No. I can come up with the wording for the notifications. I'll let you know when it's set up.” “Thanks, Val.” Valerie got up to leave and as she was at the door, Peter added, “Just bring back that sheet when you are done.” “Oh, yeah,” she said, looking down at Peter's hand-written note in her hand. “No problem.” Back at her desk, Valerie noticed that the restore of Brian's mail file was still running, so she switched screens and opened Compliance Attender. Setting up the Compliance Restriction and Graveyard Definition only took a couple of minutes. Then, she created two Notification Definitions; one for Peter that would be used during the initial message capture and the other for both Derek and Peter to be sent during the first escalation, twenty four hours later. She wouldn't need the second or third escalation, she decided. Next, Valerie set the graveyard's access control list management settings right on the Graveyard Definition to lock it down tight. After saving her changes, she replicated them to her other mail server, issued the “Set Rules” command to both servers and sent a test message to Peter with the keywords in it. As expected, it was filtered by Domino and placed in the Compliance Attender temporary graveyard. Valerie decided to let the processing agent run on its schedule, rather than forcing it to run immediately, since it was already set to run every fifteen minutes. She popped her head into Peter's office and he invited her in. “We're all set,” she said, while closing the door. “That was fast.” “I sent a test message to you with the keywords and it was filtered correctly.” Valerie placed the yellow note paper back on Peter's desk. “You should get a notification, shortly. Just follow the link to the message and either click 'Release' or 'Graveyard,' as the case may be.” Peter looked at his screen. “Wait. I think this might be the notification. 'Here's that thing you asked for'. Is that the subject?” “Yeah. I was trying to not give anything away in the subject, in case anyone happened to see your phone or something. But, the notification email is completely customizable, if you want me to change it.” “No, I like it. It's very casual and vague. Perfect.” Peter double-clicked and said, “Can you wait while I do this, in case I get stuck?” “Sure.” “Okay, so I opened the notification and I see you have included the date, sender, recipients, original subject. Great. And there's the link. So, I'll click that... Ah, there's the message. Oh, I see the buttons. I assume that 'Release' will send the message to the original recipients.” “That's right.” “And 'Graveyard' will keep it here?” | Page 4 of 8
“Right again.” “Okay. Since this is a false positive,” Peter said as he gave Valerie an exaggerated wink, “we'll release it. So, I click 'Release'... 'Do you want to release this message?' Yes, thanks for asking. Okay... and I'm back to my mail. What should happen now?” “Since you were the recipient of that message, you should get it.” “Okay... well, what do you know? There it is. Nice.” “Also, the graveyarded copy is still back there, logged with who released it and when... for auditing.” “Oh, that's good.” “And, one last thing. I excluded Derek from the filtering restriction in Compliance Attender, so he can communicate about... this thing... with whomever.” “Good call. Thanks, Val. I'll let you know if I get into any trouble with this.” “No problem. Now, if I can just get Brian to understand that delete means delete.” ------------------------------------------------------- Part 3 ------------------------------------------------------- On his way back to his office after Derek's bombshell meeting, Peter's phone chimed and vibrated. On reflex, he pulled it out of his pocket and examined the screen. An email, “Here's that thing you asked for” from the Domino Administrator. That was one of Val's graveyard notifications. Peter had only gotten a handful of these over the weekend, all of which had been false positives that he had released. This one seemed suspicious, though, coming so soon after Derek's announcement. Peter tapped the screen to open the notification. It was from Alex Jennings to an outside mail account he didn't recognize. No subject. Not good. Peter tried not to give the impression of panic as he hurried back to his office to examine the email more closely. As he sat down in front of his computer, he realized he had been worried for no reason. It dawned on him: since he had gotten the graveyard notification, that meant the message was caught. It didn't get out. There was no leakage... yet. His sigh of relief was audible. Okay, he thought, Let's take a closer look at you. He double-clicked the notification message in his Notes mail and clicked the link to the graveyarded message. Now, he could see the body: “Big news at work about Gensui and Acme!! Tell you more later.” “Oh, Alex, what did you do?” he muttered. As much as he didn't want to get his friend and colleague in trouble, Peter knew that he would have to tell Derek. Who did you send this to, Alex? he thought. Or, rather, try to send this to? The sole recipient was a Gmail address. A quick Google search had Peter looking at Ryan Jennings' Facebook page. Alex's husband. Peter was starting to realize that this was probably not corporate espionage when his phone chimed and vibrated again. He glanced over at the small screen on his desk and saw another graveyard notification. Peter switched to his email tab, opened the new notification and saw that it was from Alex to her husband again. He clicked the link: “About that Acme email: please don't tell anyone. Love, A.” | Page 5 of 8
Peter printed the two email messages to the printer on his credenza as he picked up the phone and dialed. A few seconds later he said, “We might have a leakage issue.” Then, after a pause, “Okay. I'll come right up.” ------------------------------------------------------- Part 4 ------------------------------------------------------- Alexandra was reading over the previous week's project statuses in preparation for her eleven o'clock team meeting, when her desk phone beeped. The call display said, “REINHOLT, D. x2992” She picked up before the second beep. “This is Alex Jennings.” She always answered that way, even when she knew the caller's identity. “Hi, Alex. It's Derek,” the phone's ear piece relayed. “Something kind of important has come up. Can I see you in my office?” Derek didn't say when, but Alex knew he meant now. There was still more than half an hour before her meeting. “I'll be right there.” “Thank you.” Derek hung up. When Alex arrived at Derek's office, she saw that Peter Terrell was already seated inside and that they were talking, so she paused at the door and knocked. “Hey Alex. Come on in,” Derek smiled. “Give the door a little push, would you.” Alexandra closed the door behind her and approached Derek's desk, a little more anxious with each step. “Have a seat, Alex. Peter's going to sit in on this with us.” “Hi, Alex,” Peter said with a forced smile. Alex nodded to him, but just sat. “Peter brought me some news, Alex,” Derek started. “And I need to get your input on it.” “Sure, Derek.” Alex glanced over at Peter who was looking at Derek. “I asked Peter to make a configuration change to our email Compliance software... What's it called, Peter?” “Compliance Attender.” “Right. Compliance Attender.” Derek continued, “Anyway, I wanted to make sure that we didn't let any news slip prematurely about the Acme deal. Their board is very sensitive about controlling what the media hears and any leakage about it could sour this merger. It's just too important for us, Alex.” She could see where this was going. That stupid email to Ryan. But, she didn't want to confess anything too soon, so she just listened. “Which brings us to this.” Derek handed two sheets of paper to Alex. The headings on each read “Graveyard Message” below which followed other details, including her address and that of her husband's. They were copies of her emails to Ryan, as she had suspected. She looked up at Derek and said, “I'm sorry, Derek. I got excited about the news and told Ryan without thinking. I would never leak anything this important...” “I know, Alex,” Derek interrupted with a raised hand. “It's clear this was just a slip. And Compliance Attender | Page 6 of 8
stopped the messages from getting out, so there is no harm done. Ryan still doesn't know anything about this.” Then he added, “Does he?” “These emails were the only things I sent him. If he didn't get them, then he doesn't know,” Alex reasoned. “And I won't tell him anything until the press release, Derek. I promise.” “That's all I wanted to hear, Alex.” Then, Derek grinned, clapped his hands and said, “Just think. Next week we'll be able to tell everyone and celebrate.” His exuberance always lightened the mood, once the serious work was finished. He was a good boss. “Thanks, you two,” Derek said to end the meeting. ------------------------------------------------------- Part 5 ------------------------------------------------------- As they left, Peter stopped Alexandra at Derek's office door and said quietly, “I'm sorry, Alex. I had to tell him.” “No, don't worry, Peter. You did the right thing,” she said. “I'm just glad that that Compliance thing...” “Attender,” Peter interjected. “What?” “Compliance Attender.” “Right. Anyway. I'm just glad it caught those messages. Once that stuff gets out, who knows where it will end up?” As they parted, each heading to their own offices, Peter thought how glad he was to have the right tools to solve these sticky problems. They made him look good. | Page 7 of 8
About the Author As the Product Manager for Compliance Attender for Notes, Grant is responsible for product research and development, pre-sales technical support (e.g., Demos), post-sales technical support and competitive research. Grant joined Sherpa Software in 2007 and has 17 years of experience in Information Technology. Of those, more than 16 were spent building applications with Lotus Notes and Domino. He worked with a wide range of company sizes and across several industries including insurance, consulting, venture capital, manufacturing, software and more. Grant is an IBM Certified Advanced Application Developer and an expert in email management and compliance, LotusScript, Notes Formula Language, application design and security. He is also skilled in C/C++ and Java Application Programming Interfaces (APIs) for Notes and Domino. Grant is accomplished in web delivered technologies: HTML, CSS, and JavaScript. He graduated in 1995 from the Career Development Institute with a Programmer Analyst Diploma. Grant spends his off time with his wife, Lydia, of 19 years and their three retired greyhound racers, Rio, Wavorly and Oriole. | Page 8 of 8

Recommended

The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeSherpa Software
 
What's New with Discovery Attender for Notes
What's New with Discovery Attender for NotesWhat's New with Discovery Attender for Notes
What's New with Discovery Attender for NotesSherpa Software
 
Putting the "ME" in social media
Putting the "ME" in social media Putting the "ME" in social media
Putting the "ME" in social media Sherpa Software
 
Email Regulatory Compliance: Preparing Your Organization
Email Regulatory Compliance: Preparing Your OrganizationEmail Regulatory Compliance: Preparing Your Organization
Email Regulatory Compliance: Preparing Your OrganizationSherpa Software
 
The Sherpa Approach: Features and Limitations of Exchange E-Discovery
The Sherpa Approach: Features and Limitations of Exchange E-DiscoveryThe Sherpa Approach: Features and Limitations of Exchange E-Discovery
The Sherpa Approach: Features and Limitations of Exchange E-DiscoverySherpa Software
 
Policy-Driven Information Governance
Policy-Driven Information GovernancePolicy-Driven Information Governance
Policy-Driven Information GovernanceSherpa Software
 
How to use IBM Connections to manage a product build
How to use IBM Connections to manage a product buildHow to use IBM Connections to manage a product build
How to use IBM Connections to manage a product buildSherpa Software
 
Free Infographic: Where are you housing your data? IT Admins Weigh In!
Free Infographic: Where are you housing your data? IT Admins Weigh In!Free Infographic: Where are you housing your data? IT Admins Weigh In!
Free Infographic: Where are you housing your data? IT Admins Weigh In!Sherpa Software
 

Recommended

The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeSherpa Software
 
What's New with Discovery Attender for Notes
What's New with Discovery Attender for NotesWhat's New with Discovery Attender for Notes
What's New with Discovery Attender for NotesSherpa Software
 
Putting the "ME" in social media
Putting the "ME" in social media Putting the "ME" in social media
Putting the "ME" in social media Sherpa Software
 
Email Regulatory Compliance: Preparing Your Organization
Email Regulatory Compliance: Preparing Your OrganizationEmail Regulatory Compliance: Preparing Your Organization
Email Regulatory Compliance: Preparing Your OrganizationSherpa Software
 
The Sherpa Approach: Features and Limitations of Exchange E-Discovery
The Sherpa Approach: Features and Limitations of Exchange E-DiscoveryThe Sherpa Approach: Features and Limitations of Exchange E-Discovery
The Sherpa Approach: Features and Limitations of Exchange E-DiscoverySherpa Software
 
Policy-Driven Information Governance
Policy-Driven Information GovernancePolicy-Driven Information Governance
Policy-Driven Information GovernanceSherpa Software
 
How to use IBM Connections to manage a product build
How to use IBM Connections to manage a product buildHow to use IBM Connections to manage a product build
How to use IBM Connections to manage a product buildSherpa Software
 
Free Infographic: Where are you housing your data? IT Admins Weigh In!
Free Infographic: Where are you housing your data? IT Admins Weigh In!Free Infographic: Where are you housing your data? IT Admins Weigh In!
Free Infographic: Where are you housing your data? IT Admins Weigh In!Sherpa Software
 
Gensui Acme Imaging — Episode 5: Archive Consolidation
Gensui Acme Imaging — Episode 5: Archive ConsolidationGensui Acme Imaging — Episode 5: Archive Consolidation
Gensui Acme Imaging — Episode 5: Archive ConsolidationSherpa Software
 
Short Story: Gensui Imaging - What you don't know can hurt you
Short Story: Gensui Imaging - What you don't know can hurt youShort Story: Gensui Imaging - What you don't know can hurt you
Short Story: Gensui Imaging - What you don't know can hurt youSherpa Software
 
Short Story: Gensui Imaging – The Encrypted Journals Catastrophe
Short Story: Gensui Imaging – The Encrypted Journals CatastropheShort Story: Gensui Imaging – The Encrypted Journals Catastrophe
Short Story: Gensui Imaging – The Encrypted Journals CatastropheSherpa Software
 
Discovery Attender by the Numbers
Discovery Attender by the NumbersDiscovery Attender by the Numbers
Discovery Attender by the NumbersSherpa Software
 
Email Classification - Why Should it Matter to You?
Email Classification - Why Should it Matter to You?Email Classification - Why Should it Matter to You?
Email Classification - Why Should it Matter to You?Sherpa Software
 
The Case for NSF
The Case for NSFThe Case for NSF
The Case for NSFSherpa Software
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

More Related Content

More from Sherpa Software

Gensui Acme Imaging — Episode 5: Archive Consolidation
Gensui Acme Imaging — Episode 5: Archive ConsolidationGensui Acme Imaging — Episode 5: Archive Consolidation
Gensui Acme Imaging — Episode 5: Archive ConsolidationSherpa Software
 
Short Story: Gensui Imaging - What you don't know can hurt you
Short Story: Gensui Imaging - What you don't know can hurt youShort Story: Gensui Imaging - What you don't know can hurt you
Short Story: Gensui Imaging - What you don't know can hurt youSherpa Software
 
Short Story: Gensui Imaging – The Encrypted Journals Catastrophe
Short Story: Gensui Imaging – The Encrypted Journals CatastropheShort Story: Gensui Imaging – The Encrypted Journals Catastrophe
Short Story: Gensui Imaging – The Encrypted Journals CatastropheSherpa Software
 
Discovery Attender by the Numbers
Discovery Attender by the NumbersDiscovery Attender by the Numbers
Discovery Attender by the NumbersSherpa Software
 
Email Classification - Why Should it Matter to You?
Email Classification - Why Should it Matter to You?Email Classification - Why Should it Matter to You?
Email Classification - Why Should it Matter to You?Sherpa Software
 

More from Sherpa Software (6)

Gensui Acme Imaging — Episode 5: Archive Consolidation
Gensui Acme Imaging — Episode 5: Archive ConsolidationGensui Acme Imaging — Episode 5: Archive Consolidation
Gensui Acme Imaging — Episode 5: Archive Consolidation
 
Short Story: Gensui Imaging - What you don't know can hurt you
Short Story: Gensui Imaging - What you don't know can hurt youShort Story: Gensui Imaging - What you don't know can hurt you
Short Story: Gensui Imaging - What you don't know can hurt you
 
Short Story: Gensui Imaging – The Encrypted Journals Catastrophe
Short Story: Gensui Imaging – The Encrypted Journals CatastropheShort Story: Gensui Imaging – The Encrypted Journals Catastrophe
Short Story: Gensui Imaging – The Encrypted Journals Catastrophe
 
Discovery Attender by the Numbers
Discovery Attender by the NumbersDiscovery Attender by the Numbers
Discovery Attender by the Numbers
 
Email Classification - Why Should it Matter to You?
Email Classification - Why Should it Matter to You?Email Classification - Why Should it Matter to You?
Email Classification - Why Should it Matter to You?
 
The Case for NSF
The Case for NSFThe Case for NSF
The Case for NSF
 

Recently uploaded

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Sherpa Short Story: Data Leakage at Gensui Imaging

  • 1. Data Leakage at Gensui Imaging A Short Story by Grant Lindsay Under the copyright laws, neither the documentation nor the software can be copied, photocopied, reproduced, translated, or reduced to any electronic medium of machine-readable form, in whole or in part, without the written consent of Sherpa Software Partners, except in the manner described in the software agreement. © Copyright 2011 Everest Software, L.P., d.b.a. Sherpa Software Partners, L.P. All rights reserved. Printed in the United States. Compliance Attender for Lotus Notes is the registered trademark of Sherpa Software Partners, L.P.
  • 2. ------------------------------------------------------- Part 1 ------------------------------------------------------- hat I am about to tell you must not leave this room.” It was Derek Reinholt's opening statement to “W his management team. Fourteen people sat around the conference room table as Derek stood by the whiteboard that was now doubling as a screen. He continued, “Sonia, can you get the lights, please?” The room dimmed and Derek began his presentation in the glow of the projector. The slides included the well-known review of how Derek had started Gensui Imaging with a college roommate during their senior year at Carnegie Mellon University and of how, over the intervening seventeen years, they had grown a part-time business into a successful digital image processing company. “You and your teams,” Derek said to his audience, “—in fact, all of our nearly 1,200 employees—have been instrumental in our phenomenal growth and global presence in our industry. And now,” he paused as a grin spread across his face, “Gensui Imaging is moving into a new chapter of its history.” The next slide showed an animation of the words “Gensui” and “Acme” gliding toward each other from opposite sides of the screen, overlapping in the center, and finally dissolving to re-form as “Gensui Acme Imaging.” Derek paused to scan the faces of his leadership team and said, “We're merging with Acme Co.” There was a collective gasp and then, quiet expressions of “wow” and “that's exciting” as the impact of the news sank in. A merger with Acme Co. would expand Gensui's market reach and solution offerings. That much was obvious. But, the potential of a merger with their largest client and the nation's number three video post-production shop was nothing short of electric. Alexandra Jennings, Gensui's Operations Manager, was in the room listening with growing excitement to Derek's disclosure of the new deal with Acme Co. Her brain was spinning with the possibilities. Beyond the obvious and short-term benefits of getting access to Acme's customer base and their brand recognition, there were the longer-term goals, as Derek was now showing on the screen, of moving into new and complementary markets and product lines. Wow, Alex thought, I have to tell, Ryan. Discreetly, Alexandra took out her company phone and tapped a quick email to her husband: “Big news at work about Gensui and Acme!! Tell you more later.” She touched the “send” button and returned her attention to the meeting. Derek was wrapping up by saying, almost as if on cue, “Remember, we need to keep this confidential until the joint press release next Monday. I will also be scheduling a meeting for the whole company at the same time to let everyone know. Thanks everyone.” As the lights came up and the meeting broke out into excited chatter, Alex felt a slight pang of guilt about her email, I only told Ryan, she thought. He's family and, besides, he won't care that much, anyway. He certainly won't tell anyone. Just in case, I'll email him to keep it confidential, she resolved, when I get back to my desk. Alexandra's husband, however, would never get those emails. ------------------------------------------------------- Part 2 ------------------------------------------------------- Three days before Derek's big meeting with his management team, Valerie Wright, the Email Administrator for Gensui, was at her desk, busy as usual. The home-grown support ticket system, built on IBM Lotus Notes and Domino, had several requests assigned to her and she was in the middle of an urgent one for the head of Legal. The support request application certainly made things run more smoothly, but the requests never seemed to end. That's when she noticed Peter Terrell, the Director of Information Systems and her manager, standing at the entrance to her cubicle. She removed one of her ear-buds to hear him. “Val, can I see you in my office, please? It will just be a few minutes.” | Page 2 of 8
  • 3. “Ah, sure, Peter.” Her eyes drifted back to her screen. “Let me just get this restore started for Brian and I'll be right in.” A few minutes later, Valerie was standing by Peter's office door. “Come in, Val. Close the door, please.” She did so. “Have a seat.” Peter wasn't one for closed-door meetings, so she knew this conversation was going to be unusual. She hoped she wasn't in some kind of trouble. Peter began. “I need your help with something sensitive and very confidential.” “Sure.” Valerie relaxed. This wasn't about her. “What is it?” “We need to set up another filtering rule in Compliance Attender.” “Okay. Do you have the specifics?” “I do.” Peter smiled as he handed a sheet of yellow notepad paper to Valerie with his neat, block-letter writing on it. She let out an involuntary “hmmm” when she read the words “merger” and “Acme.” She looked up at Peter. “I think you can see,” said Peter, in a more serious tone, “that this must remain strictly confidential.” “Well, yeah!” Valerie looked at the sheet again for a few seconds, then said, “So, you want me to set up a Compliance Attender filtering restriction to stop any messages that have these keywords from being sent. Is that right?” “That's right.” “Sure. That's easy.” Then, Valerie added, “Do you want to capture these messages, too, or just stop them?” “We had better keep a copy of any of these potential leaks for review. Derek will want to see them.” “Okay. I'll set up a graveyard.” A thought occurred to her. “These keywords might produce more than a few false- positives. We should likely turn on reviewing for this graveyard.” Peter looked puzzled. “Refresh my memory.” “Well, you know that a graveyard is a repository for messages that get stopped by Compliance Attender, right?” “I remember that.” “Okay. So, we can set up any given graveyard with a review process that lets authorized users read those filtered messages and either confirm or over-rule the graveyard action. The approvers can either release the message, if it's a false-positive, or confirm the graveyard action, if it isn't.” “I see.” “And only the approvers (and the database Manager) can see the messages,” Valerie continued, “and, even then, only when they are in this pending state. So, its really locked down.” “That's important, here.” “Who should I make the approver?” “I guess that will be me,” Peter said. | Page 3 of 8
  • 4. “And should I make anyone your back up, in case you can't get to a message to act on it in a reasonable time?” “Hmmm... let's put Derek, since, as of now, we three (and the lawyers) are the only ones in the company who know about this. But, let's give it a full 24 hours before we notify him.” “Can do.” “Do you need anything else to make this happen?” “No. I can come up with the wording for the notifications. I'll let you know when it's set up.” “Thanks, Val.” Valerie got up to leave and as she was at the door, Peter added, “Just bring back that sheet when you are done.” “Oh, yeah,” she said, looking down at Peter's hand-written note in her hand. “No problem.” Back at her desk, Valerie noticed that the restore of Brian's mail file was still running, so she switched screens and opened Compliance Attender. Setting up the Compliance Restriction and Graveyard Definition only took a couple of minutes. Then, she created two Notification Definitions; one for Peter that would be used during the initial message capture and the other for both Derek and Peter to be sent during the first escalation, twenty four hours later. She wouldn't need the second or third escalation, she decided. Next, Valerie set the graveyard's access control list management settings right on the Graveyard Definition to lock it down tight. After saving her changes, she replicated them to her other mail server, issued the “Set Rules” command to both servers and sent a test message to Peter with the keywords in it. As expected, it was filtered by Domino and placed in the Compliance Attender temporary graveyard. Valerie decided to let the processing agent run on its schedule, rather than forcing it to run immediately, since it was already set to run every fifteen minutes. She popped her head into Peter's office and he invited her in. “We're all set,” she said, while closing the door. “That was fast.” “I sent a test message to you with the keywords and it was filtered correctly.” Valerie placed the yellow note paper back on Peter's desk. “You should get a notification, shortly. Just follow the link to the message and either click 'Release' or 'Graveyard,' as the case may be.” Peter looked at his screen. “Wait. I think this might be the notification. 'Here's that thing you asked for'. Is that the subject?” “Yeah. I was trying to not give anything away in the subject, in case anyone happened to see your phone or something. But, the notification email is completely customizable, if you want me to change it.” “No, I like it. It's very casual and vague. Perfect.” Peter double-clicked and said, “Can you wait while I do this, in case I get stuck?” “Sure.” “Okay, so I opened the notification and I see you have included the date, sender, recipients, original subject. Great. And there's the link. So, I'll click that... Ah, there's the message. Oh, I see the buttons. I assume that 'Release' will send the message to the original recipients.” “That's right.” “And 'Graveyard' will keep it here?” | Page 4 of 8
  • 5. “Right again.” “Okay. Since this is a false positive,” Peter said as he gave Valerie an exaggerated wink, “we'll release it. So, I click 'Release'... 'Do you want to release this message?' Yes, thanks for asking. Okay... and I'm back to my mail. What should happen now?” “Since you were the recipient of that message, you should get it.” “Okay... well, what do you know? There it is. Nice.” “Also, the graveyarded copy is still back there, logged with who released it and when... for auditing.” “Oh, that's good.” “And, one last thing. I excluded Derek from the filtering restriction in Compliance Attender, so he can communicate about... this thing... with whomever.” “Good call. Thanks, Val. I'll let you know if I get into any trouble with this.” “No problem. Now, if I can just get Brian to understand that delete means delete.” ------------------------------------------------------- Part 3 ------------------------------------------------------- On his way back to his office after Derek's bombshell meeting, Peter's phone chimed and vibrated. On reflex, he pulled it out of his pocket and examined the screen. An email, “Here's that thing you asked for” from the Domino Administrator. That was one of Val's graveyard notifications. Peter had only gotten a handful of these over the weekend, all of which had been false positives that he had released. This one seemed suspicious, though, coming so soon after Derek's announcement. Peter tapped the screen to open the notification. It was from Alex Jennings to an outside mail account he didn't recognize. No subject. Not good. Peter tried not to give the impression of panic as he hurried back to his office to examine the email more closely. As he sat down in front of his computer, he realized he had been worried for no reason. It dawned on him: since he had gotten the graveyard notification, that meant the message was caught. It didn't get out. There was no leakage... yet. His sigh of relief was audible. Okay, he thought, Let's take a closer look at you. He double-clicked the notification message in his Notes mail and clicked the link to the graveyarded message. Now, he could see the body: “Big news at work about Gensui and Acme!! Tell you more later.” “Oh, Alex, what did you do?” he muttered. As much as he didn't want to get his friend and colleague in trouble, Peter knew that he would have to tell Derek. Who did you send this to, Alex? he thought. Or, rather, try to send this to? The sole recipient was a Gmail address. A quick Google search had Peter looking at Ryan Jennings' Facebook page. Alex's husband. Peter was starting to realize that this was probably not corporate espionage when his phone chimed and vibrated again. He glanced over at the small screen on his desk and saw another graveyard notification. Peter switched to his email tab, opened the new notification and saw that it was from Alex to her husband again. He clicked the link: “About that Acme email: please don't tell anyone. Love, A.” | Page 5 of 8
  • 6. Peter printed the two email messages to the printer on his credenza as he picked up the phone and dialed. A few seconds later he said, “We might have a leakage issue.” Then, after a pause, “Okay. I'll come right up.” ------------------------------------------------------- Part 4 ------------------------------------------------------- Alexandra was reading over the previous week's project statuses in preparation for her eleven o'clock team meeting, when her desk phone beeped. The call display said, “REINHOLT, D. x2992” She picked up before the second beep. “This is Alex Jennings.” She always answered that way, even when she knew the caller's identity. “Hi, Alex. It's Derek,” the phone's ear piece relayed. “Something kind of important has come up. Can I see you in my office?” Derek didn't say when, but Alex knew he meant now. There was still more than half an hour before her meeting. “I'll be right there.” “Thank you.” Derek hung up. When Alex arrived at Derek's office, she saw that Peter Terrell was already seated inside and that they were talking, so she paused at the door and knocked. “Hey Alex. Come on in,” Derek smiled. “Give the door a little push, would you.” Alexandra closed the door behind her and approached Derek's desk, a little more anxious with each step. “Have a seat, Alex. Peter's going to sit in on this with us.” “Hi, Alex,” Peter said with a forced smile. Alex nodded to him, but just sat. “Peter brought me some news, Alex,” Derek started. “And I need to get your input on it.” “Sure, Derek.” Alex glanced over at Peter who was looking at Derek. “I asked Peter to make a configuration change to our email Compliance software... What's it called, Peter?” “Compliance Attender.” “Right. Compliance Attender.” Derek continued, “Anyway, I wanted to make sure that we didn't let any news slip prematurely about the Acme deal. Their board is very sensitive about controlling what the media hears and any leakage about it could sour this merger. It's just too important for us, Alex.” She could see where this was going. That stupid email to Ryan. But, she didn't want to confess anything too soon, so she just listened. “Which brings us to this.” Derek handed two sheets of paper to Alex. The headings on each read “Graveyard Message” below which followed other details, including her address and that of her husband's. They were copies of her emails to Ryan, as she had suspected. She looked up at Derek and said, “I'm sorry, Derek. I got excited about the news and told Ryan without thinking. I would never leak anything this important...” “I know, Alex,” Derek interrupted with a raised hand. “It's clear this was just a slip. And Compliance Attender | Page 6 of 8
  • 7. stopped the messages from getting out, so there is no harm done. Ryan still doesn't know anything about this.” Then he added, “Does he?” “These emails were the only things I sent him. If he didn't get them, then he doesn't know,” Alex reasoned. “And I won't tell him anything until the press release, Derek. I promise.” “That's all I wanted to hear, Alex.” Then, Derek grinned, clapped his hands and said, “Just think. Next week we'll be able to tell everyone and celebrate.” His exuberance always lightened the mood, once the serious work was finished. He was a good boss. “Thanks, you two,” Derek said to end the meeting. ------------------------------------------------------- Part 5 ------------------------------------------------------- As they left, Peter stopped Alexandra at Derek's office door and said quietly, “I'm sorry, Alex. I had to tell him.” “No, don't worry, Peter. You did the right thing,” she said. “I'm just glad that that Compliance thing...” “Attender,” Peter interjected. “What?” “Compliance Attender.” “Right. Anyway. I'm just glad it caught those messages. Once that stuff gets out, who knows where it will end up?” As they parted, each heading to their own offices, Peter thought how glad he was to have the right tools to solve these sticky problems. They made him look good. | Page 7 of 8
  • 8. About the Author As the Product Manager for Compliance Attender for Notes, Grant is responsible for product research and development, pre-sales technical support (e.g., Demos), post-sales technical support and competitive research. Grant joined Sherpa Software in 2007 and has 17 years of experience in Information Technology. Of those, more than 16 were spent building applications with Lotus Notes and Domino. He worked with a wide range of company sizes and across several industries including insurance, consulting, venture capital, manufacturing, software and more. Grant is an IBM Certified Advanced Application Developer and an expert in email management and compliance, LotusScript, Notes Formula Language, application design and security. He is also skilled in C/C++ and Java Application Programming Interfaces (APIs) for Notes and Domino. Grant is accomplished in web delivered technologies: HTML, CSS, and JavaScript. He graduated in 1995 from the Career Development Institute with a Programmer Analyst Diploma. Grant spends his off time with his wife, Lydia, of 19 years and their three retired greyhound racers, Rio, Wavorly and Oriole. | Page 8 of 8