May 14, 2012 – Scottsdale, AZ  – Last week, Clareity Security’s existing customers were first in line for a glimpse into the new Clareity Application Store currently under development.  The Store represents the next logical evolution for Clareity’s currently deployed Single Sign On (SSO) portal.  The Store, combined with a robust shopping cart and fully integrated e-commerce solution, is a natural extension of the SSO portal and facilitates easy, convenient access for MLS subscribers to purchased and licensed applications.  The Store represents a tremendous opportunity for the MLS to create or enhance existing non-dues revenue streams, create awareness of MLS approved product offerings and offer convenient purchasing and application access via Single Sign On through the Portal.

Gregg Larson, CEO of Clareity Security, states, “Clareity Security products have continuously evolved to meet the needs of both the MLS organizations and the subscribers they serve.  The Clareity Application Store offers private branding at the MLS, Association or broker level and is a natural evolution of our SAFEMLS product that currently facilitates identity and access management for over 500,000 MLS subscribers.”

The Clareity Security team is attending the NAR Midyear convention in Washington, D.C this week and absolutely welcomes the opportunity to discuss the new, exciting capabilities of our Single Sign On portal and Clareity Application Store with MLSs and Associations looking for more ways to deliver value to their subscribers.  Please email sales@clareitysecurity.com or visit booth 520 during show hours.

About Clareity Security:

Clareity Security, located in Scottsdale, Arizona, is the leading provider of data security, Single Sign On and compliance management products and services for the real estate industry. Our Scout for SAFEMLS® and SAFEACCESS™ products help MLS organizations and real estate professionals easily and effectively safeguard sensitive consumer information against unauthorized access and provides strong authentication solutions and revenue assurance for high value subscription services. Additionally, Clareity Security is the creator of Safe Syndication™, the leading listing syndication and IDX/VOW compliance management tool for brokerages and MLS organizations.

Contact:

Amy Geddes, Executive Vice President and Chief Operating Officer
480-444-0014 or Email

# # #

Last year Clareity Security demonstrated A Successful Case Study for customers using Scout for SAFEMLS™.  The case study identified measurable success in both reducing unauthorized access and providing revenue assurance to MLS organizations through the implementation of the full Scout for SAFEMLS solution.  Recently, we started to dig even deeper into the data behind the success of Scout for SAFEMLS.  For this new study we analyzed a sampling of our customers who followed some best practices recommended by Clareity Security as part of the implementation.  We researched further into which specific actions were most successful in remediating account sharing and unauthorized access.  The results are very clear; applying Clareity Security’s best practices generates extremely positive results.

Clareity Security’s best practices have been established by analyzing our customers’ policies against the sharing outcomes in their individual systems.  Clareity Security has worked individually with each customer to develop security policies based on these best practices and their local rules and policies, with the specific goal of deterring account sharing at the earliest possible action while minimizing user inconvenience.  The chart below illustrates Scout for SAFEMLS’s effectiveness at eliminating 97% of sharing for users who enter remediation by the fourth action step.

Many of our customers have applied these best practices, and more are in the process of reviewing updated recommendations from us based on our findings. Our review of twelve Clareity Security customers over a six week period of time showed sharing decreased by almost 18%, unauthorized users decreased over 22%, and active accounts increased by almost 2%. This increase may seem modest but during the same timeframe membership in the National Association of REALTORS® dropped 1.75%.

These numbers greatly impact your MLS organization both from a revenue opportunity and a cost perspective.  A shared account cannot only cause revenue deprivation but also adds to the cost of providing service to your paying members.

Clareity Security has gained considerable knowledge about the profile of a shared MLS account in the past eight years.  While the numbers are not surprising to us, we believe they are interesting and worth noting for purposes of this paper.  A shared account, on average, has almost twice the usage of a non-shared account and the unique devices used to access the account are double a non- shared account. This excess traffic translates to heavier server loads, greater network traffic, and even increased help desk calls. All of which mean extra expenses to the MLS.

Clareity Security is pleased to offer this solution to our existing customers and welcomes the opportunity to work with new organizations. Combining a tool like Scout for SAFEMLS with the experience and best practices developed by Clareity Security staff and customers is proven to recapture (or in some cases retain) revenue for MLS organizations. In addition, reducing unauthorized access means the MLS can experience cost savings while securing access to valuable MLS data.

May 7, 2012 – Scottsdale, Arizona – Clareity Security (www.clareitysecurity.com), the leading provider of data security and syndication management solutions for the real estate industry, is pleased to announce new SAFE Syndication™ agreements with the My Florida Regional Multiple Listing Service (MFRMLS), the Cooperative MLSs of Contra Costa Association of REALTORS®, East Bay Regional Data, Inc. and the Bay East Association of REALTORS®, and the greater Sacramento area’s MetroList Services, Inc (MetroList®).  These customers have chosen SAFE Syndication™ as their solution for data compliance and distribution management joining an ever-growing list of Clareity customers.

SAFE Syndication is designed to serve as a contract management, compliance and reporting tool for MLS organizations, brokerages and franchisors.  SAFE Syndication provides a consolidated system for measuring and reporting on all listing distribution activity.  In addition, the compliance tools in the product provide independent verification and reporting by the MLS and/or Clareity Security as a neutral, trusted third party. These features allow the MLS to eliminate unnecessary expansion of compliance costs and refocus internal resources on more strategic projects.  Most importantly, SAFE Syndication, with a focus on compliance reporting and complaint tracking, complements all existing and emerging syndication tools, along with producing detailed information to help brokers and MLS organizations make better syndication and distribution decisions.

“Starting late last year, MFRMLS went through an extensive search and review of the various listing syndication solutions available to the market.  The capabilities of SAFE Syndication to meet our immediate, as well as long-term needs, were readily apparent.  My team is very much looking forward to implementing SAFE Syndication as a piece of our overall data distribution strategy,” said Merri Jo Cowen, CEO of MFRMLS.

Clareity Security would like to invite everyone interested in SAFE Syndication to meet with our team.  Contact sales@clareitysecurity.com to schedule a detailed presentation.

About Clareity Security:

Clareity Security, located in Scottsdale, Arizona, is the leading provider of data security, Single Sign On and compliance management products and services for the real estate industry. Our Scout for SAFEMLS® and SAFEACCESS™ products help MLS organizations and real estate professionals easily and effectively safeguard sensitive consumer information against unauthorized access and provides strong authentication solutions for secure online transactions. Additionally, Clareity Security is the creator of Safe Syndication™, the leading listing syndication and IDX/VOW compliance management tool for brokerages and MLS organizations.

Contact:

Amy Geddes, Executive Vice President and Chief Operating Officer
480-444-0014 or Email

  # # #

As a consultant often called on by MLSs for help with VOW and IDX compliance audits, I also serve as a subject matter expert for Clareity Security’s SAFE Syndication product. And, as someone who is always pushing for improved information security in the real estate industry, I love that information security is featured prominently in the VOW rules, section 19.5: “A Participant’s VOW must employ reasonable efforts to monitor for, and prevent, misappropriation, ‘scraping’, and other unauthorized use of MLS listing  information.  A participant’s VOW shall utilize appropriate security protection, such as firewalls, as long as this requirement does not impose security obligations greater than those employed concurrently by the MLS.” The last part of that rule is also reflected in optional IDX rule section 18.3.14. Auditing these rules has allowed me to help many brokers improve their VOW and IDX security and reduce the risk of an information security incident.

I’ve already written about guidelines for anti-scraping and monitoring and, although anti-scraping is a constantly evolving challenge, that article provides at least a baseline for evaluating VOW rule compliance.

But, what else should MLSs be looking for when evaluating VOW and IDX security?

First, as specifically mentioned in the rule, appropriate firewall protection must be established. When I audit a VOW, I look to make sure that there are only a few specific network ports open on the server – 80 and 443 as needed for the web server to function, and ports needed to provide a secure method of server administration, such port 22 – or 989 and 990. If ports like 21 and 3389 are open and actually used to administer the website, it should be a big compliance red flag because they are common security incident causes – and issues I see the majority of the time when auditing a VOW or IDX site.

Second, you want to verify that all the web server software is up to date and properly configured. That means checking the web server (IIS, Apache, etc.) version, the operating system version (when possible) and the platform (.NET, JSP, ColdFusion, WordPress, etc.) version, making sure that those are the most current versions or that newer versions don’t have fixes for significant security vulnerabilities. You might think that keeping systems patched would be second nature for a technology provider, but in my experience it seems not to be the case.

Third, you want to evaluate any externally obvious security misconfigurations of the server and platform. Every server and platform has its own security configuration guidelines and it’s reasonable to expect that obviously poor configurations should not be visible to an external evaluator.

Fourth, and probably the most complicated part of evaluating VOW security, you want to evaluate application security – at least the OWASP Top 10 Vulnerabilities: Injection, Cross-Site Scripting (XSS), Broken Authentication and Session Management, Insecure Direct Object References, Cross-Site Request Forgery, Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection, and Unvalidated Redirects and Forwards. I usually evaluate Information Leakage and Improper Error Handling as well. Some of these items can’t be easily validated externally (i.e. Insecure Cryptographic Storage) though I’m always glad to hear that a web developer has encrypted the passwords and so cannot technically be compliant for VOW rule 19.3b. (“The Participant must at all times maintain a record of the name, email address, user name, and current password of each registrant.”). I’ve seen every one of these OWASP vulnerabilities while auditing VOWs and many times there are half a dozen issues on a single VOW.

If you’re a staff person at an MLS and a lot of the preceding read like gobbledy-gook to you or you don’t know how to audit security, you may want someone like me auditing VOWs and IDX sites for you, or at least auditing the security and anti-scraping related portions. It’s easy to split the audit responsibilities if your MLS is a Safe Syndication customer. It has been a blessing for the industry that the VOW and IDX rules give MLSs the opportunity to ensure that at least some reasonable security best practices are in place for VOW sites. I’ve had brokers tell me they were actually grateful someone was keeping an eye on their  technology provider in this area, since they lacked the capacity to do so themselves and just figured that all appropriate measures had been taken.

Please keep in mind that website security is the smallest portion of overall brokerage security. Taking appropriate steps in terms of policies and contracts, physical security, account management and password controls, internal networking and computing, mobile device security, and internal web applications are all important. The NAR sponsored security workshops and security articles and blogs that I write, and which many MLSs and Associations reprint, are helping me reach some brokers and agents – but it’s a very difficult task to try to improve information security in this industry and I hope that I can count on my readers to act as security allies and spread the word.

An average REALTOR® manages unique logins for 20 or more websites, both personal and professional (think MLS, Association site, broker’s intranet, third party related sites, etc.).  It is likely each of those websites has a different password policy with varying requirements for password length, letter/number/character requirements, and expiration periods.   As in the old Abbott and Costello skit Who’s on First, keeping abreast of what password goes where, is an unlikely reality unless two common solutions are utilized.  The prevailing method employed  is to use as few password combinations as possible to ensure easy access.  In other words, use the same password for every site possible.  The second most common solution is writing the passwords all down on a piece of paper and storing the paper in a desk drawer.  Both are ticking time bombs waiting for the right moment to blow.

The January 2012 hack of ZAPPOS® loudly reiterates the problem of using the same password across multiple sites when a breach occurs.  In communications to their customers ZAPPOS® simply stated, “We also recommend that you change your password on any other web site where you use the same or a similar password.”.  A breach in one site can have a cascading effect to other sites due to the commonality of passwords used.  This serious problem is not unique to REALTORS®. The plethora of user IDs won’t go away any time soon.  In fact, we anticipate the problem will only worsen over time as more and more sites collect user information behind the veil of login.

What is the bottom line for the MLS or Association?  Jump into deploying technologies with both feet.  Stop catering to the dinosaurs (of all ages) that resist change at every turn.  Remove the silly obstacles subscribers encounter when  gaining access to frequently used systems (such as asking them to remember multiple IDs and passwords for various systems).  “Was it my NRDS number or my email address or my license number?  I don’t remember.” should become the concerns of the past.

Ultimately, by deploying single-sign on (SSO) support costs will decrease and user efficiency will increase for both end users and staff.  Best of all you will satisfy your subscribers with an easy means to navigate between their applications without repeatedly presenting authentication credentials in order to do so.

Stay tuned as Clareity Security continues to innovate new ways to present value and efficiency through technology tools.

March 15, 2012 – Scottsdale, Arizona – Clareity Security (www.clareitysecurity.com), the leading provider of data security, single sign on (SSO) and data syndication management solutions for the real estate industry, is pleased to announce that the Metropolitan Indianapolis Board of REALTORS^® and Greater El Paso Association of REALTORS^® have each extended their contracts for Scout for SAFEMLS™ (privately branded for MIBOR as SAFEAccess™).  Scout for SAFEMLS™ serves as a comprehensive solution that reduces administration and total cost of ownership compared to traditional strong authentication products. The intelligence-based authentication combines access intelligence and zero-footprint, strong authentication to accurately identify risks and then cost-effectively mitigate them. The foundation of the solution is an identity-profiling engine for aggregating user access data, creating statistical profiles, and detecting anomalies. Powered by patent-pending keystroke dynamics, Scout for SAFEMLS™ is unrivaled in its ability to accurately and transparently identify users, detect account sharing, account takeover, and differences between individual users that is not possible with traditional device or IP tracking.

“Scout for SAFEAccess continues to be our choice for strong authentication solutions and Clareity Security backs it up with unparalleled customer service and support”, offers Tom Renkert, Director of Business Support Services, MIBOR.

Additionally, the Staten Island Board of REALTORS^® and Consolidated MLS of Columbia, SC have renewed their contracts for SAFEMLS™.  Strong authentication is important to businesses that want to ensure users are paying for access to pay-content and mitigate risks associated with unauthorized access and misuse of content. SAFEMLS is the industry leading solution.

“Our team at Clareity Security is delighted to be extending our relationships with these customers.  We appreciate their continued support of our products and look forward to the ongoing opportunity to provide them with superior service.” stated Gregg Larson, CEO of Clareity Security.

Clareity Security would like to invite everyone interested in more information on the SAFEMLS suite of products to meet with our team.  Contact sales@clareitysecurity.com to schedule a detailed presentation.

About Clareity Security:

Clareity Security, located in Scottsdale, Arizona, is the leading provider of data security, single sign-on and compliance management products and services for the real estate industry. Our Scout for SAFEMLS™ and SAFEAccess™ products help MLS organizations and real estate professionals easily and effectively safeguard sensitive consumer information against unauthorized access and provides strong authentication solutions for secure online transactions.  Additionally, Clareity Security is the creator of SAFE Syndication™, the leading listing syndication and IDX/VOW compliance management tool for brokerages and MLS organizations.

Contact:

Amy Geddes, Executive Vice President and Chief Operating Officer
480-444-0014 or Email

# # #

March 7, 2012 – Scottsdale, Arizona – Clareity Security (www.clareitysecurity.com), the leading provider of data security, single sign on (SSO) and listing syndication solutions for the real estate industry, is pleased to announce the recent addition of the Northern Nevada Regional Multiple Listing Service and Intermountain Multiple Listing Service, Inc. to its Single Sign ON 2.0 customer family.  Each has signed a Single Sign ON 2.0 agreement and will enjoy the benefits of the leading SSO portal service for multiple listing services.

NNRMLS CEO Shelley Specchio stated, “At NNRMLS, we are excited to select Clareity’s SSO 2.0 portal.  This service will certainly compliment our efforts to continue to deliver solutions designed to improve our subscriber experience.”

Clareity Security’s Single Sign ON 2.0 service offers significant member convenience while also driving adoption of third party applications through the convenience of allowing all MLS products to have a single login.  Clareity Security provides a real estate centric customized solution that was built using industry standards including SAML 2.0 (Security Assertion Markup Language).  This customized solution allows for easy integration by MLS system and other application service providers.

Clareity Security’s Single Sign ON 2.0 includes support for: Login portals that offer branding and links to all service providers, customizable logout messaging and full support for Single Log Out, customizable session support and management, customizable login pages based on referring URL, and a mobile identity provider to facilitate SSO for mobile devices.

Clareity Security would like to invite everyone interested in Single Sign ON to meet with our team.  Contact sales@clareitysecurity.com to schedule a detailed presentation.

About Clareity Security:

Clareity Security, located in Scottsdale, Arizona, is the leading provider of data security, Single Sign On and compliance management products and services for the real estate industry. Our Scout for SAFEMLS® and SAFEACCESS™ products help MLS organizations and real estate professionals easily and effectively safeguard sensitive consumer information against unauthorized access and provides strong authentication solutions for secure online transactions. Additionally, Clareity Security is the creator of Safe Syndication™, the leading listing syndication and IDX/VOW compliance management tool for brokerages and MLS organizations.

Contact:

Amy Geddes, Executive Vice President and Chief Operating Officer
480-444-0014 or Email

# # #

February 24, 2012 – Scottsdale, Arizona – Clareity Consulting (www.callclareity.com), a leading consulting firm and industry thought leader and Clareity  Security (www.clareitysecurity.com), the leading provider of data security and compliance tools, single sign on (SSO) and listing syndication management solutions for the real estate industry, are pleased to announce their charter membership in the Real Estate Standards Organization (RESO).  This membership was a natural progression and continuation of Clareity’s twelve years of leadership and support of real estate industry standards.  Several key members of Clareity’s leadership team have been involved with Real Estate Transaction Standards (RETS) since its inception and have maintained an ongoing commitment to furthering industry standards as a whole.

Matt Cohen, Chief Technologist stated, “The Clareity team hopes that clients, customers and other industry colleagues join us in supporting RESO, both financially and by working to create and implement standards to benefit real estate professionals.”

RESO, the organization that supports RETS has recently incorporated as a 501 (c)(6), not-for-profit trade association.  RESO will continue to develop, adopt and implement open and accepted data standards and processes across all real estate transactions, with the goal of facilitating software innovation, ensuring portability, eliminating redundancies and obtaining maximum efficiencies for all parties participating in real estate transactions.

Paul Hethmon, Chief Software Architect for Clareity Security stated, “Clareity has always been a strong supporter of RETS.  It is a crucial component to our customers, to our industry, and to us as a company.  I’m very pleased to see RESO mature and look forward to being a part of it.”

If your organization is interested in supporting RESO please visit their website for more details.

About Clareity Consulting:

Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses. Clareity Consulting is an innovative solutions provider committed to delighting its consulting clients. The company is headquartered in beautiful sunny Scottsdale, Arizona. Clareity provides a wide variety of services to MLS, associations, brokers, franchises, and software and service companies that serve the residential real estate market.

About Clareity Security:

Clareity Security, located in Scottsdale, Arizona, is the leading provider of data security, Single Sign On and compliance management products and services for the real estate industry. Our Scout for SAFEMLS® and SAFEACCESS™ products help MLS organizations and real estate professionals easily and effectively safeguard sensitive consumer information against unauthorized access and provides strong authentication solutions for secure online transactions. Additionally, Clareity Security is the creator of Safe Syndication™, the leading listing syndication and IDX/VOW compliance management tool for brokerages and MLS organizations.

Contact:

Amy Geddes, Executive Vice President and Chief Operating Officer
480-444-0014 or Email

# # #

Can you believe it’s that time of year already?  Almost 200 industry folks are preparing for the annual pilgrimage to the Clareity Consulting MLS Executive Workshop in sunny Scottsdale, AZ.  Sure it helps that many of us are feeling a bit deprived of Vitamin D and the average temperature  in the Valley of the Sun is a perfect 73 degrees.  It can’t hurt that the town is brimming with professional baseball players and you have your choice of over 100 places to chase a golf ball through the desert.  The real excitement for Clareity is the opportunity to deliver incredible content, spend time with clients and customers and hopefully leave mutually enriched.

The agenda is packed with great speakers, panelists and information.  I am privileged to lead the discussion on Strategic Syndication.  Those of you with a good memory might remember last year’s topic labeled “Syndication….the last word” where we basically agreed it had been beaten to death.  But like all topics in need of better answers, we as an industry aren’t done.  With so many contributors, much progress has been made.  I’ve been pleased to work with several of our early adopters of the Clareity Security SAFE Syndication™ product. I’ve also been an active participant on the Council of MLS Board of Directors who produced a Syndication Toolkit for their members and are working hard to keep it current.  Earlier today, Matt Cohen wrote a great post “Strategic Syndication – Year One”  which summarizes the current syndication landscape.

So while we admit we were FAR from the last word on syndication last year, we are pleased to see real action being taken to improve the process for MLS organizations, brokers and the consumer.  Looking forward to seeing many of you next week!  Don’t forget your sunscreen

PS – while I’ve gone on about the gorgeous weather in Scottsdale, it is technically still “winter” so a light jacket or sweater for the evening is always appropriate since we like to throw our parties poolside!

February 16, 2012 – Scottsdale, Arizona – Clareity Security (www.clareitysecurity.com), the pioneer of data security and listing syndication solutions for the real estate industry, is pleased to announce the recent addition of Triad Multiple Listing Service to its customer family.  They have signed a multi-year Scout for SAFEMLS® agreement and will implement the leading data security, account remediation and subscriber analytics tool for multiple listing services. 

Triad Multiple Listing Service joins six other Multiple Listing Services/REALTOR® Boards in North Carolina (16,700 total subscribers) who trust Clareity Security with their security needs.  Carolina Multiple Listing Service, Western North Carolina Multiple Listing Service, Outer Banks Association of REALTORS, Carteret County Association of REALTORS, Jacksonville Board of REALTORS, and Pinehurst-Southern Pines Board of REALTORS are all protecting their valuable assets with SAFEMLS.

Triad MLS’ Executive Vice President and Chief Information Officer Richard Renton stated, “As a wholesaler of MLS services to our shareholder associations, we chose Scout for SAFEMLS to not only protect our assets but to help protect our shareholders’ assets.  We look forward to working with Clareity Security to implement this proven technology for our members.”

“We welcome Triad Multiple Listing Service as our 90^th Scout for SAFEMLS customer and thank them for putting their trust in Clareity Security.”, said Gregg Larson, Chief Executive Officer of Clareity Security.

Scout for SAFEMLS serves as a comprehensive solution that reduces administration and total cost of ownership compared to traditional strong authentication products. The SAFEMLS® intelligence-based authentication suite combines access intelligence and zero-footprint, strong authentication to accurately identify risks and then cost-effectively mitigate them. The foundation of the solution is an identity profiling engine for aggregating user access data, creating statistical profiles, and detecting anomalies. Powered by patent-pending keystroke dynamics, SAFEMLS is unrivaled in its ability to accurately and transparently identify users, detect account sharing, account takeover, and differences between individual users that is not possible with traditional device or IP tracking.  Clareity Security would like to invite everyone interested in Scout for SAFEMLS to meet with our team.  Contact sales@clareitysecurity.com to schedule a detailed presentation.

About Clareity Security:

Clareity Security, located in Scottsdale, AZ is the leading provider of security products and services for the real estate industry. It’s SAFEMLS® and SAFEACCESS™ products help MLS organizations and real estate professionals easily and effectively safeguard sensitive consumer information against unauthorized access and provides next generation strong authentication solutions for secure online transactions. Additional information is available at http://www.ClareitySecurity.com.

Contact:

Amy Geddes, Executive Vice President and Chief Operating Officer
480-444-0014 or Email

 # # #