Database Encryption for Physical, Virtual, & Cloud Environments

YOUR CHALLENGE

The shift to make businesses more competitive means that critical data must be available and secure in the Physical, Virtual and Cloud environments. Organizational effectiveness is directly related to performance of applications and the database systems delivering the data. Security and compliance initiatives have historically had a negative impact on performance levels, leading to increased labor cost and slowed client transactions. Current practices focus on Perimeter Protection - firewalls, intrusion detection, monitoring. This leaves critical databases and back up media (data-at-rest) with little to no protection from external or internal intruders. Most data breaches occur while data is at rest. The risk associated with a data breach can severely impact cash flow, stock price and reputation.

Automation - The story of a Hacker attacking you with your refrigerator

“New... powerful... hooked into everything, trusted to run it all. They say it got smart, a new order of intelligence.”

While this quote and its context are a bit more morbid than my feelings on this topic, those words Kyle Reese uttered are the first that come to mind whenever I hear about the succinctly named “Internet of Things.”  If the term is unfamiliar, and you haven’t caught the Cisco commercial that illuminates the possibilities, the core idea is to take anything you can possibly think of—any device, any tool, any bit of electronics—and make it “smart.”  Create a network of physical devices connected via new technology. 

Changing the Status Quo on Data Notification Laws

“Patchwork.”  That’s the term that seems to be bandied about with the most frequency when talking about the system in place for notifying customers their personal information has been compromised.  A “patchwork quilt.”  And not the nice kind, like the family quilt your grandmother inherited from her parents which eventually finds it way down to you.  No, this patchwork is the type that can only be described, to quote Senator Tom Carper (D-Del), as “a nightmare.”

Pointing the Finger - Who has Responsibility for Stolen Consumer Data?

See, now this is exactly what I was just talking about last time.  You know, that recent string of data breaches perpetrated against major retailers like Target and Neiman Marcus.  With this recent survey, retailers better hope that the issue of notification laws regarding data breaches gets resolved soon, and that stronger standards are put in place, because consumers are understandably a bit out of sorts about the theft of their personal information.  According to the survey, conducted by data science company Feedzai of 2,000 shoppers across the country, 60% attribute responsibility squarely at these retailers.  The runner up: banks, garnering 13% of the vote.  And a mere 5% of participants believed it is the duty of the consumer him/herself to prevent their personal information from being compromised.  80%, by the way, said the experience is worse than getting the flu – As I have never suffered the flu, I will have to take them at their word.

In Light of Breaches, Mandatory Cyber Liability Insurance?

Should companies be mandated to have cyber liability insurance?  65% of publicly traded companies currently don’t have any such policy, according to a recent survey by Chubb Group of Insurance Companies.  In many cases, this is due to a simple lack of awareness: CEOs just do not know that this type of insurance is available.  Perhaps they often assume their business’ general liability coverage accounts for and protects them from any incidents of data breach and theft.  Generally, it doesn’t.  Cost can be another factor, with higher premiums for those companies deemed “higher-risk” by financial institutions.

Switching to Chip Cards - Maximum Protection?

Compared to much of the world, our credit card security kind of sucks.  The magnetic stripes on cards that are using to hold customer data are easily duplicated, and the signatures required can be forged with little effort, which causes all sorts of temperamental afflictions to both banks and retailers alike (and of course, consumers).

Which is more important, compliance or security?

Which is more important, compliance or security?  Which comes first, or should come first, in a company’s considerations? 

Security would seem to be the obvious, as well as the predominant answer.  It’s what you use to encrypt and protect your data, after all.  It’s as straightforward as that, and should be a major, if not the predominant, consideration in a company’s risk analyses and strategies. 

Increasing Encryption Deployment and the Federal Wall of Shame

Oftentimes—actually, most of the time—I write articles about some sordid data breach or other; a hack, a theft, a massive intrusion, many of which likely could have been prevented by encrypting people’s sensitive data.  So when I finally stumble upon a storyabout the use of encryption continuing to grow as more and more companies need to address consumer concerns, that makes me happy.  Well, maybe happy is too strong a word…’Reasonably satisfied’, maybe. 

RAM Scraping a New Old Favorite For Hackers

Some of the best stories involve a conflict with an old enemy: a friend-turned-foe, long thought dead, returning from the grave for violent retribution; an ancient order of dark siders from the distant reaches of the galaxy, hiding in plain sight and waiting to seize power for themselves; a dark lord thought destroyed millennia ago, only to rise again and seek his favorite piece of jewelry.  The list goes on.

LinkedIn Lawsuit Leaves No Room For Confusion

False representation by a company of its security protocols: an odd decision to make, in light of the growing frequency and severity of data breaches that have struck retailers and consumers in 2014 like slaps from an Emmy-worthy Peter Dinklage. 

A Cyber World War I?

Drawing near is an unfortunate centennial, one which might not be immediately apparent to many these days.  Nevertheless, its significance far outweighs the familiarity, an event which sent violent echoes of change radiating around the globe.  Just outside Schiller’s delicatessen, with a car in a motorcade backing up in order to take the route to the hospital, a man stepped forward and shortly thereafter the Archduke of Austria-Hungary and his wife were dead.  That was June 28, 1914, and I don’t need to tell you what happened next.  Justlook to Hemingway if you forget the effect the so called “Great War” had on an entire generation.

Find the Silver Lining

Education remains perhaps one of the most crucial tools to combat the rising tide of data breaches.  Which is why, in a roundabout sort of way, a silver lining can be seen amidst the storm of recent major retailer breaches.  How?  The key word here is major.  Because you’ve heard all the news in the past six months about companies like Target, Neiman Marcus, Michaels, and now even sites like eBay (not to mention the LinkedIn hack of 2012); stories you might not have heard in times past, if they happened to smaller organizations.  But breaches involving smaller organizations wouldn’t have led to 110 million Americans having their information compromised in the past 12 months, or 432 million accounts, according to a report created by Ponemon Institute and CNN Money.  The more colossal the impact, the more the general populace is going to hear about it.  In spite of the obvious damage done to those affected, shedding light on these issues is something sorely needed.