Category: Key Management


Posted By: Alan Kessler
03 Feb
Categories : Cloud Computing, Cloud Security, Data Breach, Insider Threat, Key Management, Privileged User            Leave a comment           

In my blog from September 2014, I wrote “encryption and access controls are your front-line defenses for defending data-at-rest. Given today’s threat environment, encrypt everything possible, everywhere possible.” While lots of things change in 6 months – the projected World Series Champion, the Super Bowl front-runner, Taylor Swift going from tweeting about dating to tweeting about hacking – this recommendation remains constant. <ClickToTweet>: IT Security Improvement – A Guide to the CIO’s Toolbox from @kessalan #DefenderOfData Data-at-rest is susceptible […]

Yesterday, we announced the general availability of Vormetric Data Security Release 5, Version 5.2.1.  This is a full release for our set of Data Security Platform products, including extensive enhancements to our flagship Vormetric Transparent Encryption product, our new Vormetric Application Encryption offering, updates to our Data Security Manager appliance, encryption agents, key management and more.  The release is the culmination of significant work by Vormetric product development, product management and product marketing teams and further extends our platform to […]

29 May

The Vormetric Data Security Platform Yesterday was a big day for Vormetric, the culmination of the long process of creating a new product – Vormetric Application Encryption.  This offering is a major extension of our Data Security Platform, giving our customers powerful capabilities for granularly encrypting field, column and file data within enterprise and web applications, as well as cloud and big data environments. With the addition of Vormetric Application Encryption to the Vormetric Data Protection Platform, we have created […]

26 May

It seems pretty clear that eBay didn’t properly safeguard their user information. We can expect that perimeters and firewalls will be penetrated – The Verizon data breach report gives a 90% chance of compromising an account after 10 phishing attempts, and malicious software installed as a result  is often undetectable by AV or Network monitoring and penetration tools.  Other attacks on applications (SQL injections, stack overflows) often result in an attacker gaining root privileges on machines and then using the […]

Categories : Data Security, Key Management            Leave a comment            Tags: , , , , , ,

While we’ve since learned it was a relatively unsophisticated attack, the Target data breach remains anchored in the headlines and, thanks to the more recent security breach reported at giant grocery chain Morrisons in the UK, we can’t get away from the risk posed to business by the ‘Insider Threat’. Events of the last few months have thrust the dangers of privileged user abuse into the spotlight. However, while these security incidents do vary in terms of scale and impact, […]

25 Jun
Categories : APT, Data Encryption, Data Firewall, Data Security, Key Management            Leave a comment           

Box office and online ticketing provider Vendini found its name in the media due to a database breach that occurred back in March. The company learned that the personal information of its members’ consumer-patrons — including names, mailing addresses, email addresses, phone numbers, credit card numbers and expiration dates — may have been compromised by a third-party criminal actor. While Vendini does not the collect credit card security access code information (e.g., CVV, CVV2, PINs) typically needed to complete credit […]

11 Jun
Categories : APT, Cloud Security, Data Security, Key Management, Privileged User            Leave a comment           

Last week, I attended the New York State Cyber Security Conference in Albany, NY. Themed “Helping Navigate Stormy Seas,” the event offered great, practical advice on a wide range of interesting security topics. Three of my personal favorites were Gerry Grealish’s talk on how to secure the cloud without compromise, Kurt Hagerman’s discussion of changes in PCI compliance and the implications in the cloud, and John Petrequin’s presentation on the seven traits possessed by companies that have survived APT attacks and […]

Categories : Big Data, Cloud Computing, Data Breach, Data Encryption, Data Protection, Data Security, Key Management            Leave a comment           

This week the 4th annual Vormetric Customer Council convened in beautiful San Francisco to do some sustained thinking, indeed. Customers from Europe, Asia, and North America came together to discuss the data security issues they face today and must prepare to face in the future. Our customers run the gamut from small health care organizations to large financial institutions and government agencies. And one of the great benefits of putting this diverse group of business leaders together in a room […]

28 Feb
Categories : Big Data, Data Breach, Data Protection, Data Security, Key Management            Leave a comment           

RSA 2013 was another interesting round of innovations, progressions and revamps. I am always excited to see how the IS community is progressing and changing itself to meet the business and mission needs of its organizations. This year serves as a great example of how the industry is trying to play catch-up to these needs. The “vibe” is that we as professionals aren’t winning, but we haven’t lost yet, and I couldn’t agree more. The show’s theme is “Security in […]

Categories : Data Protection, Encryption, Key Management            Leave a comment           

The Institute of Electrical and Electronics Engineers (IEEE), one of the leading standards-making organisations, suffered the consequences of some sub-par data security practices this week as it emerged that 100,000 member usernames and passwords were found in plain text on a FTP server. A (luckily) well-intentioned researcher demonstrated that, once again, the need for better data protection measures at the server level had failed to be addressed. This incident in particular displayed two significant issues: firstly the IEEE didn’t consider […]