Category: Key Management

SaaS Bill of Rights – It’s All About the SaaS

Posted By: Alan Kessler, @kessalan
01 Apr

Recently, we released the results from the cloud edition of our 2015 Insider Threat Report. My colleagues Andy Kicklighter and CJ Radford delved into the results in their blog posts from March 24 and March 26, and I’ve gone into a bit more detail about the findings below. But, the purpose of this blog is to do two things: a) discuss what we hear matters when it comes to successful and safe SaaS consumption and delivery and b) with this […]


Posted By: Alan Kessler, @kessalan
03 Feb
Categories : Cloud Computing, Cloud Security, Data Breach, Insider Threat, Key Management, Privileged User            Leave a comment           

In my blog from September 2014, I wrote “encryption and access controls are your front-line defenses for defending data-at-rest. Given today’s threat environment, encrypt everything possible, everywhere possible.” While lots of things change in 6 months – the projected World Series Champion, the Super Bowl front-runner, Taylor Swift going from tweeting about dating to tweeting about hacking – this recommendation remains constant. <ClickToTweet>: IT Security Improvement – A Guide to the CIO’s Toolbox from @kessalan #DefenderOfData Data-at-rest is susceptible […]

Yesterday, we announced the general availability of Vormetric Data Security Release 5, Version 5.2.1.  This is a full release for our set of Data Security Platform products, including extensive enhancements to our flagship Vormetric Transparent Encryption product, our new Vormetric Application Encryption offering, updates to our Data Security Manager appliance, encryption agents, key management and more.  The release is the culmination of significant work by Vormetric product development, product management and product marketing teams and further extends our platform to […]

General Availability of Application Encryption

Posted By: derektumulak, @tumulak
29 May
Categories : Application Encryption, Data Encryption, Database Encryption, Encryption, Key Management            1Comments            Tags: ,

The Vormetric Data Security Platform Yesterday was a big day for Vormetric, the culmination of the long process of creating a new product – Vormetric Application Encryption.  This offering is a major extension of our Data Security Platform, giving our customers powerful capabilities for granularly encrypting field, column and file data within enterprise and web applications, as well as cloud and big data environments. With the addition of Vormetric Application Encryption to the Vormetric Data Protection Platform, we have created […]

6 steps to preventing another massive breach like eBay’s

Posted By: Andy Kicklighter, @akicklighter (Twitter)
26 May

It seems pretty clear that eBay didn’t properly safeguard their user information. We can expect that perimeters and firewalls will be penetrated – The Verizon data breach report gives a 90% chance of compromising an account after 10 phishing attempts, and malicious software installed as a result  is often undetectable by AV or Network monitoring and penetration tools.  Other attacks on applications (SQL injections, stack overflows) often result in an attacker gaining root privileges on machines and then using the […]

Categories : Data Security, Key Management            Leave a comment            Tags: , , , , , ,

While we’ve since learned it was a relatively unsophisticated attack, the Target data breach remains anchored in the headlines and, thanks to the more recent security breach reported at giant grocery chain Morrisons in the UK, we can’t get away from the risk posed to business by the ‘Insider Threat’. Events of the last few months have thrust the dangers of privileged user abuse into the spotlight. However, while these security incidents do vary in terms of scale and impact, […]

Vendini Data Breach – An Ounce of Prevention

Posted By: Tina Stewart, @socialTIS
25 Jun
Categories : APT, Data Encryption, Data Firewall, Data Security, Key Management            Leave a comment           

Box office and online ticketing provider Vendini found its name in the media due to a database breach that occurred back in March. The company learned that the personal information of its members’ consumer-patrons — including names, mailing addresses, email addresses, phone numbers, credit card numbers and expiration dates — may have been compromised by a third-party criminal actor. While Vendini does not the collect credit card security access code information (e.g., CVV, CVV2, PINs) typically needed to complete credit […]

11 Jun
Categories : APT, Cloud Security, Data Security, Key Management, Privileged User            Leave a comment           

Last week, I attended the New York State Cyber Security Conference in Albany, NY. Themed “Helping Navigate Stormy Seas,” the event offered great, practical advice on a wide range of interesting security topics. Three of my personal favorites were Gerry Grealish’s talk on how to secure the cloud without compromise, Kurt Hagerman’s discussion of changes in PCI compliance and the implications in the cloud, and John Petrequin’s presentation on the seven traits possessed by companies that have survived APT attacks and […]

28 May
Categories : Big Data, Cloud Computing, Data Breach, Data Encryption, Data Protection, Data Security, Key Management            Leave a comment           

This week the 4th annual Vormetric Customer Council convened in beautiful San Francisco to do some sustained thinking, indeed. Customers from Europe, Asia, and North America came together to discuss the data security issues they face today and must prepare to face in the future. Our customers run the gamut from small health care organizations to large financial institutions and government agencies. And one of the great benefits of putting this diverse group of business leaders together in a room […]

Security in Knowledge: A Roundup of RSA 2013

Posted By: Sol Cates, @solcates (Twitter)
28 Feb
Categories : Big Data, Data Breach, Data Protection, Data Security, Key Management            Leave a comment           

RSA 2013 was another interesting round of innovations, progressions and revamps. I am always excited to see how the IS community is progressing and changing itself to meet the business and mission needs of its organizations. This year serves as a great example of how the industry is trying to play catch-up to these needs. The “vibe” is that we as professionals aren’t winning, but we haven’t lost yet, and I couldn’t agree more. The show’s theme is “Security in […]