Category: Key Management

Securely Swiping for Holiday Sales

Posted By: Alan Kessler, @kessalan
01 Nov
Categories : Data Security, Key Management, Mobile Payments, PCI DSS            Leave a comment           

It’s officially the first of November, which means the holiday shopping season is almost upon us. With Black Friday and Cyber Monday rapidly approaching, there’s no better time to discuss our evolution towards a digitally-oriented consumer shopping experience – and what it means for merchant and customer security. Click to Tweet: Securely Swiping for Holiday Sales @kessalan Just a decade ago, walking into a mall or local shop and handing over cash or a credit card to a […]

04 Oct
Categories : Key Management            Leave a comment           

As cybersecurity risks increasingly threaten both corporate and public well-being, lawmakers and regulators alike are enhancing existing data security compliance requirements, implementing new legal frameworks and defining new regulations to respond to increasing internal and external hazards. Compliance mandates, data residency requirements, government regulations and best practices require enterprises protect and maintain encryption keys in accordance with specific frameworks and laws. To meet the requirements of these frameworks and laws, enterprises must also meet specific maintenance and storage requirements. Salesforce […]

SaaS Bill of Rights – It’s All About the SaaS

Posted By: Alan Kessler, @kessalan
01 Apr

Recently, we released the results from the cloud edition of our 2015 Insider Threat Report. My colleagues Andy Kicklighter and CJ Radford delved into the results in their blog posts from March 24 and March 26, and I’ve gone into a bit more detail about the findings below. But, the purpose of this blog is to do two things: a) discuss what we hear matters when it comes to successful and safe SaaS consumption and delivery and b) with this […]


Posted By: Alan Kessler, @kessalan
03 Feb
Categories : Cloud Computing, Cloud Security, Data Breach, Insider Threat, Key Management, Privileged User            Leave a comment           

In my blog from September 2014, I wrote “encryption and access controls are your front-line defenses for defending data-at-rest. Given today’s threat environment, encrypt everything possible, everywhere possible.” While lots of things change in 6 months – the projected World Series Champion, the Super Bowl front-runner, Taylor Swift going from tweeting about dating to tweeting about hacking – this recommendation remains constant. <ClickToTweet>: IT Security Improvement – A Guide to the CIO’s Toolbox from @kessalan #DefenderOfData Data-at-rest is susceptible […]

Yesterday, we announced the general availability of Vormetric Data Security Release 5, Version 5.2.1.  This is a full release for our set of Data Security Platform products, including extensive enhancements to our flagship Vormetric Transparent Encryption product, our new Vormetric Application Encryption offering, updates to our Data Security Manager appliance, encryption agents, key management and more.  The release is the culmination of significant work by Vormetric product development, product management and product marketing teams and further extends our platform to […]

General Availability of Application Encryption

Posted By: derektumulak, @tumulak
29 May
Categories : Application Encryption, Data Encryption, Database Encryption, Encryption, Key Management            1Comments            Tags: ,

The Vormetric Data Security Platform Yesterday was a big day for Vormetric, the culmination of the long process of creating a new product – Vormetric Application Encryption.  This offering is a major extension of our Data Security Platform, giving our customers powerful capabilities for granularly encrypting field, column and file data within enterprise and web applications, as well as cloud and big data environments. With the addition of Vormetric Application Encryption to the Vormetric Data Protection Platform, we have created […]

6 steps to preventing another massive breach like eBay’s

Posted By: Andy Kicklighter, @akicklighter (Twitter)
26 May

It seems pretty clear that eBay didn’t properly safeguard their user information. We can expect that perimeters and firewalls will be penetrated – The Verizon data breach report gives a 90% chance of compromising an account after 10 phishing attempts, and malicious software installed as a result  is often undetectable by AV or Network monitoring and penetration tools.  Other attacks on applications (SQL injections, stack overflows) often result in an attacker gaining root privileges on machines and then using the […]

Categories : Data Security, Key Management            Leave a comment            Tags: , , , , , ,

While we’ve since learned it was a relatively unsophisticated attack, the Target data breach remains anchored in the headlines and, thanks to the more recent security breach reported at giant grocery chain Morrisons in the UK, we can’t get away from the risk posed to business by the ‘Insider Threat’. Events of the last few months have thrust the dangers of privileged user abuse into the spotlight. However, while these security incidents do vary in terms of scale and impact, […]

Vendini Data Breach – An Ounce of Prevention

Posted By: Tina Stewart, @socialTIS
25 Jun
Categories : APT, Data Encryption, Data Firewall, Data Security, Key Management            Leave a comment           

Box office and online ticketing provider Vendini found its name in the media due to a database breach that occurred back in March. The company learned that the personal information of its members’ consumer-patrons — including names, mailing addresses, email addresses, phone numbers, credit card numbers and expiration dates — may have been compromised by a third-party criminal actor. While Vendini does not the collect credit card security access code information (e.g., CVV, CVV2, PINs) typically needed to complete credit […]

11 Jun
Categories : APT, Cloud Security, Data Security, Key Management, Privileged User            Leave a comment           

Last week, I attended the New York State Cyber Security Conference in Albany, NY. Themed “Helping Navigate Stormy Seas,” the event offered great, practical advice on a wide range of interesting security topics. Three of my personal favorites were Gerry Grealish’s talk on how to secure the cloud without compromise, Kurt Hagerman’s discussion of changes in PCI compliance and the implications in the cloud, and John Petrequin’s presentation on the seven traits possessed by companies that have survived APT attacks and […]