Categories : Data Encryption, Data Protection, HIPAA, HITECH            Leave a comment           

As I see the seemingly endless reports of breaches it does seem obvious that progress in the protection of healthcare still lags. HIPAA HITECH certainly have spurred some action, but it’s obvious that the protection tactics aren’t sufficient to protect against the data thieves and hackers. And for the most part, the industry has begun moving towards more robust data protection strategies, as opposed to implementing point solutions. But the numbers mentioned by Office of Civil Rights at HHS, 50,000 […]

Categories : Data Protection, Data Security            Leave a comment           

I recently read a Mandiant research report indicates that Hikit, a backdoor Trojan, has targeted a number of smaller defense contractors for the purpose of conducting industrial espionage. This latest series of attacks highlights the difficulty that many companies face in protecting sensitive data. As we continue to focus on building higher and higher perimeter fences to keep the bad guys out, we often lose sight of what’s behind that fence – the data. What’s more, companies often focus their […]

Portable Security: Data Protection in the Cloud

Posted By: Tina Stewart, @socialTIS
06 Aug
2012
Categories : Cloud Computing, Data Protection, Data Security            Leave a comment           

Cloud computing has changed the way that companies do business. The ability to leverage economies of scale have allowed businesses to stretch scarce resources – the old “do more with less” mandate with which companies, and particularly IT departments, are often hit during tight economic times. But while private clouds can make it easier for organizations to build availability and scale resources, it can also make data protection in the cloud more complex. A recent article in Datamation titled “Private […]

Categories : Data Breach, Encryption            Leave a comment           

It’s now a week since web giant Yahoo suffered a reported breach of its systems. Whilst the company has remained tight lipped over the event, several sources cited hacking collective D33D as the perpetrators of the incident and stated that an SQL injection attack opened access to close to half a million unencrypted user passwords from a Yahoo web database. The very fact is, this isn’t the first large brand that we’ve seen fall victim to a security breach, and […]

An Ounce of Prevention is worth a Pound of Cure

Posted By: Tina Stewart, @socialTIS
14 May
2012
Categories : Data Encryption, HIPAA, HITECH, Key Management            Leave a comment           

The recent Blue Cross Blue Shield Data Breach highlights an often overlooked risk to data; that of recycled, or unused hardware which is in storage. In the BCBS example, 57 hard drives were stolen from a secure locker at a former call center location. The theft was not believed to have targeted the data but rather was the result of a burglar looking for hardware to steal and resell. Unfortunately for Blue Cross Blue Shield, the result was the same. […]

ESG White Paper: Dear CISOs, The Time is Now

Posted By: Tina Stewart, @socialTIS
19 Apr
2012
Categories : Data Protection, Data Security, Encryption, Key Management            Leave a comment           

In the current data security environment, encryption is often touted as the grand cure-all. Simply implement an encryption solution and your data security woes will be behind you. While encryption can be a powerful tool in the data protection arsenal, assisting companies in achieving regulatory compliance as well as offering a high degree of protection to sensitive data, it must be done in a strategic manner. Encryption as it’s been adopted today is more often implemented as a point solution, […]

Is Big Data a Big Deal?

Posted By: Tina Stewart, @socialTIS
09 Apr
2012
Categories : Data Security, Database Encryption, File Encryption            Leave a comment           

“Big Data” appears to be a recurring theme of 2012. Companies are retaining more and more data in an effort to find the competitive edge. Much like the AETV show “Hoarders”, companies are simply retaining all of their data and refusing to delete the information for fear that it may “possibly be needed one day”. As stated by Forrester analyst John Kindervag: “If I’m a hacker of Anonymous, or part of an APT group, I’m really excited about the Big […]

Compliance & Security: Tomato, To-mah-to?

Posted By: Tina Stewart, @socialTIS
02 Apr
2012
Categories : HIPAA, HITECH, PCI DSS, State Data Breach Notification            Leave a comment           

The very cleverly titled story on CSO Online “Barclays Contactless Card Users Exposed to Fraud” appears to suggest that Barclay Card’s Near Field Communication (NFC) cards are ‘vulnerable’ as the data is stored ‘unencrypted’. According to the story, using an NFC enabled smartphone, ViaForensics was able to capture the NFC data from the card. This data was subsequently used to make purchases through several merchants that were not using required fraud controls. When asked, Barclays stated that they were “in […]