-
Mar 12, 2012
Like most conferences, there were several key themes and buzzwords being bandied about at this year’s RSA Conference. Some of the hot topics on the showroom floor included terms like consumerization, mobility and last but not least, big data.
Read full post >
-
Sep 16, 2011
In my last post I discussed the transition of stealing sensitive data from retail to higher education to hospitality, and suggested that health care will be next. Now I thought I would focus in on why I believe this to be true.
Read full post >
-
Sep 08, 2011
Having been involved in B2B services over the past two decades, I have seen a lot of change in the industry. The pervasiveness of EDI hit its stride in the 90’s with pc-based EDI translation software to provide rapid enablement of the supplier base for enterprise companies. PC-based software began with dial-up modems, but eventually evolved in the late 90’s toward usage of the “always on” Internet. In fact, the company I worked for at the time was involved with the CommerceNet consortium work to test the viability of the Internet as a message delivery backbone.
Read full post >
-
Jun 30, 2011
While at the Gartner Security Summit last week, I took a journey across Northern Virginia, where I used to live twelve years ago. Crossing over the Woodrow Wilson Bridge, I was overwhelmed by the amount of construction taking place on the I-495 Capital Beltway.
Read full post >
-
May 03, 2011
Despite stronger PCI DSS enforcement and compliance, it’s clear that data thieves are still plying their trade. Within a four-week period, there were four high-profile breaches:
Read full post >
-
Apr 17, 2011
With the Data Protection Act of 1998 and the EU Data Protection Directive, UK and European companies have plenty of reason to ensure that sensitive consumer and employee information is safe. And, of course, many companies also have to comply with the Payment Card Industry’s Data Security Standard (PCI DSS).
Read full post >
-
Apr 13, 2011
I’ll be in London next week for Infosecurity Europe, April 19-21. I kept my schedule open for the following week in case I received an invitation to the Royal Wedding. But, alas, it never came. That said, I’m still really looking forward to my stay in the UK and being able to talk the Data Security talk face-to-face with our UK customers.
Read full post >
-
Mar 23, 2011
I read with interest the latest report from the Ponemon Institute, “What Auditors Think about Crypto” (also see Search Security’s article on the subject), which concluded that they prefer encryption over tokenization or other cryptographic techniques to mask sensitive information. While I'm a fan of all of the Ponemon Institute studies and we’re a partner with the paper’s sponsor, Thales, who provides hardware security modules for encryption, I think that it’s a stretch to plainly say that encryption was chosen over tokenization without qualifying the context. Here’s why:
Read full post >
-
Mar 02, 2011
Is it just me, or are you also hearing lots of pre-conference buzz about the cloud and cloud security? Granted, security in the cloud has been debated at the two most recent RSA conferences. But it’s not going away. The Buzz continues. And now there’s lots of buzz about new technologies headed to the clouds.
Read full post >
-
Feb 14, 2011
Gary Palgon here, reporting from Booth 733 at RSA 2011 in San Francisco. The weather’s fine and folks are doing back flips over our new cloud-based tokenization solution!
Read full post >
-
Jan 31, 2011
Yesterday, the PCI Security Standards Council released a supplemental guidance paper on the use of Point-to-Point Encryption (P2PE). Much to their credit, “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” is one of several guidance papers the Council will publish to help merchants better understand how a variety of emerging technologies can benefit their data security and compliance programs. For example, P2PE is effective in reducing risk and scope for PCI DSS compliance when implemented properly.
Read full post >
-
Jan 23, 2011
Numerous costly and brand-damaging data breaches and a host of data privacy and security regulations are spurring organizations around the world to do a better job of protecting consumer data. That said, one of the oft overlooked areas for data protection is also one of the most vulnerable – call centers.
Read full post >
-
Jan 13, 2011
I remember sitting in a Boston hotel meeting room in early 2007 when we first formed the now defunct Payment Card Industry’s Security Vendor Alliance (PCI SVA). It was a group of about 25 vendors across the PCI landscape all trying figure out how to make PCI compliance easier for merchants. One of the topics that bubbled to the top was that the encryption and key management solutions needed some type of certification as it relates to PCI Data Security Standard (PCI DSS) from the PCI Security Standards Council (PCI SSC). Repeated requests yielded the same answer which is that the PCI SSC was vendor agnostic and did not want to get into the business of application certifications.
Read full post >
-
Sep 23, 2010
The PCI SSC Community Meeting held this week in Orlando had the biggest attendance ever -- more than 1,000 delegates from over 500 organizations. And the European version of this meeting, to be held in Barcelona next month (yes, I’m calling it a business trip), has already exceeded registration from all previous years.
Read full post >
-
Apr 30, 2010
The debate is over. It’s time to collaborate!
The value of tokenization is indisputable. We’re seeing, for example, that tokenization is helping a global online retailer reduce its PCI DSS audit scope by more than 90%, with like cost and resource savings! Tokenization isn’t just for the big guys. Even medium-sized retailers are reducing the complexity and costs associated with PCI DSS – thanks to tokenization.
Read full post >
-
Feb 08, 2010
Data Loss Protection or Data Leak Prevention (DLP) applications are often used to discover credit card and other personally identifiable information in enterprises. If you don’t know where sensitive data exists, how can you protect it?
Read full post >
-
Jun 19, 2009
The ISSA-UK Chapter meeting was held last Thursday evening at the London offices of KPMG and attended by about 60 information security professionals. There were three speakers covering an update from the Information Commissioner Office, the legal aspects of data security and how to reduce the scope of PCI DSS compliance using tokenization - the last one given by yours truly.
Read full post >
-
Apr 29, 2009
I send you greetings from the UK. At least I think that’s where I am! With just 24 hours at home between the RSA Conference in San Francisco and InfoSecurity Europe in London, I’m not sure what time zone I’m in -- PST, EST, GMT! All kidding aside, yesterday’s InfoSecurity Europe 2009 kickoff was great. Whilst (that’s how they say it here) the conference is not as big as RSA, there’s a lot more glitz and glamour in the exhibition hall - game shows, in-booth bars and any number of costumed people to get folks to stop by their booths.
Read full post >
-
Apr 24, 2009
I check out of my hotel early this Friday morning and am now on an airplane headed home from the RSA Conference 2009. It was nice that I could simply leave the hotel without checking out since they are going to simply just charge the bill to my credit card. I’m hoping that my credit card number has been stored at the hotel in an encrypted state since I gave it to them on Monday.
Read full post >
-
Apr 23, 2009
With data protection as one of the key challenges facing enterprises around the world, and the need to comply with critical mandates like the PCI-DSS, encryption has become a de-facto strategic weapon in organizations’ data protection arsenals.
Read full post >