Blog

Posts Tagged ‘encryption’

« Older Entries

Time Is Running Out

Tuesday, December 27th, 2011

I know you are busy spending time with family, enjoying the holidays, and not even thinking about business, or protecting your data — but time is running out.

Zecurion is offering special discount pricing on our award-winning data loss prevention and encryption products through the end of the year. Is your data adequately protected? Do you have the right tools in place to enable you to exercise some control over how and where your sensitive data goes without getting in the way of productivity?

You simply purchase the one-year support agreement, and we’ll throw in the product license for free. It is an 80 percent savings off the normal price. You owe it to yourself — and the employees, customers, vendors, and others that trust you with sensitive data — to take advantage of this offer before the ball drops at midnight on December 31.

Your 2012 will be much happier if you have the peace of mind that comes with knowing your data is protected. Happy New Year!

Tags: , , , , , ,
Posted in Data Storage Security | No Comments »

Data Breaches Cost More than Data Protection

Friday, September 16th, 2011

Tony Bradley, Chief Marketing Officer for Zecurion, recently joined host Tom D’Auria on the IMI-TechTalk radio show to talk about data protection. The daily headlines of data being stolen, compromised, and exposed suggests that many organizations either don’t understand the risks, or fail to implement adequate protection. Often, those decisions are driven by dollars–organizations simply feel they can’t afford data loss prevention (DLP) or data encryption technologies that could prevent data breaches.

Unfortunately, many of those businsses end up learning the hard way that this approach is penny wise but pound foolish. Saving a few dollars in the short term can have significant repurcussions when it costs the company exponentially more to recover from a data breach incident. You can listen to the entire IMI-TechTalk show by playing the recorded version from the IMI-TechTalk blog site.

Tags: , , , ,
Posted in Data Storage Security | 1 Comment »

If Bad Guys Steal Your Key, It’s Time to Change the Lock

Tuesday, May 31st, 2011

Earlier this year the network at RSA Security was breached and information related to SecurID authentication tokens was compromised. Since then, security experts have been waiting to see what the fallout would be, and now we know.

Lockheed-Martin revealed that its networks were targeted by attackers. The defense contractor has not specifically stated that the compromised RSA SecurID tokens were a factor, but clues support that conclusion. Thankfully, Lockheed-Martin was able to very quickly detect and identify the attack, and take swift action to protect data so that no sensitive information was compromised.

The situation basically amounts to knowing that a thief stole the keys to your house, but then not bothering to change the locks and hoping nothing will happen. In this analogy, Lockheed-Martin apparently had some well-trained attack dogs on the other side of the door to prevent intrusion. But, many companies of all sizes rely on RSA SecurID tokens, and not all of them have the security skills or resources of Lockheed-Martin.

Don’t just sit with your fingers crossed hoping the bad guys won’t show up. Change the locks. Make sure that the compromised RSA SecurID tokens can not be used to gain access to your network, and make sure you have tools in place to detect suspicious activity and prevent sensitive information from leaving the network.

Tags: , , , , ,
Posted in Data Storage Security | 2 Comments »

Don’t Let Your Company Join the Data Breach Epidemic

Thursday, May 12th, 2011

I know I sound like a broken record, but it’s not my fault. You can’t go online, turn on the TV, or pick up a newspaper without seeing news of some major data breach exposing sensitive data on millions of users. Why?

Don’t get me wrong. I understand that there is no security silver bullet. Given an attacker with enough time, skill, and dedication, there is no server or network fortified such that it can’t be hacked. In fact, I think security administrators should keep the mindset that it is a matter of when, not if, a server will be hacked. But, as I have pointed out previously in this blog, a server breach does not have to be a data breach.

I wrote a consumer-oriented article detailing how individual users can take steps to try and protect their own data and shield it from being exposed by the companies they have entrusted it to. But, IT admins and security administrators also need to take proactive steps to prevent data from being compromised, and keep their own organization out of the headlines.

Data breaches are expensive. Really expensive. Never mind the fact that a data breach on your watch could cost you your job. Do yourself a favor. Save your organization the hassle and the money, and help preserve your job security by contacting Zecurion and finding out just how easy it is to protect your data and prevent your company from becoming a data breach epidemic statistic. Wouldn’t you rather be a hero than a fall guy?

Tags: , , , ,
Posted in Data Storage Security | No Comments »

Why You Should Use Self-Encrypting Drives

Monday, April 25th, 2011

Laptops and external hard drives are lost or stolen just about every hour of every day. It could be from an office, a car, a home, sitting at a coffee shop, hanging out in an airport terminal waiting for a flight, forgetting a bag in a taxi–it doesn’t really matter how it happens. The problem is that those laptops and drives typically contain 250GB or more of data–much of which might be sensitive or confidential in nature.

The whole point of the laptop and portable storage is to be able to be productive on the go, so it is not a practical solution to try to just ban the storage of such data on laptops or portable drives. Some workers need that data to do their jobs.

However, “locking down” the laptop with a username and password for logging in to the operating system does not protect the data. There are a thousand ways for a resourceful hacker to bypass most traditional protection and access the data contained on the drive itself.

Zecurion’s Zlock is an effective means of enforcing data policies, and minimizing the exposure of sensitive information on removable media, and Zecurion’s Zserver Suite–Zserver Storage and Zserver Backup–are great tools for encrypting and protecting data at rest on servers and backup media, but you also need to protect data on laptops and portable storage devices. There are a variety of solutions for encrypting the data. Microsoft Windows has BitLocker and BitLocker To Go for encrypting data. There are also open source tools like TrueCrypt, or secure drives like the Aegis Padlock.

You might need to resort to those tools, though–or you can consider them as an additional layer of security. The self-encrypting drive is quickly evolving from a niche premium to a mainstream commodity. The advantage of the self-encrypting drive is that the hardware-based encryption has little impact on performance, and the fact that the keys are generated and stored locally reduces the administrative overhead.

Bottom line–with self-encrypting drives becoming an established standard, there is no excuse for data on laptops and portable storage devices to be unprotected.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

No Excuse for Lightning to Strike Twice at Health Net

Tuesday, March 22nd, 2011

There is a saying something to the effect of “Fool me once, shame on you. Fool me twice, shame on me.” Well–shame on Health Net for getting hit with its second massive breach of customer data in as many years. Thanks to nine unecnrypted drives getting “lost” during a move to a new data center, Health Net has potentially exposed sensitive data on 1.9 million customers.

Ericka Chickowski notes in an article on Dark Reading that, “According to the most recent Ponemon Institute figures, the average data breach costs healthcare organizations $345 per records. Using those numbers, this breach could cost Health Net upward of $655 million when all is said and done.”

I get it. On some level I understand that security is an expense and requires effort, and that it is easy to assume that security incidents and data breaches only happen to other companies. It is easy to rationalize gambling with sensitive customer data and assume that having information lost or stolen is about as likely as getting struck by lightning.

But, there isn’t really any excuse for getting struck by lightning twice. Health Net should have learned its lesson the first time around and taken steps to proactively encrypt and protect data on server drives and backup media. A solution from Zecurion would have cost Health Net a fraction of a percent of that estimated $655 million in damages from the data breach–virtually nothing in the grand scheme of things.

Don’t assume that lightning can’t strike at your organization. Your data, and the personal information of your customers, deserve better protection than keeping your fingers crossed and hoping for the best.

Tags: , , , , , ,
Posted in Security Breaches & Data Loss Incidents | No Comments »

Gigabytes of Data Gone in a Flash

Thursday, March 3rd, 2011

Have you ever lost a USB thumb drive? I have so many, I am not even sure I would notice if one was missing. I am positive that some have been misplaced over time. Thankfully, none of my USB thumb drives have any private or sensitive information I care about on them. Lost thumb drive? No sweat. The next tech conference or event I go to, I am bound to get three or four new ones.

For many companies, unfortunately, thumb drives also get lost–but contain sensitive data that is not properly protected. For example, an employee of the Henry Ford Health System in Michigan recently lost a USB flash drive containing unencrypted information on nearly 3,000 patients.

Apparently, Henry Ford Health System has a policy in place mandating that such data be encrypted. The article states, “The device is not encrypted as required to protect individual patient information.” It also says, “hospital officials said it’s still unclear how the flash drive was lost.”

I think this brings up two valuable points. First–it is only marginally relevant how the flash drive was lost. Maybe it was stolen. Maybe it got left in a pair of pants and washed with the laundry. Maybe it fell out of the employee’s pocket. The bottom line is that determining how the USB flash drive was lost is unlikely to yield any useful results to prevent a similar occurrence in the future.

Second, it demonstrates that an unenforced policy is about as effective as not having a policy in the first place. Whether the employee intentionally ignored the policy, or made an honest mistake, the fact is the policy wasn’t followed and now personal information on almost 3,000 patients is assumed exposed or compromised as a result.

Establishing a policy is an important step, but it is just a first step, not the end of the journey. IT admins need to have tools in place that can monitor systems and ensure the policy is followed and enforced as well.

Tags: , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

Zserver Provides the Protection Data Deserves

Monday, October 4th, 2010

Zserver Suite provides organizations with complete protection of their data residing on servers and backup media by transparently encrypting and safekeeping all business-critical and confidential customer information. In other words, it just works–ensuring that data is secure and protected from unauthorized access even on lost or stolen devices.

Check out 12 Reasons Why Zserver Suite is the Ultimate Data Protection to learn more.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

RAID Provides Data Integrity and Availability, But Not Security

Wednesday, August 4th, 2010

In the storage realm RAID architecture continues to be very popular and is widely used by different vendors because it allows for the combination of different hard drives into one fast, reliable and
spacious storage device that satisfies nearly all enterprise data storage needs. However, along with all the well known benefits of RAID architecture a common misconception continues to exist; many IT
professionals still believe that the data stored on RAID devices is secure.

This false belief stems from the basic concept of RAID – distributing the data among many hard drives which disrupts files formats and makes the stealing of one particular hard drive from the RAID system useless for an attacker. This white paper highlights the threats to data in a RAID architecture and outlines why additional data protection procedures should be employed to ensure complete protection and compliance with the ever-increasing regulatory mandates for securing sensitive data.

Tags: , , ,
Posted in Data Storage Security | 1 Comment »

Hell Pizza Needs to Add Some Encryption to the Menu

Tuesday, August 3rd, 2010

A popular pizza chain in New Zealand–Hell Pizza–has been victimized by cyber attackers. The personal information–including name, address, email address, phone number, account password, and even past pizza orders–of over 230,000 Hell Pizza customers has been exposed in the database breach.

Hell Pizza director Warren Powell said ”We are honestly taking this very seriously. The last thing we have wanted to do is inconvenience our customers. We take customers’ personal details bloody seriously and we spend a lot of money on security.”

Apparently, Hell Pizza needs to learn that the quality of the security spending is more important than the quantity. Unfortunately, spending the most money is not a valid measure of the effectiveness of network security measures. Had Hell Pizza invested in Zserver Storage, the information on the breached database would have been encrypted and the only thing exposed to attackers would be useless gibberish.

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

« Older Entries