Video Screencast Help
Search Video Help Close Back
to help

Encryption Blog

Showing posts tagged with File Encryption
Showing posts in English
The Insider Threat
Kevin Albright | 05 Nov 2012 | 0 comments

Kevin AlbrightA recent data breach at Johns Hopkins Hospital was announced that resulted from a single employee working in patient registration who accessed more than 10,000 pieces of personally identifying information. Reports of fraud started back in January and have been traced to records at Johns Hopkins.

The employee in question has been linked to a larger driver’s license fraud scheme in nearby Virginia. These types of incidents have been appearing more and more; while we protect against attacks coming across the internet with firewalls, and malware...

Read more
Data Loss DB Breach Data - Breaches Classified by Type
Doug McLean | 05 Nov 2012 | 0 comments

The Data Loss Database is a record of data breaches going back to 1995. As such it is one of the most comprehensive records of global breaches. Maintained by the Open Security Foundation, the DataLoss DB is published monthly.

Below is the classification of all recorded breaches by type since 1995.

 

Historical Data Loss by Type

Read more
Heartland Demonstrating Just How Costly Data Breach Can Be
Doug McLean | 05 Nov 2012 | 0 comments

dmclean_webfinalWe spend a lot of space on our blogs talking about the hard and soft costs of data breaches. PGP Corporation also sponsors the annual Ponemon surveys of this topic. I don't tend to focus on it in my blog because I find the crimes that cause breaches so interesting, but last week I saw some new numbers that are truly startling.  Heartland Payment Systems released their Q1 earnings report. According to this story at Forbes.com, Heartland has so far spent $12.6 million to remediate the breach they experienced in December. The...

Read more
PCI DSS is a Game of Catch Up
Brian Tokuyoshi | 05 Nov 2012 | 1 comment

Brian Tokuyoshi - Product Marketing Manager btokuyoshi_webfinal

One of the problems of the Payment Card Industry Data Security Standard is that it will never reach a state of completion. That’s because PCI DSS it defines protections against known security risks, and then maps out a list of things that it must do to meet the minimum requirement for an acceptable level of security.

The goals of PCI DSS are noble, for it establishes practices for handling of sensitive data, and thus ensures security experts address the issues that can’t be taken for granted anymore.

The problem, though, is that PCI DSS sets up the requirements in a way that creates checklists of technology to deploy, which prescribes protection against the known threats. You can’t prescribe...

Read more
Handling Private Keys with PGP Universal
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager btokuyoshi_webfinal

The PGP® Universal Server delivers the administrative functions for the PGP Encryption Platform. It’s the console that’s used by our largest customers to keep tabs on their applications, enforce policy, and provide logging capabilities without having to deploy multiple consoles. PGP uses this platform, as well as 3rd parties who develop applications that support PGP Universal Server so that they do not have to write their own management console. While the administrative functions for PGP Universal Server are well understood, what’s not so commonly known is that PGP...

Read more
Combatting Cyber-terrorism Requires We Play Defense AND Offense
Doug McLean | 05 Nov 2012 | 0 comments

There have been a number of calls lately for the creation of an agency like the Federal Emergency Management Agency (FEMA) focused on the Internet. The theory is that by integrating the currently fragmented cyber-security efforts of the Departments of Defense, Homeland Security, OMB and a half dozen other agencies, that we’ll be better able to respond to cyber-attacks from predators foreign and domestic. While such integration is surely needed and is very effectively documented in the recent report by the Center for Strategic and International Studies (CSIS), I’m not sure that a “Cyber-FEMA” is enough to address the threats now bearing down on the nation’s Internet infrastructure.

While FEMA’s charter is formally defined to be both proactive and reactive, the fact is that it’s core mission is to react when disasters both natural and man-made occur. While it’s easy to build a case that...

Read more
Staying Ahead of the Curve - Getting Key Management Right
Brian Tokuyoshi | 05 Nov 2012 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

btokuyoshi_webfinalIn the pursuit of providing protection for enterprise data, many organizations make the mistake of thinking that their responsibilities to protect data start and end with the deployment of an encryption application. What often happens, in the rush to secure data, is that the need for strategic key management can be overlooked. This often occurs when there’s been an imperative driving the need, such as a new compliance mandate or the revelation of a data breach. These types of incidents can often create a singular focus to deploying encryption products that can unfortunately prove to be short sighted.

For compliance initiatives, sometimes even the best intentioned efforts to protect data can lead to unforeseen...

Read more
Deploying Full Disk Encryption with PGP Whole Disk Encryption Workgroup Edition
Shilpi Dey | 05 Nov 2012 | 0 comments

sdeyShilpi Dey- Product Marketing Manager

PGP Corporation recently announced a new product - PGP® Whole Disk Encryption Workgroup Edition which is specifically tailored to protect small companies and enterprise workgroup’s data on laptops, desktops and USB devices while supporting compliance requirements. PGP Whole Disk Encryption Workgroup Edition provides administrators a simple, intuitive and easy-to-use solution to manage and deploy full disk encryption.  The beauty of this solution is that there is no need to manage servers or databases nor does it require additional dedicated hardware.

PGP Whole Disk Encryption Workgroup Edition consists of a management application (PGP® Whole Disk Encryption Controller) and PGP® Whole Disk...

Read more
Cybersecurity Act of 2009
Doug McLean | 05 Nov 2012 | 2 comments

dmcleanEarlier this month, Senators John Rockefeller (D, West Virgina) and Olympia Snowe (R, Maine) introduced S.773, the Cybersecurity Act of 2009. It's actually a companion bill to one they proposed a few days earlier to create a cabinet level Cybersecurity Czar. It's S.773,  however, that contains all of the meat in the Senate's attempt to legislate better cybersecurity. We've seen half-hearted attempts to do this in the past, but as Chairman of Senate Committee that overseas Commerce, Science and Transportation, Senator Rockefeller's bill will be seriously considered and Senator Snowe's presence on the co-sponsor list indicates that it will also have at least some bipartisan support.

At 53...

Read more
Encryption and Disk Imaging - Part I
Bryan Gillson | 05 Nov 2012 | 0 comments

Encryption can be a transformative and disruptive technology. It can transform otherwise perfectly good data into something completely unreadable, potentially disrupting typical enterprise systems such as data leak prevention, disk imaging, help desk operations, and data recovery.

Often, ensuring that these systems work well with encryption products requires collaboration between PGP® Corporation and our partners. Internally we refer to the combination of these partners and our customers as the "PGP Ecosystem". An excellent example of how the ecosystem is addressing one of these thorny issues is disk imaging.

Over the years, imaging has grown from a rarely-used, fairly obscure IT time saver, to a critical component of an enterprise (or individual) backup and deployment strategy. But how does a PGP Whole Disk Encryption (WDE) deployment affect this strategy? What happens...

Read more