Video Screencast Help
Encryption Blog
Showing posts tagged with Perspectives
Showing posts in English
Kevin Albright | 19 May 2009 | 0 comments

Kevin AlbrightA recent data breach at Johns Hopkins Hospital was announced that resulted from a single employee working in patient registration who accessed more than 10,000 pieces of personally identifying information. Reports of fraud started back in January and have been traced to records at Johns Hopkins.

The employee in question has been linked to a larger driver’s license fraud scheme in nearby Virginia. These types of incidents have been appearing more and more; while we protect against attacks coming across the internet with firewalls, and malware...

Brian Tokuyoshi | 15 May 2009 | 1 comment

Brian Tokuyoshi - Product Marketing Manager btokuyoshi_webfinal

One of the problems of the Payment Card Industry Data Security Standard is that it will never reach a state of completion. That’s because PCI DSS it defines protections against known security risks, and then maps out a list of things that it must do to meet the minimum requirement for an acceptable level of security.

The goals of PCI DSS are noble, for it establishes practices for handling of sensitive data, and thus ensures security experts address the issues that can’t be taken for granted anymore.

The problem, though, is that PCI DSS sets up the requirements in a way that creates checklists of technology to deploy, which prescribes protection against the known threats. You can’t prescribe...

Brian Tokuyoshi | 12 May 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager btokuyoshi_webfinal

The PGP® Universal Server delivers the administrative functions for the PGP Encryption Platform. It’s the console that’s used by our largest customers to keep tabs on their applications, enforce policy, and provide logging capabilities without having to deploy multiple consoles. PGP uses this platform, as well as 3rd parties who develop applications that support PGP Universal Server so that they do not have to write their own management console. While the administrative functions for PGP Universal Server are well understood, what’s not so commonly known is that PGP...

Shilpi Dey | 01 May 2009 | 0 comments

sdeyShilpi Dey- Product Marketing Manager

PGP Corporation recently announced a new product - PGP® Whole Disk Encryption Workgroup Edition which is specifically tailored to protect small companies and enterprise workgroup’s data on laptops, desktops and USB devices while supporting compliance requirements. PGP Whole Disk Encryption Workgroup Edition provides administrators a simple, intuitive and easy-to-use solution to manage and deploy full disk encryption.  The beauty of this solution is that there is no need to manage servers or databases nor does it require additional dedicated hardware.

PGP Whole Disk Encryption Workgroup Edition consists of a management application (PGP® Whole Disk Encryption Controller) and PGP® Whole Disk...

John Dasher | 10 Mar 2009 | 2 comments

John Dasher - Director of Product Marketing

dasherhead4

One of the more common queries I hear when talking with both customers and the press involves how I manage my computer/data security while traveling. People seem increasingly nervous about this.

There are a variety of best practices that are specific to your operating system platform (which I’ll cover in a future post), there are a number of import safeguards you can take regardless of your specific computing environment. While I personally find this specific solution a bit of a pain in actual practice, I would be remiss if I didn’t point out that the safest approach you can take is to simply not travel with sensitive data. You can’t lose or have stolen what you haven’t brought with you. And...

Brian Tokuyoshi | 09 Mar 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

I had a recent conversation with a friend who just opened a new checking account at a major national bank. My friend was complaining about the difficulty remembering her PIN (personal identification number) for her ATM card because of the policies for the number.

It’s usually passwords that people complain about when it comes to difficult policies.  Typical policies usually require that passwords cannot be shorter than 6 characters, and must have a mix of upper/lower case, numbers, or symbols. Often, such policies make the password computationally safe from a dictionary attack, but users find the resulting password so difficult to memorize that they need a written reminder in order to recall it at a later date.

So I found it interesting that this is a scenario where the PIN was difficult to use.  PIN numbers for ATMs are typically numeric only, so there isn’t the same complexity...

Brian Tokuyoshi | 03 Mar 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

As the Academy Awards wrap up, I’m reminded of the film Amadeus, which won the Oscar for Best Picture in 1985. The eponymous film is a dramatization about the life of Wolfgang Amadeus Mozart. In a famous scene, Emperor Joseph II, offering his opinion on Mozart’s new symphony, comments that,  “There are simply too many notes”, without providing any deeper insight into which particular sequence trouble him.

Enterprises today are facing a related situation, except the issue should be called “too many encryption keys” as well as its closely related issue called “too many encryption products”. Let’s take a common example. Growing concerns about data breach notification laws lead ACME company to deploy a disk encryption product. Over time new requirements emerge, and ACME realizes that they need to...

Shilpi Dey | 03 Feb 2009 | 0 comments

Shilpi Dey - Product Marketing Manager

It arrived in a non-descript envelope, similar to the ones promising exciting credit card offers. I would have tossed it in the recycling bin without opening, except that it was from one of the banks (let’s call it bank “B”) where I had an account, and something made me pause and break open the seal. The letter inside explained that some CDs and tapes containing some of my personal information were lost while being transported to an off-site storage facility. The letter reassured me that security is Bank B’s top priority; however, their archive services vendor had notified them that they could not account for one of several boxes of tapes and CDs being transported to their off-site storage facility. The missing media contained some personal information such as name, address, Social Security number and/or shareowner account information. I was especially relieved that though Bank B had not yet...

Kevin Albright | 02 Feb 2009 | 0 comments

Kevin Albright - Product Marketing Manager

By now I’m sure you’ve heard about last week’s breach at Heartland Payment Systems. The number of total records compromised has not yet been released, but given California’s SB 1386 we should be hearing some sort of estimate soon. What is known is that Heartland has contacted 150,000 merchants that it processes payments for and it handles roughly 100 million credit card and debit card transactions per month. Given that this breach is suspected of starting in October 2008, the quick and dirty math should give you a rough estimate of how big this breach is…Huge! Already companies have been contacting customers, issuing new cards, and we are all put on alert to watch our credit card and debit card statements in the coming months.

The interesting thing about this breach is that Heartland was PCI compliant, and that the nature of this breach fell within the rules of the PCI-DSS v1.2...