The assumption that software security can stay ahead of the hackers is not true because the software security industry is always reacting to threats that hackers expose. Once hackers start exploiting a flaw in an application, security companies try to block the resulting threat by providing security updates for existing software or by developing new programs. Either way, hackers will be one step ahead because the software security industry can’t predict what new threats the hackers will unleash.
Federal governments and major technology firms are arguing for or against encryption, respectively. But why?
Due to recent political turmoil and devastating events overseas, the topic of end-to-end encryption has reentered public discussion. At the center of the debate, you have federal governments and major technology firms, each arguing for or against encryption.
Data Masking/Tokenization/Anonymization replaces sensitive information with fictitious data while retaining the original data format. The data masking process lets you continue to work with your data as if it were not encrypted. Databases, business applications and collaboration software continue to work as if the data was real, but unauthorized personnel only have access to the fake data and can’t extract meaningful sensitive information.
Jurisdictions around the world, including the European Union and Canada, are enacting laws and creating regulations forcing companies that collect personally identifiable information (PII) to store the data of their residents within their national boundaries. This concept is known as data residency and the idea is that local privacy laws will apply to data stored locally. Since privacy laws differ depending on the jurisdiction, it makes sense that Europeans, for example, want to be protected by their own laws. The problem is that data residency has never provided this kind of protection and recent court rulings in San Francisco and Canada highlight this fact.
Email is one of the most critical business tools and a major component of the lives of many people. At the same time, it seems to lack adequate security as the Clinton campaign email leaks and the publication of France’s Macron emails have shown. Email is at the same time insecure but used to share important and often sensitive information.
A lack situational awareness is hurting the ability of companies and the public sector to adequately protect sensitive information. Intellectual property, sensitive business data, personally identifiable information and infrastructure access, are at risk. Situational awareness in the context of cybersecurity involves the following three areas:
According to the National Cyber Security Alliance, 556 million personal records are stolen every year, which means that 18 people experience the theft of their sensitive information every second. These statistics paint a bleak picture for businesses and consumers, but not all hope is lost. Armed with cutting-edge cybersecurity tools, everyone can protect themselves from data theft.
In part one of this two-part series, we discussed the most important aspects when it comes to choosing a cybersecurity solution: the certifications. These third-party accreditations help guide decision-making processes, informing businesses and consumers of which cryptographic engines are powerful and which solutions actually provide data protection.
I f you don't have anything to hide, then why would you object if the police come to your home to search and take pictures of your documents without your permission?
Unfortunately for you as a consumer, the discussion regarding data protection is often focused on corporations and what they can do to prevent hackers from accessing mission-critical communications and intellectual property. The world needs a reawakening when it comes to personal data security, because right now, this issue is not taken seriously enough, and many people just don't understand that government surveillance programs are a massive infringement on privacy.
Countries are establishing data residency regulation to protect private and classified data generated from their citizen by mandating storing this information within that country (the country of origin). The theory is that the laws of the country in which the data is stored apply to that data. Large cloud providers such as Amazon, Microsoft, Salesforce are opening cloud data centers outside their home countries (Cloud Data Center Expansion Race) to satisfy these laws. The question is “Does Data Residency Reduce Cloud risks?
No matter how much law firms invest in data loss prevention and information protection, the government wants to be able to access private, personal and corporate data whenever it wants. The Washington Post reported that for months now, federal law enforcement agencies and other government organizations have been arguing over whether tech companies should give the government access to a secret backdoor on computers, mobile devices and other systems. This would allow federal agencies and law enforcement to bypass encryption protocols, which gives those organizations insight into emails, phone calls, text messages and other communications.
This article is the third in a series that discusses data breach threats and possible solutions. The first two articles, “What You Need to Know,” and “Threats and Consequences,” make it clear that businesses need to take action to reduce data breach risks. The current article presents encryption as a possible solution but details what type of encryption is needed to effectively address data breach issues.