Encryption, Key Management, and Data Security…Oh My!
This has been a busy year at Townsend Security with the addition of 2FA, the introduction of Key Management in AWS, Azure, and Key Connection for Drupal. Looking back over our data security blog and the most-viewed topics, I wonder... Did you miss out on any of these? Take some time to check them out!
Heartbleed and the IBM i (AS/400)
by Patrick Townsend (April 11, 2014)
Key take-away: It is important to understand that while the IBM i platform may not be directly vulnerable to the Heartbleed problem, you may have lost IBM i User IDs and passwords over VPN or other connections which are vulnerable. An exploit of Heartbleed can expose any information that you thought was being protected with session encryption.
From the blog article you can download additional content:
Ebook: Turning a Blind Eye to Data Security
What are the Differences Between DES and AES Encryption?
by Michelle Larson (September 4, 2014)
Key take-away: Even Triple DES (3DES), a way of using DES encryption three times, proved ineffective against brute force attacks (in addition to slowing down the process substantially).
From the blog article you can download additional content:
White Paper: AES Encryption & Related Concepts
Encryption & Key Management in Windows Azure
by Michelle Larson (February 13, 2014)
Key take-away: In February 2014 we released the first encryption key manager to run in Microsoft Windows Azure. This blog highlights four of our most frequently asked questions about providing data security IN the Cloud.
From the blog article you can download additional content:
Podcast: Key Management in Windows Azure
Homomorphic Encryption is Cool, and You Should NOT Use It
by Patrick Townsend (October 6, 2014)
Key take-away: Homomorphic encryption is a promising new cryptographic method and hopefully the cryptographic community will continue to work on it. It has yet to achieve adoption by standards bodies with a proper validation processes.
From the blog article you can download additional content:
eBook: the Encryption Guide
Authentication Called For By PCI DSS, HIPAA/HITECH, and GLBA/FFIEC
by Michelle Larson (March 24, 2014)
Key take-away: Two-factor authentication (2FA) plays a critical role in both meeting compliance regulations and following data security best practices. This trend will only grow within various industries and throughout the overall data security environment.
From the blog article you can download additional content:
2FA Resource Kit: White paper, Webinar, Podcast
Encrypting Data In Amazon Web Services (AWS)
by Patrick Townsend (August 28, 2014)
Key take-away: Amazon Web Services is a deep and rich cloud platform supporting a wide variety of operating systems, AWS services, and third party applications and services. This blog explores some of the ways that our Alliance Key Manager solution helps AWS customers and partners protect this sensitive data.
From the blog article you can download additional content:
Podcast: Encrypting Data in AWS
Key Connection - The First Drupal Encryption Key Management Module
by Michelle Larson (February 21, 2014)
Key take-away: Working together to solve the Drupal data security problem, the security experts at Townsend Security and Drupal developers at Cellar Door Media have released the Key Connection for Drupal solution, which addresses the need for strong encryption and encryption key management within the Drupal framework. Now personally identifiable information collected during e-commerce checkouts and user account that contain names and e-mail addresses can be easily encrypted, and the encryption keys properly managed, by organizations that collect and store that sensitive information.
From the blog article you can download additional content:
Podcast: Securing Sensitive Data in Drupal
Nine Guidelines for Choosing a Secure Cloud Provider
by Patrick Townsend (July 8, 2014)
Key take-away: Security professionals (CIOs, CISOs, compliance officers, auditors, etc.) and business executives can use the following set of key indicators as a way to quickly assess the security posture of a prospective cloud provider and cloud-based application or service. Significant failures or gaps in these nine areas should be a cause for concern and suggest the need for a more extensive security review
From the blog article you can download additional content:
eBook: The Encryption Guide
Never Lose an Encryption Key in Windows Azure
by Patrick Townsend (March 7, 2014)
Key take-away: This blog discusses backup/restore, key and policy mirroring, availability sets, and mirroring outside the Windows Azure Cloud. Alliance Key Manager in Windows Azure goes the distance to help ensure that you never lose an encryption key. You might be losing sleep over your move to the cloud, but you shouldn’t lose sleep over your encryption strategy.
From the blog article you can download additional content:
Free 30-day Evaluation of Alliance Key Manager for Microsoft Azure
3 Ways Encryption Can Improve Your Bottom Line
by Michelle Larson (May 20, 2014)
Key take-away: In a business world that is moving more towards virtualization and cloud environments, the need for strong encryption and proper key management is critical. Due to all the recent and well-publicized data breaches, we all know about the ways your brand can be damaged if you don’t encrypt your data. This blog takes a look at the benefits of encryption, and three of the ways it can have a positive effect on your business.
Additional content: You’ll also discover that this is the third time in this Top-10 list that the eBook: The Encryption Guide is offered… so if you haven’t read it yet… what are you waiting for?