Have any questions?


The Futurex Blog. News, Announcements and Much More.

Key Management Refresher: Checkbox Compliance

by Futurex on October 20th, 2014

For any organization managing encryption keys, the process of creating, maintaining, and improving a key management system can seem like a frustrating or even impossible task. These feelings of frustration often stem from a few prominent mistakes that frequently occur. Beyond simple annoyance with an inefficient system, key management mistakes can have a far more damaging effect: data breaches.   Fortunately, these mistakes are easily preventable with some instruction. In our whitepaper, Ten Key Management Mistakes…And How to Avoid Them, we discuss ten actions that can make or break a key management system.

“Wait, we have a data breach? But we passed our audit!”

Companies of every size and industry find themselves discovering data breaches months or even weeks after passing an audit. The shock when this happens is usually due to a common key management mistake: falling for “Checkbox Compliance.”

Checkbox Compliance is the belief that, once an auditor passes your IT infrastructure for compliance, your organization is golden until the next audit comes along. Unfortunately, data security doesn’t work that way. Any changes to your IT infrastructure between audits can represent a security risk, and with how fast technology moves, changes to IT infrastructure can occur daily. Upgrading technology is a good and necessary practice, but such updates still require proper monitoring to see how those changes affect the system.

This timeline represents an average organization that is audited once a year. As the scheduled audit approaches, the company beefs up its data security measures. Because of the increased security, the organization passes its audit. Armed with the knowledge that their infrastructure has been deemed “secure,” the company slowly becomes complacent, giving hackers more opportunities to infiltrate the system. Once the data breach is discovered, the PR nightmare begins. Time and resources have to be allocated to assuring the public that the company is dedicated to increasing security in the future. After implementing stronger policies, the organization is able to keep its data security strong.

The end result of the process was a strong IT infrastructure, but at what cost? From a financial standpoint, it makes much more sense to adequately fund data security at the beginning and avoid the high cost of a data breach altogether. However, simply pouring money into the IT department is not the key to avoiding data breaches. Investing in advanced and efficient technology to protect your data is an important first step, but as with any tool, it is how you use it that matters. Your infrastructure must be properly managed and monitored to remain secure.

The strength of data security depends on how you view it. If you view data security as a box that you check off your to-do list, you’re in trouble. Organizations must enforce the idea that data security is a journey, not a destination.

In short, follow these brief policies:

  • Be vigilant, looking for security risks at all times
  • Make security updates not just for the present, but also for the future
  • Have respect for industry experts, and leverage their knowledge often
  • View compliance as the minimum, not the end goal
  • Don’t cut corners with data security just to save money

Bookmark and Share

Data Security & Fraud Prevention Roundup – October 17th, 2014

by Futurex on October 17th, 2014

Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.

#1: Are You a Cybersecurity Expert? Then This Post Isn’t For You by Jeff Peters, Hacksurfer (October 10, 2014)

Not many of us can actually say that we are cybersecurity experts. In fact, most people feel overwhelmed by all of the security information that must be acquired in order to properly guard sensitive company data. However, Jeff Peters provides a simple breakdown of the most essential part of understanding cybersecurity.

#2: Data Protection Strategy to Secure Your Business by Jason Bowden, Business2Community (October 10, 2014)

Data security requires a multifaceted approach. When analyzing the strengths of your IT infrastructure, it’s best to consider every angle. Jason Bowden has broken down the process of enhancing data security into nine different areas.

#3: Mastering Security Analytics by Ericka Chickowski, InformationWeek Dark Reading (October 14, 2014)

Even if you have reliable data security services in place, having the wherewithal to know what to look out for with data attacks can become one of your biggest cybercrime fighting assets. In this article, Ericka Chickowski discusses why having “data smarts” is vital to protecting your company’s sensitive data.

#4: Agencies should pursue cloud for performance, not cost benefits, says report by Molly Bernhart Walker, FierceGovernmentIT (October 15, 2014)

As cost effective as the cloud can be, the real value of cloud services lies in the increased efficiency and functionality that it offers. A new whitepaper by the Advanced Technology Academic Research Center states that government agencies can utilize the cloud to great effect, but first must instigate policies that will change the culture of how the cloud is treated.

If you find something interesting that you’d like to see considered for our next Data Security & Fraud Prevention Roundup, don’t hesitate to let us know. We’re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to info@futurex.com, or share them with us on Twitter (@Futurex).

Bookmark and Share

Celebrating National Cybersecurity Awareness Month

by Futurex on October 13th, 2014

This October marks the eleventh year of National Cyber Security Awareness Month (NCSAM). This year’s theme is “Our Shared Responsibility”.

The initiative encourages us all to do our part by implementing stronger security practices, raising community awareness, educating young people, and training employees to follow measures to secure sensitive information. This year’s theme takes a particular focus on the personal responsibility that comes with constant Internet connectivity and how we can all help each other remain safe while connected.

Each week during October takes on a different focus, from simple awareness to more specific information technology practices, cybercrime prevention, and law enforcement.

Futurex is dedicated to showing its support by educating the public and clients about cyber security safety measures, and has been recognized as a “National Cyber Security Awareness Month Champion” by StaySafeOnline.org.

For more information about how you can get involved, assess your risk or the risk of your organization, and learn about implementing a cyber security plan, please visit StaySafeOnline.org.

Bookmark and Share

The Guardian9000: Monitoring, Alerting, Logging, & Reporting Capabilities

by Alex Hopkins on October 6th, 2014

Efficiently operating a compliant data security infrastructure isn’t easy. Typically, management activities require multiple administrators and key officers to regularly visit each cryptographic device, often spread between geographically-dispersed data centers. For many organizations these costs can quickly spiral out of control, but with the Guardian9000, the difficulty and expense of these management tasks can be substantially reduced.

The Guardian9000 is a secure, standards-compliant device designed for complete, centralized management of client Futurex devices. This means that the Guardian9000 can both monitor and configure virtually any type of Futurex device within an organization’s core cryptographic infrastructure.

While the Guardian9000 offers many exceptional features such as remotely updating firmware on managed devices, functioning as a load balancer, and enabling full system redundancy, it also offers customizable monitoring, alerting, logging, and reporting options for client devices through a single interface.

Check out our latest infographic below that explains some of the capabilities of each feature:

Bookmark and Share