The Futurex Blog. News, Announcements and Much More.
July 25th, 2014
Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.
#1: Beware Keyloggers at Hotel Business Centers by Brian Krebs, Krebs on Security (July 14, 2014)
Companies within the hospitality industry should evaluate the security of their guest computer systems. The newest trend among hackers is to put keylogging malware on hotel computers in order to obtain sensitive data from travelers.
#2: SEC Eyes Cyber-Security Planning by Ivy Schmerken, InformationWeek (July 22, 2014)
Cybersecurity has become a necessity for any organization and, in some cases, not just to protect sensitive company data. US Financial institutions will now have to be equipped with enough cybersecurity measures in order to pass the new US Securities and Exchange Commission (SEC) audits.
#3: Survey: Potential for undetected data breaches worries CFOs by Joel Griffin, Security Info Watch (July 23, 2014)
As data security breaches become more prevalent, it is important for companies to think about their priorities on protecting sensitive data. Joel Griffin explains in this article that data security should no longer be the sole responsibility of IT administration.
#4: Law Firm Creates Free Guide to Data Security For Businesses by Kevin Mahoney, Twin Cities Business (July 24, 2014)
If your organization finds data security laws somewhat hazy and unclear, help has arrived. Law firm Gray Plant Mooty has compiled a free guide that breaks down privacy and data security laws, both federal and global.
If you find something interesting that youâ€™d like to see considered for our next Data Security & Fraud Prevention Roundup, donâ€™t hesitate to let us know. Weâ€™re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to email@example.com, or share them with us on Twitter (@Futurex).
Alex Hopkins on
July 17th, 2014
Secure management of cryptographic keys has become a requirement for all organizations operating their own data security infrastructure. However, when making a critical decision based around protecting sensitive company data, knowing which key management solution to choose can be a bit confusing. Itâ€™s easier to tell the difference between the Futurex Securus and our other key management solutions due to its remote configuration and key management capabilities as well as its portability, but Futurex offers a wide variety of other key management servers with different functionalities designed for a range of needs.
In this post, I would like to break down the benefits of each Futurex FIPS 140-2 Level 3-validated key management solution so you can choose the server that would work best for your organizational desires:
Manufacturer-Class Certificate Authority Server (MCCAS) â€“ The Manufacturer-Class Certificate Authority Server is a secure, scalable, and easy-to-use solution for creating and storing high volumes of asymmetric key pairs for the encryption, decryption, signature, and validation of arbitrary data in a public key infrastructure (PKI). Using PKI, the MCCAS combines the strong physical security of FIPS 140-2 Level 3-validated hardware with an efficient system for covering all stages of the certificate lifecycle within large-scale manufacturing environments. The MCCAS also has the ability to securely and directly inject private keys into electronic devices during the assembly process. The MCCAS is ideal for organizations needing to perform bulk signing, validating, and certificate tracking at the manufacturing level.
RKMS Series â€“ The RKMS Series Remote Key Management Server provides remote management and distribution of cryptographic keys for ATM and Point of Sale (POS) terminals. The RKMS Series handles a broad range of encryption and key management functions including key generation, distribution, deletion, and tracking. It remotely disperses both symmetric and asymmetric encryption keys over a secured IP network, which allows management of keys from a single location and removes the costly and time-consuming process of having to manually input keys. The RKMS Series also offers Certificate Authority management as well as allows the ability to design templates and print secure key mailers. The RKMS Series is ideal for organizations needing to manage and perform remote key injections for POS terminals or ATMs.
KMES Series â€“ The KMES Series Key Management Enterprise Server is a general purpose solution used to create and store symmetric and asymmetric key pairs for encrypting and decrypting data as well as signing and validating anything that relies on a PKI, including certificates, firmware updates, code, electronic devices and other items requiring a digital signature. Full key and certificate lifecycle management is built directly into the KMES Series, with support for all major key types, algorithms, and protocols. The KMES Series also supports key component printing and enables users to create specific templates for varying needs through a template designer system. The KMES Series is ideal for organizations across a wide range of industries needing custom solutions for general purpose key management requirements.
SKI9000 â€“ The SKI9000 Secure Key Injector provides a cost-effective, all-in-one security solution designed for loading, managing, and storing POS encryption keys. The SKI9000 manages symmetric encryption keys and consolidate them into one centralized key injection solution, which helps to eliminate the cumbersome process of performing more key loading ceremonies than are necessary. It is also capable of injecting keys into up to sixteen POS devices at one time.The unique design and graphical user interface of the SKI9000 makes key injection as simple as point-and-click. It also includes the capability of injecting more than one type of key at a time. The SKI9000 is ideal for organizations needing to directly inject encryption keys into POS terminals.
Still unsure which key management server is right for your organization? Our Xceptional Support team is available to answer any questions you may have about these standards-compliant solutions.
July 11th, 2014
Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the prior week and our thoughts on them. In this special version of our roundup, weâ€™re focusing on one topic in particular: cloud computing.
#1: 5 Ways in Which the Cloud is More Secure by Joshua Hold, eUKhost (July 7, 2014)
Thereâ€™s lots of talk from security officials about the cloud right now. Many mention that the cloud is secure, but is it safer than other means of data security measures? If so, how? This article explains in great detail the benefits of using the cloud over typical data security practices for all industries across the board.
#1: 6 Key Considerations for Planning Your Move to the Cloud by Ajit Melarkode, InformationWeek (July 7, 2014)
Choosing the right cloud service for your organization can be quite daunting, especially if you arenâ€™t aware of the different services and benefits offered by cloud providers. Though this article targets Indian enterprises, the information is both helpful and applicable to other companies around the world.
#2: A Secure Cloud: Reality, or Rainbows and Unicorns? by Esther Shein, CIO (July 9, 2014)
As often data breaches happen, you may find yourself wondering if a truly secure cloud is even possible. Esther Shein says that cloud security CAN be a reality, but itâ€™s not a one-way street. Both cloud providers and organizations must work to maintain security by following the list of best practices Shein outlines in this article.
#3: Plenty More Cloud Innovations Are Still to Come by Michael Brown, MSPmentor (July 10, 2014)
Think that the cloud has hit the ceiling when it comes to innovation? Think again. Michael Brown discusses three ways the potential of the cloud has barely been tapped, bringing more efficiency and profitability for organizations.
#4: Cloud storage vs. external hard drives: Which really offers the best bang for your buck? by Ben Taylor, PCWorld (July 10, 2014)
When it comes to choosing whether cloud storage or external hard drives are the best option for your organization, you need to consider every factor. Fortunately, Ben Taylor has done the research for you; in this article, he breaks down pricing, service offerings, and organizational needs.
If you find something interesting that youâ€™d like to see considered for next weekâ€™s Data Security & Fraud Prevention Roundup, donâ€™t hesitate to let us know. Weâ€™re always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to firstname.lastname@example.org, or share them with us on Twitter (@Futurex).
July 7th, 2014
For any organization managing encryption keys, the process of creating, maintaining, and improving a key management system can seem a frustrating or even impossible task. These feelings of frustration often stem from a few prominent mistakes that frequently occur. Beyond simple annoyance with an inefficient system, key management mistakes can have a far more damaging effect: data breaches.Â Â Fortunately, these mistakes are easily preventable with some instruction. In our whitepaper, Ten Key Management Mistakesâ€¦And How to Avoid Them, we discuss ten actions that can make or break a key management system.
Maybe youâ€™re attempting to develop a key management network from scratch, or perhaps youâ€™re simply looking for ways to improve your network architecture. Whatever the current status of your network, there are some questions you should ask yourself. Knowing the answers to these questions will enable you to take action to improve your organizationâ€™s network architecture, making it more efficient and resilient to threats.
1: Are you utilizing all your resources?
Key management is not a simple task. If youâ€™re scraping by with the bare minimum of funding, employees, and technology, the odds are that your network is not as strong as it should be.
2. Are you planning for the future?
Technology is constantly evolving, and key management is no exception to that rule. If your network architecture is not scalable for growth in the future, it will end up costing your organization not just in terms of purchasing new equipment, but also in terms of time, efficiency, and even reputation.
3. Are you protected against â€śoopsâ€ť moments?
If a tired technician spills coffee into a primary network switch, your failsafe plan should be ready to go. Your organization cannot afford to have its key management system offline for an undetermined amount of time. If your network infrastructure does not have a backup plan that kicks in automatically, consider the following:
4. Are you consulting experts?
You may be your organizationâ€™s tech guru, but no one person can ensure the success of a key management network. Reach out to experts who specialize in your industry; their entire job is to completely understand network architecture and offer guidance on how to improve it to meet compliance and enhance security.
A thorough analysis of your network architecture may lead to the discovery of some serious data security risks. Still unsure of how your key management architecture can be improved? We can help. Our Solutions Architects specialize in designing solutions that are right for your needs.