The Futurex Blog. News, Announcements and Much More.
November 21st, 2014
For any organization managing encryption keys, the process of creating, maintaining, and improving a key management system can seem like a frustrating or even impossible task. These feelings of frustration often stem from a few prominent mistakes that frequently occur. Beyond simple annoyance with an inefficient system, key management mistakes can have a far more damaging effect: data breaches.Â Â Fortunately, these mistakes are easily preventable with some instruction. In our whitepaper, Ten Key Management MistakesâŠAnd How to Avoid Them, we discuss ten actions that can make or break a key management system.
Data security practices are seldom black and white. Rather, theyâre more like a scale of bad to best. Itâs easy to identify bad practices, but the problem organizations often face is settling for âgoodâ practices instead of striving for âthe best.â This problem usually originates from the belief that achieving the goals outlined by auditors in order to meet compliance means that their organization has done all it needs to do to enforce proper data security measures. The truth of the matter is that âcheckbox complianceâ is not the end goal. Itâs the bare minimum.
This is not a problem that can be solved simply by adding more boxes to the checklist. System administrators must learn to think critically about their IT infrastructures. Compliance mandates are by necessity very broad and overreaching, as there is no way to address every minute detail for every organization. It is up to your administrators to apply basic concepts to their specific infrastructure, analyzing the system and determining what additional actions need to be taken to fully protect their environment, instead of simply meeting the requirements and calling it quits.
How can administrators apply these concepts to their key management policies? Letâs think of actions in terms of the bad (things prohibited by auditors), the good (things recommended by auditors), and the best (things that go beyond the recommended approach).
Itâs obvious that using âPasswordâ as a password is a bad practice. Using a password such as âIlikesoccerâ significantly improves its strength, but donât stop there. Consider a truly secure password like âiL2plAs0cErâ. Yes, that password will be hard to remember, but thatâs where pass phrases can make things easier. Use a passphrase like âI like to play soccerâ to help you remember the password.
Most likely, your key management system requires dual control, but this security measure can be enhanced further with the use of dual factor authentication. Usually there are three types of authentication:
- Something you know, such as a password
- Something you own, such as a smart card
- Something you are, such as genetic factors like fingerprints or iris scans
Organizations recognize the importance of employee training, but how much value is placed on it? Instead of simply having a best practices training session once a year, hold engaging meetings on a regular basis, with varied content that isnât simply repeating the same information over and over again.
Want to know more about key management best practices? Download our whitepaper or contact us today.
Alex Hopkins on
November 17th, 2014
The Futurex Portal is a personalized resource designed to provide our customers and partners with easy access to a large, dynamic collection of information including user guides, technical documentation, and more. We have recently made a number of enhancements to the Portal to better fulfill customer and partner needs, including broader documentation, information on the VirtuCrypt Hardened Enterprise Security Cloud, and easier-to-use navigation system.
Futurex has a long-standing record of providing our users with support of the highest caliber. Our Portal is intended to continue that tradition, with our vast library of information and assistance available to our customers and partners whenever they need them. Within the Portal, users can effortlessly find specific material related to their Futurex products as well as a simplified Xceptional Support request form, regulatory compliance information, project management functionality for custom development initiatives, and much more.
We invite you to visit the Futurex Portal, register for an account, and explore the personalized material available for you.
November 14th, 2014
Our Data Security & Fraud Prevention Roundup contain links to the best data security and fraud prevention-related articles, blog posts, news releases, interviews, and anything else that we found interesting from around the web over the course of the last two weeks and our thoughts on them.
#1: 5 Essentials to Reduce Healthcare Data Breaches by HIT Consultant (November 7, 2014)
Healthcare organizations all over are being affected as data breaches threaten to compromise sensitive patient information. This article offers 5 steps that healthcare companies can take in order to avoid or reduce the likelihood of prevent data breaches.
#2: Network Firewalls as relevant to data security as ever by Warwick Ashford, Computer Weekly (November 11, 2014)
Network firewalls perform an important role in the enterprise IT ecosystem. In this article, Gil Shwed, CEO of Check Point, discusses the various ways in which firewalls can still help your organization combat data security breaches.
#3: Retailers Behind on Fraud Deterring Chip Technology CBS New York (November 12, 2014)
EMV cards offer up the prevention of data theft for consumers and are becoming more appealing as retailers are being breached. Many of these companies, however, have not yet implemented the technology necessary to use these secure smart cards in their POS systems, but why?
#4: The 4 Factors of Planning a Cloud Deployment by Karen Scarfone, FedTech Magazine (November 12, 2014)
So youâve decided to move your companyâs data to the cloud. Now what? The cloud certainly offers an increased level of convenience and cost-effectiveness, but data migration still requires careful consideration and planning. In this article, Karen Scarfone discusses four aspects of cloud deployment your organization should know about.
If you find something interesting that youâd like to see considered for our next Data Security & Fraud Prevention Roundup, donât hesitate to let us know. Weâre always on the lookout for new and interesting perspectives on data security news, issues, thoughts, and best practices. Send your best links to email@example.com, or share them with us on Twitter (@Futurex).
November 10th, 2014
Transport Layer Security (TLS) keeps our information safe by providing a way to secure and encrypt data used for important and sensitive tasks. TLS, which is the successor to SSL, can be used to establish an encrypted link between host servers or applications and endpoints. These endpoints can be any electronic device capable of TLS encryption, but is most commonly a device such as a computer, phone, tablet, or Point of Sale terminal. For many of us, TLS and SSL knowledge ends with ensuring the web address includes an âsâ at the end of âhttpâ when making an online purchase or logging into a website that contains a lot of personal information. Beyond that application, TLS encryption is capable of protecting all kinds of data.
Those with endpoint devices already supporting TLS encryption may find that their host application is incapable of reading TLS/SSL encrypted data. This means that data must be received as clear data, unencrypted, and is therefore much less secure. This is where the Futurex Kryptos TLS Server comes in. It acts as a kind of translator, encrypting or decrypting data as necessary for the host application. Hardware security module (HSM) solutions, like the Kryptos TLS Server, are capable of data encryption and decryption from a multitude of sources including: online transactions, POS terminals, encrypted e-mails or even just between two data centers. If the data is transmitted through TCP/IP, it is able to be securely processed by the Kryptos TLS Server.
This type of encryption process is sometimes called link encryption, where data is encrypted or decrypted at each end point (such as between a browser and a web server). The Kryptos TLS Server is a relatively easy way to add an extra level of security for processing your clientâs sensitive data. This level of security can significantly minimize risk from eavesdroppers or similar attacks on the data youâre looking to protect.
The following infographic details three scenarios:
- 1. There is no TLS/SSL encryption at the data creation point, and therefore the host application receives clear data. This leaves the data vulnerable, unencrypted, and not secure.
- 2. TLS/SSL encryption is possible, but the host application canât interpret the incoming data.
- 3. Kryptos TLS Servers decrypt incoming TLS/SSL encrypted data, and the data is unencrypted only on a secure local network, usually inside of a data center. The data is re-encrypted before it leaves, and remains protected.