Dimension data helps police keep Tour de Yorkshi... » Tracking and data technology on police cars, motorcycles, and vans helped lead, surround, and follow... Al Murabit Security Services first Iraqi company... » Baghdad: Al Murabit Security Services (“AMS”) and its sister company Al Thaware Security Services (“... Optex Systems locks in $518,000 shipment to Brazil » RICHARDSON, TX: Optex Systems, Inc. has announced that it has completed its first shipments of its p... Schlemmer China receives technology award from D... » *Delphi Pinnacle Award 2016 Ningbo Schlemmer Automotive Parts Co., Ltd. has once again received a T... Carbon Black takes a NGAV leadership position wi... » Waltham, MA -- Carbon Black has announced its acquisition of Confer, a next-generation antivirus (NG... Barclays launches digital banking Hackathon with... » Barclays and MuleSoft Join Forces to Drive Innovation in Financial Services with APIs LONDON: Mule... Aeriandi expands scope of secure recording product... » OXFORD, UK and BOSTON, MA: Aeriandi has announced a new strategic partnership. The agreement will se... Comparitech.com tells VPN providers: Stop claimin... » LONDON, UK: Consumer security and privacy comparison and advice website, Comparitech.com, is calling... Pulse Workspace certified by Google for use with... » SAN JOSE, CALIF.: Pulse Secure, the leader in secure access solutions has announced certification of... KPMG LLP, Mindgrape, Grupo SIA and Softline Grou... » Maidenhead, U.K: Flexera Software has announced their 2015 Partner of the Year Awards. Accolades wer...

CLICK HERE TO

Viewpoints Header

It seems that this disk drive may have belonged to an analyst processing loan applications. It is likely that there was no need for the analyst to have access to full live data to meet the business need. So why was live data lost so easily – especially given the Canadian PIPEDA regulations that have been in place for more than 10 years?

Encryption is a non-negotiable requirement for sensitive data such as personal information. PIPEDA requires “appropriate security measures” to be in place when handling it. There clearly wasn’t any here. Sadly, in data breaches like this the knee-jerk reaction is to encrypt all disk drives. That only solves a fraction of the risk challenge of handling sensitive data like loan application records. The real risk is the data, not the disk or server. Data goes everywhere – so protection has to be with the data itself. That said, where else is this information at risk? Why was such a significant trove of sensitive data on a portable disk drive in the first place? Why was someone able to copy unprotected data from an application or database without the appropriate protection? The industry has now agreed that traditional defenses – protecting infrastructure or storage, doesn’t do enough to protect data across the end-to-end data lifecycle. Fortunately, a new best practice called data-centric security has emerged as the leading method to mitigate breach risks. Data-centric security makes it easy to protect data wherever it goes to avoid the costly ramifications of data breaches accidental or malicious, yet enabling the data’s use in a data-rich process: a win-win for the CISO, privacy compliance and the line of business consuming the data.

Through powerful breakthroughs in data protection technology, it’s now possible to maximise data use without increasing risk without exposing the “live” data to low trust environments that are common in today’s information supply chain. Data-centric security techniques such as Format Preserving Encryption (FPE) – NIST FFX mode AES, are establishing the new standards for information protection. FPE enables data to stay protected from capture without the pain and friction of traditional data-encryption methods by allowing the protected data to preserve the look and feel of the original data. If anyone steals the FPE protected data or it’s lost, it’s useless to the attacker, removing the need for costly breach remediation. So in this case, the data in the records of 500,000 load applications could have been protected as it was captured and consumed across the business process without exposure. With a data-centric approach nobody would be footing the bill for $650,000 of unnecessary spend as in this case.